IEEE
802.1x standards define an effective framework for controlling and
authenticating clients to a wired or wireless protected network—in this
case a NAP infrastructure. These standards define port-based
authentication on supported devices. These devices could be switches or
wireless access points that support the IEEE 802.1x standard. The IEEE
standard is significant it has been accepted by hardware and software
vendors—their products will be designed with the standards in mind.
What does this mean for you and me? All hardware that is 802.1x based
should work with RADIUS and NAP.
An 802.1x deployment consists of three major components that allow for the authentication process to work correctly (see Figure 17).
Supplicant a device that requests access to our network and is connected via a pass-through authenticator.
Pass-through authenticator a switch or access point that is 802.1x compliant.
Authentication server
when the supplicant connects to the pass-through authenticator, the
request is passed to the authentication server by the pass-through
authenticator. The authentication server decides whether the client is
granted access or denied.
Authentication
is handled using the Extensible Authentication Protocol (EAP). EAP
messages used in the authentication process are transmitted between the
supplicant and pass-through authenticator using EAP over LAN (EAPoL).
The pass- through authenticator talks to the RADIUS using RADIUS
messages and EAP.
When
NAP uses IEEE 802.1x, the authenticating pass-through authenticator
uses the RADIUS protocol. NPS instructs the pass-through authenticator
(wireless access-point or switch) to place supplicants that are not in
compliance with NPS into a restricted network. The restricted network
could be a separate VLAN or a network with IP filters in place to
isolate it from the secured network.
Tip
While
studying for this exam, keep a list of new terms written down
somewhere. This step will make for a great review tool on test day.
Also, notice in the last section we used terminology like supplicant
instead of computer or device. Always use the Microsoft terminology
when studying—it will benefit you later!
In this exercise, we are going to configure a Windows Vista client authentication method.
1. | Click Start, right-click Network and then Properties.
| 2. | Click Manage network connections.
| 3. | Right-click Local Area Connection and then click Properties. See Figure 18.
| 4. | Click the Authentication tab and verify that Enable IEEE 802.1x authentication is selected.
| 5. | Click Setting. See Figure 19.
| 6. | In the Protected EAP Properties dialog box, clear the Enable Fast Reconnect check box and verify that only the following check box is selected—Enable Quarantine checks.
| 7. | Close all property sheets.
|
|
Tip
When
you get to the test center and check in, you will be taken to your
workstation and given an erasable board or paper. Use this to your
advantage. Before you begin the examination, write down any network
designs or acronyms you are afraid that you may forget.