This checklist provides the tasks required to deploy 802.1X authenticating switches with Network Policy Server (NPS).
| Task | Reference |
|---|---|
|
Install and configure 802.1X authenticating switches on your network. |
RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation |
|
Determine the authentication method you want to use. |
RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; EAP Overview; PEAP Overview; and your hardware documentation |
|
Autoenroll a server certificate to servers running NPS or, if you are using Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) only, optionally purchase a server certificate rather than deploying your own CA. |
Deploy a CA and NPS Server Certificate and |
|
If you are using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain member client computers. |
Deploy Client Computer Certificates; Deploy User Certificates |
|
Configure 802.1X wired access clients by using the Group Policy Management extension, Wired Network (IEEE 802.3) Policies. |
Configure 802.1X Wired Access Clients by using Group Policy Management |
|
Configure 802.1X authenticating switches as Remote Authentication Dial-In User Service (RADIUS) clients in NPS. |
|
|
Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the switches. |
|
|
In NPS, configure one or more network policies for 802.1X switch access. |
Add a Network Policy; Create policies for 802.1X Wired or Wireless with a Wizard; and Network Policies |