Description:

The document describes how to connect a WLAN client to a network operating the 802.1X protocol.
Access credentials are checked against the RADIUS server of a Windows 2008 R2 NPS server.

This solution directs all requests to the external RADIUS server via the LANCOM access points, which forward the requests to the NPS server.


Requirements:
  • The LANCOM access points have a default configuration that connects them to the local network, and they can be managed by the LANCOM WLAN controller.
  • A functional installed Windows Active Directory and a Windows CA (certificate server).


Scenario:

The WLAN client establishes a connection to the LANCOM access point, which is managed by a LANCOM WLAN controller. In this case, authentication does not use a password set on the access point and the WLAN client. Instead, a session is set up to a downstream central RADIUS server running on a Windows NPS server.

The server checks the access credentials (name and password) against a central database. This method allows the RADIUS server to operate as a central login service for large numbers of access points.
  • The RADIUS server is a Windows 2008 R2 NPS server. In this example configuration, the NPS server has the local IP address 192.168.10.1.
  • The authenticators are LANCOM L-452agn dual Wireless access points. The access points are managed by a LANCOM WLAN controller.
  • The supplicant is, for example, a notebook running the Windows operating system.





Procedure:

1) Configuration steps on a LANCOM WLAN controller:

1.1) Open the configuration of the WLAN controller in LANconfig and navigate to the menu WLAN controller -> Profiles -> RADIUS profiles.



1.2) Create a new entry, which describes the connection to the NPS server.



1.3) Switch to the menu WLAN controller - > Profiles -> Logical WLAN networks (SSIDs) and create a new logical WLAN, in which authentication is performed by 802.1X.


  • Set the Encryption option to 802.11i(WPA)-802.1X.
  • In the field RADIUS profile, select the RADIUS profile that describes how to connect to the NPS server.



1.4) Navigate to the menu WLAN controller -> Profiles -> WLAN profiles.



1.5) Create a new WLAN profile for 802.1X, which you assign to the logical 802.1X WLAN network that you created in step 1.3. The physical WLAN parameters can be set with an existing profile.



1.6) Navigate to the menu item WLAN controller -> AP configuration -> Access point table.



1.7) Assign the 802.1X WLAN profile created in step 1.5) to those LANCOM access points required to support the SSID that uses 802.1X authentication.



1.8) Close the dialogs with the OK button and write the configuration back to the device. The configuration of the LANCOM WLAN controller is now complete. The settings are transferred from the WLAN controller to the LANCOM access points.


2) Configuration steps on the Windows NPS server and WLAN client:

The configuration steps on the Windows NPS server and the WLAN client are described in the following Knowledge Base document:
    INFO:
    Because the access points in this scenario are Authenticators, these must be created as RADIUS clients in the configuration of the NPS server.