I
RON
S
HIELD
W
HITE
P
APER
W
HITE
P
APER
: 802.1X P
ORT
A
UTHENTICATION
W
ITH
M
ICROSOFT
’
S
A
CTIVE
D
IRECTORY
Written By: Philip Kwan
March 2003
March 2003
©2003 Foundry Networks, Inc.
Version 1.0.0
All Rights Reserved.
I
RON
S
HIELD
W
HITE
P
APER
W
HITE
P
APER
: 802.1X P
ORT
A
UTHENTICATION
W
ITH
M
ICROSOFT
’
S
A
CTIVE
D
IRECTORY
Summary
Microsoft’s Active Directory service is one of the most popular authentication directories in use today. This white
paper describes Foundry’s 802.1X Port Authentication feature and how it works with Microsoft’s IAS server to
create a seamless authentication environment for Active Directory installations.
Contents
NOMENCLATURE ..................................................................................................................................................................3
RELATED PUBLICATIONS...................................................................................................................................................3
TRADEMARKS ........................................................................................................................................................................3
802.1X PORT AUTHENTICATION BASICS........................................................................................................................4
MICROSOFT’S IAS SERVER ................................................................................................................................................5
S
AMPLE
IAS I
NSTALLATION
....................................................................................................................................................5
IAS I
NSTALLATION
P
ROCEDURE
..............................................................................................................................................6
CONFIGURING 802.1X PORT AUTHENTICATION .......................................................................................................13
O
THER
802.1X C
OMMANDS
...................................................................................................................................................14
M
ULTIPLE
H
OST
S
ITUATIONS
.................................................................................................................................................14
CONFIGURING WINDOWS CLIENTS..............................................................................................................................15
T
ESTING
T
HE
C
LIENT
C
ONNECTION
.......................................................................................................................................16
A
DDITIONAL
T
IPS
...................................................................................................................................................................17
O
THER
802.1X C
LIENTS
T
ESTED
............................................................................................................................................17
CONFIGURING FOUNDRY’S DYNAMIC VLAN FEATURE.........................................................................................18
C
ONFIGURING
VLAN G
ROUPS
...............................................................................................................................................19
C
ONFIGURING
R
EMOTE
A
CCESS
P
OLICIES
..............................................................................................................................19
CREATING PORT-BASED VLANS.....................................................................................................................................24
TESTING THE DYNAMIC VLAN FEATURE ...................................................................................................................24