•
 
There must be a ‘‘client login’’ for the wireless access point itself. 
The wireless access point will use its default name as its client login name. (However, your RADIUS 
server may ignore this and use the IP address instead.) 
The 
Shared Key
, set on the 
Security
 Screen of the access point, must match the 
Shared Secret
 value 
on the RADIUS server. 
Encryption settings must be correct.  
802.1x Server Setup (Windows 2000 Server) 
This section describes using 
Microsoft Internet Authentication Server
 as the RADIUS server, since it 
is the most common RADIUS server available that supports the EAP-TLS authentication method.  
The following services on the Windows 2000 Domain Controller (PDC) are also required. 
•
 
dhcpd  
•
 
dns  
•
 
rras 
•
 
webserver (IIS)  
•
 
RADIUS Server (Internet Authentication Service)  
•
 
Certificate Authority  
Windows 2000 Domain Controller Setup 
Run 
dcpromo.exe
 from the command prompt.  
Follow all of the default prompts, ensure that DNS is installed and enabled during installation.  
Services Installation 
1.
 
Select the Control Panel > Add/Remove Programs.  
2.
 
Click Add/Remove Windows Components from the left side.  
3.
 
Ensure that the following components are selected. 
a.
 
Certificate Services.  After enabling this, you will see a warning that the computer 
cannot be renamed and joined after installing certificate services. Select Yes to select 
certificate services and continue. 
b.
 
World Wide Web Server. Select World Wide Web Server  on the Internet Information 
Services (IIS) component. 
c.
 
From the Networking Services category, select Dynamic Host Configuration Protocol 
(DHCP), and Internet  Authentication Service  (DNS should already be selected and 
installed). 
89