Environment Introduction:
Ad one, containing CA Certificate Services
RADIUS member Server One
AP Multiple Units
Customer computers more than one
Premise: The Enterprise Domain root certificate service is installed and configured on the ad, the process is slightly, you can refer to the following file:
http://ericfu.blog.51cto.com/416760/1624791
1. Join the RADIUS server to the domain and log in as a domain account to start, run MMC
650) this.width=650; "height=" "title=" clip_image001 "style=" border:0px; "alt=" clip_image001 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c7/wkiom1u2cqyh27xraadu8stlcwk057.jpg "border=" 0 "/>
2. Add native certificate management tools
650) this.width=650; "height=" 297 "title=" clip_image002 "style=" border:0px; "alt=" clip_image002 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c3/wkiol1u2daicvg6baadplslpd1a554.jpg "border=" 0 "/>
650) this.width=650; "height=" 364 "title=" clip_image004 "style=" border:0px; "alt=" clip_image004 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c3/wkiol1u2damx0clpaagtcqueag0261.jpg "border=" 0 "/>
650) this.width=650; "height=" 395 "title=" clip_image005 "style=" border:0px; "alt=" clip_image005 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c7/wkiom1u2cq6jvwuqaaejojnlfiq911.jpg "border=" 0 "/>
3. Open Personal Certificate
650) this.width=650; "height=" 380 "title=" clip_image007 "style=" border:0px; "alt=" clip_image007 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c7/wkiom1u2cq-ch22paad8bpiqfpi118.jpg "border=" 0 "/>
4, in the blank place right click, apply for a certificate
650) this.width=650; "height=" 382 "title=" clip_image009 "style=" border:0px; "alt=" clip_image009 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c7/wkiom1u2crdaubokaafaixpjiga596.jpg "border=" 0 "/>
5. Next step and next step
650) this.width=650; "height=" 406 "title=" clip_image011 "style=" border:0px; "alt=" clip_image011 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c3/wkiol1u2dazin6nuaaemlhb3pzm092.jpg "border=" 0 "/>
6, the system automatically find the current type of certificate can be applied, if there are many, please select only the computer, and then click Register
650) this.width=650; "height=" 401 "title=" clip_image013 "style=" border:0px; "alt=" clip_image013 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c3/wkiol1u2da2ruwhsaadtenfqkte563.jpg "border=" 0 "/>
8, automatic completion of the certificate application!
650) this.width=650; "height=" 404 "title=" clip_image015 "style=" border:0px; "alt=" clip_image015 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c3/wkiol1u2da6taziyaadqtbvfp7o242.jpg "border=" 0 "/>
9, the certificate management interface can see the certificate has been generated, normal should be displayed as a level two certificate, there will be an Enterprise domain root certificate
650) this.width=650; "height=" 314 "title=" clip_image017 "style=" border:0px; "alt=" clip_image017 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c3/wkiol1u2da6zzirzaaeufsltkko923.jpg "border=" 0 "/>
10. Add the NAP role in Server Manager
650) this.width=650; "height=" 396 "title=" clip_image019 "style=" border:0px; "alt=" clip_image019 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c3/wkiol1u2da_qs2h6aaffslgfkpa683.jpg "border=" 0 "/>
11. After the add is complete, open the NPS management console, under Standard Configuration, select: RADIUS Server for 802.1x Wireless or Wired Connections
650) this.width=650; "height=" 395 "title=" clip_image021 "style=" border:0px; "alt=" clip_image021 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c3/wkiol1u2dbdxancnaafmrdeowii955.jpg "border=" 0 "/>
12. Select: Secure Wireless Connections
650) this.width=650; "height=" 564 "title=" clip_image022 "style=" border:0px; "alt=" clip_image022 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c3/wkiol1u2dbgj4fxmaahxotaebvk956.jpg "border=" 0 "/>
13. Add RADIUS client devices, that is, a wireless AP that needs to be configured with RADIUS authentication
650) this.width=650; "height=" 559 "title=" clip_image023 "style=" border:0px; "alt=" clip_image023 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c3/wkiol1u2dblge2rhaafivhxglwk457.jpg "border=" 0 "/>
14. Enter the AP's device name, IP address, AP and RADIUS server prior to authentication required password, after configuring AP required, can repeatedly add multiple APs, after completing the next
650) this.width=650; "height=" 595 "title=" clip_image024 "style=" border:0px; "alt=" clip_image024 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c3/wkiol1u2dbpr-6k0aaiolzgjq7k910.jpg "border=" 0 "/>
15. Choose the authentication method PEAP
650) this.width=650; "height=" 580 "title=" clip_image025 "style=" border:0px; "alt=" clip_image025 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c3/wkiol1u2dbsbc0laaaevgs4ffb0854.jpg "border=" 0 "/>
16, choose a good, to click on the configuration, view EPAP information, confirm the current use of the certificate, is the certificate requested in step 9!
