Distributing 802.1X Settings to your Clients

Distributing 802.1X Settings to your Clients

By CWNP On 09/09/2010 - 20 Comments

Businesses and organizations should use Enterprise-level Wi-Fi Protected Access—preferably WPA2 with AES encryption—to secure their WLAN, which requires the use of a RADIUS server for the 802.1X authentication. However, you'll probably find that configuring the end-users is a road-block, or at least a big speed bump, to your 802.1X implementation. As the owner of a hosted 802.1X service, I see this problem daily. In Windows you can't simply just connect to these types of networks—you must preconfigure the 802.1X settings. You'll likely see an increase in trouble calls and visits to the help desk.

Although 802.1X can be a nuisance to configure, it is an essential part of Wi-Fi security. So I’ll share a few ways to preconfigure the network and authentication settings on the clients. This will help alleviate some of the stress from the end-users and help desk staff.

If you’re running a domain network with Windows Server and Active Directory, try pushing the network profiles to the computers using Group Policy. If you’re running Windows Server 2003, bring up the Group Policy snap-in on the Microsoft Management Console (MMC) and navigate to Computer Configuration > Security Settings. If you’re running Windows Server 2008 or 2008 R2, use the Group Policy Management Console (GPMC) and navigate to Computer Configuration > Policies > Windows Settings > Security Settings. Once you’re there, create a Wireless Network (IEEE 802.11) Policy and create a preferred network entry.

Keep in mind, Group Policy won’t communicate with  Mac or Linux machines, or end-users that are working from their own computers and devices. In these cases (or if you aren’t running a Windows Server), consider using a third-party solution. XpressConnect from Cloudpath Networks and Quick1X from Avenda Systems are two examples.

Actually, I recently did an independent review on both of these solutions, as part of my freelance writing. You can check out both the XpressConnect review and Quick1X review at EnterpriseNetworkingPlanet.

These solutions let you define the network settings and generate a client wizard which automatically configures end-user computers, and possibly mobile phones. Then you can setup a captive portal on your network where unconfigured users are asked to download and run the wizard. Voilà, they’re secured without getting frustrated or calling the IT department. Another option is to hand out this wizard on USB drives and CDs, or offer as a download on your website.

Good luck on your 802.1X implementation!

Eric Geier is the founder and CEO of NoWiresSecurity, which provides a hosted RADIUS service for 802.1X authentication. He is also a freelance tech writer and has authored several books from major publishers like Cisco Press and For Dummies.

Tagged with: 802.1X, radius, Group Policy, Cloudpath, Xpressconnect, Avenda

0 Responses to Distributing 802.1X Settings to your Clients

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

-Darren
Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

-Ben
Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

-Glenn
Read More