HP ProCurve Networking

» Contacter

ProCurve Networking by HP - Avis relatifs aux applications



Contents
» 1. Introduction
» 2. Prerequisites
» 3. Network diagram
» 4. Configuring a Windows XP supplicant
» 4.1 Configure authentication on the supplicant machine
» 4.2 Specifics for Windows XP SP3
» 5. Configuring a Windows Vista supplicant
» 6. Reference documents

Downloads
» How to configure 802.1X authentication with a Windows XP or Vista supplicant (PDF)

1. Introduction
This document describes how to configure an 802.1X supplicant for Windows XP SP2/SP3 or Vista. The switch used in this example is a ProCurve Switch 5400zl but most ProCurve switches can be configured in the same manner.

» Return to top

2. Prerequisites

This procedure assumes you have an already configured PCM/IDM server and a ProCurve Switch 5400zl, both of them configured for 802.1X, and that the client PC is connected to a port authenticator.

» Return to top

3. Network diagram
Figure 1 details the configuration referenced in this section.
Figure 1. Setup for ProCurve-Mitel interoperability
Figure 1. Setup for configuring 802.1X authentication on Windows XP or Vista

Using this topology, you will configure the client, running either Windows Vista or XP SP2, to use 802.1X authentication.


» Return to top

4. Configuring a Windows XP supplicant
This section explains how to configure 802.1X authentication on a PC running Windows XP.

4.1 Configure authentication on the supplicant machine

  1. On the PC, in Control Panel | Network Connections, right-click on the Local Area Connection and choose Properties.
  2. In Local Area Connection Properties, go to the Authentication tab.
  3. In the Authentication tab, check Enable IEEE 802.1x authentication for this network, and for EAP type choose Protected EAP (PEAP):
    Figure 1. Setup for ProCurve-Mitel interoperability
  4. Click on Properties to configure PEAP settings.
  5. In the Protected EAP Properties window, de-select Validate server certificate; and under Select Authentication Method, choose Secure password (EAP-MSCHAP v2). Then click on Configure.
    Figure 1. Setup for ProCurve-Mitel interoperability
  6. In the EAP MSCHAPv2 Properties window, de-select Automatically use my Windows logon name and password (and domain if any).
    Figure 1. Setup for ProCurve-Mitel interoperability
  7. Click on OK in all the windows.
  8. Connect the PC to a port where 802.1X has been enabled. After a few seconds, a dialog box appears asking you for credentials.

» Return to top

4.2 Specifics for Windows XP SP3
Before being able to configure authentication on Windows XP service pack 3, ensure the Wired Autoconfig service is started. This will enable access to the Authentication tab of the network connection.

In the Authentication settings window, you can also check the box to Enable quarantine checks, which will ensure that these checks will be done before attempting to log onto the domain.


» Return to top

5. Configuring a Windows Vista supplicant
To configure a 802.1X authentication on a PC running Windows Vista:
  1. Select the LAN Connection from the Control Panel and open it.
  2. If the authentication tab does not appear, open the Services window and start the Wired AutoConfig service:
    To modify the 802.1p or DSCP values
  3. Open the Authentication tab, check Enable IEEE 802.1X authentication for this network and choose EAP type Protected EAP (PEAP):
    To modify the 802.1p or DSCP values
  4. In the Protected PEAP Properties window de-select Validate server certificate and select EAP-MSCHAPv2 as the authentication method:
    To modify the 802.1p or DSCP values
  5. In the EAP MSCHAPv2 Properties window, de-select Automatically use my Windows logon name and password (and domain if any):
    To modify the 802.1p or DSCP values
  6. Then connect the Vista PC to a port authenticator. When prompted, enter your username and password. (Domain information is not necessary.)
    To modify the 802.1p or DSCP values

» Return to top

7. Reference documents

This concludes the procedure for configuring 802.1X authentication.

For further information about how to configure ProCurve switches to support security, please refer to the following links:

» Return to top