650) this.width=650; "height=" 401 "title=" clip_image026 "style=" border:0px; "alt=" clip_image026 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c3/wkiol1u2dbtsq2quaagebac6fz4876.jpg "border=" 0 "/>
17. Add a user or group that allows RADIUS authentication, you can select the ad group you want, here I select all domain Users
650) this.width=650; "height=" 564 "title=" clip_image027 "style=" border:0px; "alt=" clip_image027 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c3/wkiol1u2dbxdbc_-aafr0n_cttu382.jpg "border=" 0 "/>
18, direct next, complete!
650) this.width=650; "height=" 563 "title=" clip_image028 "style=" border:0px; "alt=" clip_image028 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c7/wkiom1u2crrynmdoaahn0bnitpc641.jpg "border=" 0 "/>
650) this.width=650; "height=" 566 "title=" clip_image029 "style=" border:0px; "alt=" clip_image029 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c7/wkiom1u2crvqsc7gaah30wjqnws108.jpg "border=" 0 "/>
19, after completion, back to the NPS Management window main interface, open nps\policies\network policies, you can see just configured successfully: Secure Wireless Connections, double-click Open, go to constraints, Empty the options in the Red box
650) this.width=650; "height=" 462 "title=" clip_image031 "style=" border:0px; "alt=" clip_image031 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c7/wkiom1u2crzj6ttjaagcjrj9rgs374.jpg "border=" 0 "/>
20, into the settings, you can choose to delete PPP
650) this.width=650; "height=" 484 "title=" clip_image033 "style=" border:0px; "alt=" clip_image033 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c7/wkiom1u2cr3y3to1aago2kzztok775.jpg "border=" 0 "/>
21, confirm the exit, to this Windows side of the RADIUS configuration is complete, the following two types of APS for example, for the RADIUS authentication configuration in the Wi-Fi SSID
22. Configuration in CISCO APs, open Interface, go to security\server Manager, add RADIUS server,
Server: The IP address of the previously configured Windows RADIUS server
Password: For the password entered in step 14, the AP's IP and password to correspond!
650) this.width=650; "height=" 368 "title=" clip_image035 "style=" border:0px; "alt=" clip_image035 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c3/wkiol1u2dbqqoolsaae8ebsg5sm250.jpg "border=" 0 "/>
23, the corresponding command is as follows:
Radius-server host 10.132.176.10 auth-port 1812 Acct-port 1813 key 7 ********
AAA Authentication Login Eap_methods Group Rad_eap
AAA Group Server Radius Rad_eap
Server 10.132.176.10 auth-port 1812 Acct-port 1813
24, in the SSID management, the designated authentication method is as follows
650) this.width=650; "height=" 260 "title=" clip_image037 "style=" border:0px; "alt=" clip_image037 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c8/wkiom1u2cr_rfbasaacrcpw1zwq735.jpg "border=" 0 "/>
25, the corresponding command is as follows:
Dot11 SSID Wifipeap
VLAN 180
Authentication Open EAP Eap_methods
Authentication Network-eap Eap_methods
26. Turn on WEP encryption for the corresponding VLAN
650) this.width=650; "height=" 173 "title=" clip_image039 "style=" border:0px; "alt=" clip_image039 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c8/wkiom1u2cscab6d5aacflvtecni877.jpg "border=" 0 "/>
27, the corresponding command is as follows, if there are multiple frequencies, if necessary, just need to sub-add configuration
Interface Dot11radio0
No IP address
No IP route-cache
!
Encryption VLAN-mode WEP mandatory
!
28, the other two kinds of AP configuration method, the same way, select in RADIUS server, add RADIUS servers IP, as well as the password entered in step 14 (AP's IP and password to correspond)!
650) this.width=650; "height=" 181 "title=" clip_image041 "style=" border:0px; "alt=" clip_image041 "src=" http:/ S3.51cto.com/wyfs02/m02/6b/c8/wkiom1u2csgqomg2aac86izf7ii377.jpg "border=" 0 "/>
650) this.width=650; "height=" "title=" clip_image043 "style=" border:0px; "alt=" clip_image043 "src=" http:/ S3.51cto.com/wyfs02/m00/6b/c8/wkiom1u2csksu4niaadmowhutpu649.jpg "border=" 0 "/>
29, choose the authentication mode for WPA2 with Radius, some devices will be called: WPA2 AES/WPA2 enterprise level, etc.
650) this.width=650; "height=" 274 "title=" clip_image044 "style=" border:0px; "alt=" clip_image044 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c3/wkiol1u2db7gzg7baaeff1crh6q993.jpg "border=" 0 "/>
650) this.width=650; "height=" 404 "title=" clip_image046 "style=" border:0px; "alt=" clip_image046 "src=" http:/ S3.51cto.com/wyfs02/m01/6b/c3/wkiol1u2db-jynksaadoc_koik8145.jpg "border=" 0 "/>
30, RADIUS/AP configuration complete!
This article is from the "big to technology sharing" blog, please be sure to keep this source http://hubuxcg.blog.51cto.com/2559426/1636719
Windows 2012R2-based AD RADIUS wireless authentication
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
