This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1x authentication with NPS policies- Windows Server 2016

Vásquez_Fer
Moderator
Moderator

‎07-12-2023 09:55 AM - edited ‎07-12-2023 10:24 AM

This a demo for essential configuration steps to authenticate wireless clients using 802.1x- Unleashed by configuring NPs policy on a Windows server.

1- Make sure the server has the necessary basic features installed.

Vsquez_Fer_0-1689180226617.png

 

Vsquez_Fer_1-1689180226621.png

 

2-Navigate to the Network Policy Server tab, access NPS (local), and choose the 'Radius server for 802.1x' option for both wireless and wired connections. Finally, select 'Configure 802.1x'

Vsquez_Fer_2-1689180226625.png

3-In this step, select 'Secure wireless connections' and customize the policy name to your preference. In this case, append 'DEMO' at the end of the policy name.

Vsquez_Fer_3-1689180226627.png

Vsquez_Fer_4-1689180226629.png

4-In this step, you need to configure the Radius Client by providing a friendly name, entering the IP address of the master Access Point, and optionally setting a password or using a password generation tool. Remember to save this configuration as it will be used in Step 9.

Vsquez_Fer_5-1689180226630.png

5-In this step, choose 'Microsoft Protect EAP (PEAP)' as the network access method

Vsquez_Fer_6-1689180226631.png

6- Next, leave the remaining options at their default settings, and conclude the configuration by clicking on the 'Finish' button.

Vsquez_Fer_7-1689180226632.png

Vsquez_Fer_8-1689180226633.png

Vsquez_Fer_9-1689180226635.png

7-Configure the “Connection Request Policies”

To configure the connection request policy, navigate to the 'Policies' section. Then, access the 'Connection Request Policy' folder and locate the policy is created with the same name. Double-click on it to access its properties. In the 'Properties' window, navigate to the 'Conditions' tab. Remove the 'Current' condition and any others if present. Add the 'Time' condition and select 'Permit all time'. Finally, click 'Apply' and then 'OK' to save the changes.

Vsquez_Fer_10-1689180226637.png

Vsquez_Fer_11-1689180226638.png

Vsquez_Fer_12-1689180226640.png

Vsquez_Fer_13-1689180226642.png

Vsquez_Fer_14-1689180226643.png

Vsquez_Fer_15-1689180226644.png

Vsquez_Fer_16-1689180226648.png

8-Configure Network policies

To configure the Network Policies access to “Network Policy” folder and locate the policy is created on the folder and locate the policy is created with the same name. Double-click on it to access its properties. In the 'Properties' window for this example, I choose to ignore the user properties dial and proceed to the 'Conditions' section. Here, I add the 'User Groups' option to use the Active Directory users.

Vsquez_Fer_17-1689180226652.png

Vsquez_Fer_18-1689180226654.png

Vsquez_Fer_19-1689180226655.png

Vsquez_Fer_20-1689180226658.png

Vsquez_Fer_21-1689180226661.png

In this part, you have the option to either use an existing group and its users or create a new group along with its users.

Optional step

How to create a group and users

Navigate to the Active Directory of users and computers, then left-click on it. Next, select 'New,' followed by 'Group,' and proceed to fill in the required information.

Vsquez_Fer_22-1689180226665.png

Vsquez_Fer_23-1689180226666.png

How to create an user

Navigate to the Active Directory of users and computers, then left-click on it. Next, select 'New,' followed by 'user’, and proceed to fill in the required information (username and password ).

In this case, we need to edit the 'Member of' properties of this user. Since I want this user to belong to the earlier created 'DEMO' group, we navigate to the user's properties, specifically the 'Member of' section. Subsequently, we add the group and configure it as the primary group.

Vsquez_Fer_24-1689180226670.png

Vsquez_Fer_25-1689180226670.png

Vsquez_Fer_26-1689180226671.png

Vsquez_Fer_27-1689180226676.png

Vsquez_Fer_28-1689180226677.png

Continue with the network policies configuration next, we will select the desired group and proceed to the 'Constraints' tab. Here, we will add CHAP as the authentication method.

Vsquez_Fer_29-1689180226680.png

Vsquez_Fer_30-1689180226682.png

Vsquez_Fer_31-1689180226684.png

Vsquez_Fer_32-1689180226687.png

9-Unleashed Configuration

In the Unleashed configuration, navigate to 'Admin and Services' and then 'Services.' Click on the plus (+) sign to add the RADIUS server and fill in the information based on the configuration we completed in Step 4. Ensure that the IP address points to the RADIUS server.

Vsquez_Fer_33-1689180226689.png

Vsquez_Fer_34-1689180226691.png

Vsquez_Fer_35-1689180226695.png

10- WLAN Creation

Navigate to 'Wi-Fi Networks' and select the tab for creating a wireless network. Fill in the necessary information accordingly. In this step, the only addition is to include the server that we created in Step 9 as the authentication server.

Vsquez_Fer_36-1689180226698.png

Vsquez_Fer_37-1689180226701.png

11-Wireless Client

After creating the wireless network, it's important to check the connectivity. Connect to the network and when prompted, enter the credentials of the created DEMO-USER along with the corresponding password. If the credentials match, you should be able to connect to the network without any issues.

Vsquez_Fer_38-1689180226715.png

Vsquez_Fer_39-1689180226724.png

Vsquez_Fer_40-1689180226743.png

 

 

 

1 REPLY 1

Mayank
RUCKUS Team Member

‎07-26-2023 08:20 AM

Thanks a lot for such a amazing explanation !!!!

Copyright © 2024 Khoros, LLC