D-Link Wireless AP with NAP 802.1x solution

Slides:



Advertisements
Similar presentations
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Advertisements

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)
Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Microsoft Dynamics GP 2013 R2 Dashboards © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Feature: Payroll and HR Enhancements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.
Co- location Mass Market Managed Hosting ISV Hosting.
Sreenivas Addagatla - Development Lead Lambert Green - Test Lead Microsoft Corporation.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Windows 7 Training Microsoft Confidential. Windows ® 7 Compatibility Version Checking.
Feature: Purchase Order Prepayments II © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Feature: OLE Notes Migration Utility
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Feature: SmartList Usability Enhancements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
 Rico Mariani Architect Microsoft Corporation.
Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
WinHEC /22/2017 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Print Remaining Documents © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
Connect with life Connect with life
NEXT: Overview – Sharing skills & code.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Document Attachment –Replace OLE Notes © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Feature: Suggested Item Enhancements – Sales Script and Additional Information © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows.
Feature: Customer Combiner and Modifier © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Feature: Employee Self Service Timecard Entry © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Ian Ellison-Taylor General Manager Microsoft Corporation PC27.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Feature: Void Historical/Open Transaction Updates © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
Feature: Suggested Item Enhancements – Analysis and Assignment © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and.
Windows Azure SQL Data Sync Name Title Microsoft Corporation.
projekt202 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
The CLR CoreCLRCoreCLR © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.
Implementing Network Access Protection
Возможности Excel 2010, о которых следует знать
Title of Presentation 11/22/2018 3:34 PM
Baseline: How Are We Doing Now?
Title of Presentation 12/2/2018 3:48 PM
28 days.
8/04/2019 9:13 PM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Виктор Хаджийски Катедра “Металургия на желязото и металолеене”
PENSACOLA ENERGY WORK PLAN OCTOBER 10, 2016
Title of Presentation 5/12/ :53 PM
Шитманов Дархан Қаражанұлы Тарих пәнінің
Title of Presentation 5/24/2019 1:26 PM
5/24/2019 6:44 PM 1/8/18 Bell #10 In a world governed by the gods, is there any room for human will? Do human choices make a difference? EXPLAIN © 2007.
Microsoft Virtual Academy
日本初公開!? Vista の新機能を実演 とっちゃん わんくま同盟 7/23/2019 9:09 AM
Title of Presentation 7/24/2019 8:53 PM
What’s New in Visual Studio 2012 for Web Developers
Presentation transcript:

D-Link Wireless AP with NAP 802.1x solution WRPD, Jan, 2008

What’s Network Access Protection (NAP) Network Access Protection technology is led by Microsoft, which is policy enforcement technology used in next generation Windows platforms, and provides components and an application programming interface (API) set that help administrators enforce compliance with health policies for network access or communication. According to corporation policy, administrators could enforce compliance with health requirements for network access and communication. NAP requirements: Server: Microsoft Windows Server 2008, Codename “Longhorn” Clients: Microsoft Windows Vista or Microsoft XP SP2 with NAP client Appliances: DWL-3200AP D-Link Confidential

Network Access Protection (NAP) Overview There are 4 important pillars with NAP architecture, including: Policy Validation, Network Restriction, Remediation and Ongoing Compliance. Policy Validation: Are computers “healthy” – compliant with company’s security policy Network Restriction: Restrict network access based on their health Remediation: Provides necessary updates to become healthy Once healthy, the network restrictions are removed Ongoing Compliance: Changes in computers’ health may dynamically result in network restrictions D-Link Confidential

Network Access Protection – Walk Through 12/24/2017 3:28 AM Network Access Protection – Walk Through Corporate Network Restricted Network Remediation servers System health servers Here you go Can I have updates? Ongoing policy updates to NPS Policy Server May I have access? Here’s my current health status Requesting access. Here’s my new health status Should this client be restricted based on its health? According to policy, the client is up to date Grant access According to policy, the client is not up to date. Quarantine client, request it to update DWL-3200AP You are given restricted access until fix-up Microsoft network policy server Client Client is granted access to full intranet D-Link Confidential © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 4

