Setting Up 802.1x on a Wired LAN with Windows and Cisco

0
3
Asked By TechieTurtle99 On

I'm looking to secure our small LAN of 25 users with certificates using 802.1x authentication. We've got two network segments communicating through our firewall: Server and Client. I also need this solution to work for users who connect via VPN when working from home. Can anyone recommend a detailed guide for configuring the NPS and AD CS components? I've come across some older guides from 2016, but I'm not sure if they're still relevant. Any advice or tips on potential pitfalls would be greatly appreciated!

3 Answers

Answered By SupportTech101 On

The guide should work fine for your needs since not much has changed since 802.1x was introduced. Just ensure that the Ethernet adapters on your devices are set up correctly for authentication using the appropriate certificate chain. Also, keep an eye on the event viewer for troubleshooting issues that may come up.

Answered By NetworkingNerd77 On

For your VPN setup, make sure you understand that 802.1x is mainly for securing wired connections. It’s not really designed for VPN scenarios. If you’re looking at certificate authentication for VPN, EAP-TLS is what you want, and you can manage that through RRAS. Microsoft Always On VPN could fit your needs. About the wired setup, there’s a guide out there that’s a bit dated, but the core setup hasn’t changed much since then. Here’s a link to it: [Setting Up Wired 802.1x Authentication on Windows Server 2012](http://www.accessdenied.be/documentation/Configuring%20Wired%208021x%20Authentication%20on%20Windows%20Server%202012.pdf) .

CuriousCat42 -

Thanks for the info! I didn’t realize VPN and 802.1x were so different. I’ll make sure to focus on wired LAN security and leave the VPN to our other methods.

Answered By CyberSecGuru On

Consider using MFA for users working remotely. It's a good layer of security when they're not onsite. But remember, for your current setup, since you’ve noted that you really only need security for the office LAN, stick to that for now.

TechieTurtle99 -

Yeah, we’ve already implemented MFA, which helps. So focusing on the wired connections makes sense.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.