using radius within the framework of the school environment charles bolen systems engineer december...
TRANSCRIPT
![Page 1: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/1.jpg)
MICROSOFT RADIUS SERVERUsing RADIUS Within the Framework of the School Environment
Charles BolenSystems Engineer
December 6, 2011
![Page 2: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/2.jpg)
What is Our Goal?• Protect our wireless networks
Security Liability Control Bandwidth usage
![Page 3: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/3.jpg)
What is RADIUS?• Remote Authentication Dial In User Service• Developed in 1991 – Mature Protocol• Client/Server protocol running at the Application
Layer
![Page 4: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/4.jpg)
The 3 Functions of RADIUS (AAA)
• Authentication of Users or Devices BEFORE they connect to the network
• Authorization of Users or Devices for Network Usage (Access Reject or Access Accept)
• Accounting for usage of services (AAA Transaction)
![Page 5: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/5.jpg)
Who Are the Players?• Laptops, iPhones, iPads, Android Devices,
Workstations• Access Point, Network Switch (RADIUS Client)• Wireless Controller (RADIUS Client)• Network Policy Server (NPS) (RADIUS Server)• Domain Controller (Active Directory)• Active Directory Certificate Services• Group Policy• DHCP• DNS
![Page 6: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/6.jpg)
Required Components• Domain Controller (2008 R2 Enterprise)
(Limited functionality with 2003)
• AD Certificate Services*
2003 Server this is simply called Certificate Services
• Network Policy Server*
2003 Server this is called IAS (Internet Authentication Server)
• DHCP and DNS
• Access Points that support 802.1x
(All Cisco LWAP’s and AP’s on WVTFS contract sold by Pomeroy)(Additional antennas recommended for Cisco 1200 series not sold by Pomeroy if unit only has 1 2.5 GHz and/or 1 5.0 GHz antenna)
• Cisco Wireless LAN Controller (WLC) 4400 series & 5500 series
2100 series supported, but only for smaller scale implementations (100 MB interface is a limiting factor)
![Page 7: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/7.jpg)
How Do Clients Get Certificates?
• Domain computers Group policy will push the certificates to the client May take up to 20 minutes (per Microsoft) Can speed process with ‘gpupdate /force’ New domain members need connected to wired network
when joined to domain
![Page 8: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/8.jpg)
How Do Clients Get Certificates?
• Non-Domain members and non-MS devices Enter username and password for machine
authentication
Wireless LAN Controller relays authentication request to the RADIUS server
Access is granted based on Active Directory privileges
![Page 9: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/9.jpg)
Basic Configuration• Configure RADIUS
Client component on Cisco Wireless LAN Controller Server component on Network Policy Server
• Install Certificate Services• Install Network Policy Server(s) Certificate• Group Policy is Configured
Push certificates to workstations Push Wireless Policy to workstations
• Create Wireless Access group, add computers• Configure Network Policies on NPS
![Page 10: Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d945503460f94a7bafb/html5/thumbnails/10.jpg)
Additional Technical Questions
Charles Bolen – [email protected]
Michael Shank – [email protected]
THANK YOU FOR YOUR TIME