How to set up 802.1X Radius Server on Windows Server 2012 R2
Needs to authenticate supplicants – authenticated by the authenticator (switch) and needs an authentication server (Windows SRV2012)
Protocols used:
- EAPOL
- RADIUS
802.1X Overview
https://www.youtube.com/watch?v=3obzgqslnL8
Windows Server Configuration
Required Services:
- Active Directory Users and Computers
- Certificate Authority Service ( Add-WindowsFeature ADCS-Cert-Authority) https://blogs.msdn.microsoft.com/tysonpaul/2016/05/24/install-standalone-ca-certificate-authority-on-windows-server-2012-r2-for-use-with-operations-manager/
- Network Policy and Access Service
http://techgenix.com/understanding-configuring-network-policy-access-services-server-2012-part2/
Additional Server Configurations:
- Add users to an OU (In my case dot1x OU with a user group)
- Register NAP in AD
- Configure NPS for a Wired connection and follow default prompts
- Click next and choose Secure Wired
- Choose “Add”
- Add the switch using ip address, verify and resolve ip and create a shared secret
- Click ok and Next till this screen and select EAP-MSCHAPv2
- Then Next and Add the group created in AD , in this case I have dot1x user group, click next and finish
- Disable Connection to Microsoft Routing…. And Connection to other access servers under Policies/Network Policies
- Click Properties for Secure Wired Connections and go to the Constrains Tab then NAS port Type, make sure to select Ethernet
Second part involves configuring switches, and you can find my write up on configuring 802.1x on hp 1910 switches here