Configuring Windows XP for using 802.1x for Ethernet

From Notes_Wiki
Revision as of 23:16, 17 November 2012 by Saurabh (talk | contribs)

Configuring Windows XP for using 802.1x for Ethernet

  1. Login as user which belongs to administrators group.
  2. Go to Control panel -> Administrative tools -> Services or use 'Computer Management' interface to go to services configuration option.
  3. Start service named 'Wired Autoconfig' and also change its start-up type from manual to Automatic.
  4. Now go to Control panel -> Network Connections and open properties of "Local Area Connection" which you have connected to switch with radius server or 802.1x configuration.
  5. You should see three tabs in properties of this network card, namely General, Authentication and Advanced. In case you do not see any Authentication tab then disable/enable device once or twice till you see this tab.
  6. Go to authentication tab and choose following options
    • Enable IEEE 802.1x authentication
    • Enable caching of user information. Without this authentication does not seems to work.
    • Use protocol 'MD5-challenge' for authentication and click OK.
  7. Now disable the device and enable it again. You will see a small pop-up in below status-bar icon that extra information is required.
    • You have to click on status-bar icon just within 2-3 seconds of this pop-up message. If you click after 2-3 seconds you wont get username, password, etc. dialog box and even if you click before you see this pop-up message then also you wont get any dialog box for entering username, password. Hence timing is important and may feel difficult to do initially.
    • When you do click the icon in time properties pop-up will also open and will shadow/overlap will authentication dialog. So you have to close the properties dialog and enter username 'Saurabh Barjatiya' and password 'iiit123' in the authentication dialog box.
    • In case you have not clicked in time or you entered wrong username/password or you get 'Connection Failed' or 'Authentication Failed' message then just disable and enable the network connection so that you can again get prompted for username / password.
  8. If everything goes fine and authentication is successful the PC will then try to take IP from DHCP server (assuming one is configured in your network) and then you will get connected message. You can see that authentication is is progress if you connect to Linksys switch and go to Security -> 802.1x authentication tab. You can also see debug messages when you run server as '/usr/sbin/radiusd -X' which inform which user is trying to authenticate, what is users MAC address and so on. After user is successfully authenticated the message in 'Seucrity -> 802.1x settings' tab change to indicate the MAC address of client and that Authorization was successful.


Back to Freeradius configuration