Implementing 802.1X in a LAN enviorment

I'm looking for articles/white papers that explain how to design and
implement 802.1x in a LAN environment.
The clients are Windows XP Pro SP2 or Windows Server 2003 (SP0 & SP1).
The goal is to implement IAS as the radius and use X.509v3 Certificates for
authentication.

Found some articles about Wireless implementation but I need info about LAN.
Also if there's any info on how to configure clients for 802.1x using GPO
(There's settings for wireless but not for LAN).

Can anyone direct me to such information?

I found that the wireless policy is using the user certificate and I would
like to use the computer certificate for authentication. Is it possible?

Thanks,
Amihai Bareket

See

http://www.microsoft.com/technet/com...mt/sm0805.mspx

Not secure. And no, you cannot apply security settings to the clients using
GPO or a script - GUI only.

Consider alternatives.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Amihai Bareket" <(E-Mail Removed)> wrote in message
news:OX$(E-Mail Removed)...
> I'm looking for articles/white papers that explain how to design and
> implement 802.1x in a LAN environment.
> The clients are Windows XP Pro SP2 or Windows Server 2003 (SP0 & SP1).
> The goal is to implement IAS as the radius and use X.509v3 Certificates
> for authentication.
>
> Found some articles about Wireless implementation but I need info about
> LAN.
> Also if there's any info on how to configure clients for 802.1x using GPO
> (There's settings for wireless but not for LAN).
>
> Can anyone direct me to such information?
>
> I found that the wireless policy is using the user certificate and I would
> like to use the computer certificate for authentication. Is it possible?
>
> Thanks,
> Amihai Bareket
>

Hi Amihai

This white paper should help you:

IEEE 802.1X for Wired Networks and Internet Protocol Security with Microsoft
Windows
http://www.microsoft.com/downloads/d...displaylang=en

--
Cheers
Keith


"Amihai Bareket" <(E-Mail Removed)> wrote in message
news:OX$(E-Mail Removed)...
> I'm looking for articles/white papers that explain how to design and
> implement 802.1x in a LAN environment.
> The clients are Windows XP Pro SP2 or Windows Server 2003 (SP0 & SP1).
> The goal is to implement IAS as the radius and use X.509v3 Certificates
> for authentication.
>
> Found some articles about Wireless implementation but I need info about
> LAN.
> Also if there's any info on how to configure clients for 802.1x using GPO
> (There's settings for wireless but not for LAN).
>
> Can anyone direct me to such information?
>
> I found that the wireless policy is using the user certificate and I would
> like to use the computer certificate for authentication. Is it possible?
>
> Thanks,
> Amihai Bareket
>

Which Alternatives apart from IPSEC?


"S. Pidgorny <MVP>" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> See
>
> http://www.microsoft.com/technet/com...mt/sm0805.mspx
>
> Not secure. And no, you cannot apply security settings to the clients
> using GPO or a script - GUI only.
>
> Consider alternatives.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> "Amihai Bareket" <(E-Mail Removed)> wrote in message
> news:OX$(E-Mail Removed)...
>> I'm looking for articles/white papers that explain how to design and
>> implement 802.1x in a LAN environment.
>> The clients are Windows XP Pro SP2 or Windows Server 2003 (SP0 & SP1).
>> The goal is to implement IAS as the radius and use X.509v3 Certificates
>> for authentication.
>>
>> Found some articles about Wireless implementation but I need info about
>> LAN.
>> Also if there's any info on how to configure clients for 802.1x using GPO
>> (There's settings for wireless but not for LAN).
>>
>> Can anyone direct me to such information?
>>
>> I found that the wireless policy is using the user certificate and I
>> would like to use the computer certificate for authentication. Is it
>> possible?
>>
>> Thanks,
>> Amihai Bareket
>>
>
>

Go completely wireless. Still, that's the last foot security.

Or go IPv6.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-


"Amihai Bareket" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Which Alternatives apart from IPSEC?
>
>
> "S. Pidgorny <MVP>" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> See
>>
>> http://www.microsoft.com/technet/com...mt/sm0805.mspx
>>
>> Not secure. And no, you cannot apply security settings to the clients
>> using GPO or a script - GUI only.
>>
>> Consider alternatives.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> "Amihai Bareket" <(E-Mail Removed)> wrote in message
>> news:OX$(E-Mail Removed)...
>>> I'm looking for articles/white papers that explain how to design and
>>> implement 802.1x in a LAN environment.
>>> The clients are Windows XP Pro SP2 or Windows Server 2003 (SP0 & SP1).
>>> The goal is to implement IAS as the radius and use X.509v3 Certificates
>>> for authentication.
>>>
>>> Found some articles about Wireless implementation but I need info about
>>> LAN.
>>> Also if there's any info on how to configure clients for 802.1x using
>>> GPO (There's settings for wireless but not for LAN).
>>>
>>> Can anyone direct me to such information?
>>>
>>> I found that the wireless policy is using the user certificate and I
>>> would like to use the computer certificate for authentication. Is it
>>> possible?
>>>
>>> Thanks,
>>> Amihai Bareket
>>>
>>
>>
>
>