NAP 802.1X Flow Chart D-Link Confidential Enable WPA(2) PEAP and Dynamic VLAN on DWL-3200AP 802.1X Authentication Fail Client stays in Guest VLAN Yes Remediation process completed If client compliance status or company policy is changed Success Not Compliant Compliant Client is assigned to Non-compliance VLAN for remediation Policy Compliance Check Client is assigned to Compliance VLAN D-Link Confidential

Necessary Policies in 802.1X NAP Scenario There are 3 type of polices should be configured under Network Policy Server, which is a component within Microsoft Windows Server 2008 Connection Request Policy This policy determines which connection request is acceptable In 802.1X NAP scenario, only connection request from DWL-3200AP is acceptable Health Policy System Health Validator (SHV) determines which element is needed when validating health status, such like: firewall status, anti-virus status, anti-spyware status and so on Health Policy adopts SHVs to determine which criteria is healthy, for example: “must pass all the SHV checks” is healthy Network Policy Network Policy determines which action is going to take based on the health status D-Link Confidential

NAP How-to in Brief Microsoft Active Directory Install Active Directory Certificate Services Microsoft Windows Server 2008, Codename “Longhorn” Install Network Policy Server (new version RADIUS server) [Detail] Configure RADIUS setting, correlated with DWL-3200AP [Detail] Configure polices, rules and actions Connection Request Policy [Detail] Health Policy [Detail] (System Health Validator [Detail]) Network Policy [Detail] Microsoft Windows Vista or XP SP2 with NAP client Enable NAP client enforcement feature [Detail] D-Link DWL-3200AP Configure WPA(2)-PEAP and RADIUS setting, correlated with DWL-3200AP [Detail] Enable MSSID with VLAN setting [Detail] D-Link Confidential

Windows Server 2008 – Network Policy Server [Back] D-Link Confidential

Windows Server 2008 – RADIUS Setting [Back] D-Link Confidential

Windows Server 2008 – Connection Request Policy [Back] D-Link Confidential

Windows Server 2008 – System Health Validator [Back] D-Link Confidential

Windows Server 2008 – Health Policy [Back] D-Link Confidential

Windows Server 2008 – Network Policy Important A setting of Access granted does not mean that noncompliant clients are granted full network access. It specifies that clients matching these conditions should continue to be evaluated by the policy. Note The Tunnel-Tag value is populated in all attributes used in this policy, and serves to group these attributes together, identifying them as belonging to a particular tunnel. Consult your vendor documentation to determine if a unique Tag value is required for your switch. [Back] D-Link Confidential

Windows Vista [Back] D-Link Confidential

DWL-3200AP Configuration 1 DWL-3200AP Configuration Select WPA or WPA2 Enterprise Input the radius server setting 15 D-Link Confidential

DWL-3200AP Configuration 2 Enable VLAN State Select Dynamic to enable dynamic vlan function. D-Link Confidential

DWL-3200AP 802.1x NAP Test Environment VLAN10 Guest VLAN 20 Limited Access VLAN 30 Full Access DWL-3200AP enable WPA(2) PEAP and dynamic vlan setting D-Link switch which support 802.1q VLAN,create v10,v20,v30 for guest vlan, limited access vlan and full access vlan. Microsoft AD/NAP Enforcement/Health check/NPS server Windows Vista Business 17 D-Link Confidential

Network Access Protection - Resources Network Access Protection Web site http://www.microsoft.com/technet/network/nap/default.mspx Introduction to Network Access Protection http://www.microsoft.com/technet/network/nap/napoverview.mspx Network Access Protection Platform Architecture http://www.microsoft.com/technet/network/nap/naparch.mspx Step By Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab http://www.microsoft.com/downloads/details.aspx?FamilyID=8a0925ee-ee06-4dfb-bba2-07605eff0608&displaylang=en Network Access Protection: Frequently Asked Questions http://www.microsoft.com/technet/network/nap/napfaq.mspx Network Access Protection -  TechNet Forums http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=576&SiteID=17 D-Link Confidential