RADIUS SERVER CONFIGURATION • Pre-installed Assumptions • Windows 2008/2012 Server • Active Directory Role Installed • Active Directory Certificate Services Installed • Network Policy Server Installed
RADIUS SERVER CONFIGURATION • Configure the Network Policy Server • From the Getting Started page select “RADIUS server for 802.1X Wireless or Wired Connections” the click “Configure 802.1X”
RADIUS SERVER CONFIGURATION • Set Type of 802.1X connection to “Secure Wireless Connections” • Give the policy a name that is descriptive of the AD group the policy will apply to and click Next.
RADIUS SERVER CONFIGURATION • Add the arrays in your network as Radius clients and define a shared secret. It is recommended to use the same shared secret for all arrays. Click Next when finished • You can add an entire subnet using CIDR notation. • 10.200.1.0/24 = 10.200.1.0 mask 255.255.255.0
RADIUS SERVER CONFIGURATION • Right click on the Xirrus Staff Policy and select Properties • Click on the Settings Tab and select Standard RADIUS Attributes • Add the following Attributes (First 2 should already exist) • Framed-Protocol = PPP • Service-Type = Framed • Tunnel-Type = VLAN • Tunnel-Medium-Type = 802 • Tunnel-Pvt-Group-ID = vlan id that group should be placed in • Apply and click OK
RADIUS SERVER CONFIGURATION • Create more Radius policies for each group of users to be supported on the wireless network • Use the Duplicate Policy feature to copy the features of one policy into another (Right click policy to be duplicated). • Modify the new policy to include the proper AD group and change the Tunnel-Pvt-Group-ID to match the appropriate VLAN
TIPS AND RECOMMENDATIONS • Use Dynamic VLANs in any environment that utilizes WPA2 802.1X authentication • Reducing the number of SSIDs increases wireless network performance • Use Dynamic VLANs in combination with Xirrus Groups for granular firewall/QoS/Application Control features on a per user or device basis.