Home - Cisco Community



Configure the Windows Native Supplicant:The information in this portion of the configuration guide is relevant to configure Windows XP SP3, Windows 7 SP1 and Windows 8.? How to access the Control Panel and Network Properties vary by release.? Also while the wired configuraiton is covered in this guide the authentication settings are also relevant to a wireless configuration.? If at any point a configuration step below can not be configured because the option is grayed out make sure that the logged in user has administrator permission and that there is no Group Policy configured to push configuration to clients for the adapter.? This document covers a test case, deploying certificates and client configuration through Group Policy is not covered by this document.?1) Enable the Windows Wired AutoConfigBring up the services panel and double click Wired AutoConfigSet the Startup type: to Automatic, start the service then click OK.2) Import this ISE Root CA Certificate (If not using a well know Certificate Authority)Copy the Root CA Certificate to the computer and open it.Under General click Install Certificate, the Certificate Import Wizard will launch, click Next.Keep Automatically select the certificate store based on the type of certificate and click Next, then click Finish.? This will add the Root CA to the User's Certificate Store.Bring up the Microsoft Management Console (Windows 7 and Windows XP go to Start -> Run, on Windows 8 hover the mouse over the bottom left of the screen, right click the mouse and choose Run).? Type mmc to bring up the Microsoft Management Console.Go to File -> Add/Remove Snap-in, select certificates and click Add then choose "My user account", click Finish.Select certificates and click Add again, choose Computer Account then click Next.? Select Local computer and click Finish.Click Ok and under Console Root the two certificate stores should be listed.Expand Certificates - Current User -> Trusted Root Certification Authorities -> Certificates, find the desired Root CA and copy it.? Expand Certificates (Local Computer) -> Trusted Root Certification Authorities -> Certificates and paste the Root CA.? The Root CA certificates should now be in both the User and Machine store.3) Enable 802.1x Authentication on the wired adapter.? (The Authentication settings also apply to wireless).Bring up the Control Pannel -> Network and Sharing Center -> Change Adapter Settings and bring up the wired adapter properties.With the Wired AutoConfig service enabled there is now an Authentication tab, choose this.?Enable IEEE 802.1X authentication should be checked.The network authentication method needs to be set to Microsoft: Protected EAP (PEAP)Remember my credentials is an optional setting.Fallback to unauthorized network access must be selected if the computer will be connected to both 802.1x and non-802.1x networks.?4) Configure PEAPSelect Settings to the right of PEAP.Verify the server's identity by validating the certificate should be checked as long as the ISE is using a public CA or the Root CA certificate has been imported on the client.? By verifying the server man in the middle attacks are prevented.Connect to these servers allows the admin to specify what RADIUS servers to connect to.? The setting is compared to the CN of the ISE certificate to see if the user is connected to a permitted server, this further prevents man in the middle attacks.By default the supplicant will allow connection to any server that has a certificate signed by any globally trusted Root Certification Authority.? This can be further limited by selecting the desired Root CA authority in the list.Select Secured password (EAP-MSCHAPv2) to use password based authentication in this example.Fast reconnect can be enabled if it is also enabled to reduce the number of EAP messages needed in the re-authentication exchange.5) Configure Password settingsSelect Configure to the right of (EAP-MSCHAPv2), If this option is selected then the username/password used to log into windows will also be used for PEAP authentication.?Click Ok twice to return to the main authentication settings page.6) Configure Single Sign-on and Authentication ModeSelect Additional Settings?Specify authentication mode allows the administrator so select if User, Machine, or Both are desired.Single sign-on settings are also configured here, it is often desired to perform authentication immediately before user logon if startup scripts or group policy is used.? This ensures that the network is ready when startup scripts are being run.? ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download