Skip to main content


802.1x is an IEEE standards-based framework for authenticating access to a network and managing the keys used to protect traffic. It uses Remote Authentication Dial-In User Service (RADIUS), a network authentication service included in Windows Server 2003, to verify the network client's credentials with the domain controller and store the results in a database. The RADIUS server relies on the domain controller to authenticate the clients.

802.1x uses the Extensible Authentication Protocol (EAP) to secure the conversation between the servers and clients and the generation of keys. 802.1x with EAP-TLS is a certificate-based system used to mutually authenticate wireless clients and RADIUS servers. It uses strong cryptographic keys to protect wireless traffic.

This method requires public key certificates on the client and the RADIUS server. These public keys can be obtained from a trusted third party or you can set up a Windows Server 2003 Certificate server to automatically enroll these certificates for clients using Active Directory.

802.1x with PEAP (Protected Extensible Authentication Protocol) can use Microsoft Challenge Handshake Protocol version 2 (MS-CHAPv2) to provide secure password authentication without using certificates. This method works best in a small environment that does not have any certificate servers, but it can also be used as an interim strategy to deploy a wireless network before implementing a certificate infrastructure.

Your logbook for this section should include documentary evidence that you can plan security for wireless networks using WEP encryption and WEP authentication.

Next: Configuring Directory Services for Certificate Publication