Implementing 802.1x on Wireless Networks with Cisco and Microsoft

Access Point Setup

    These instructions assume that your access point is already setup to function normally, i.e., you've set the proper SSID and channel on which the access point will operate, and you've taken the proper steps to secure the access point itself from compromise. Documentation on the Cisco Access Points can be found here.  These instructions use the web management interface, although the identical configuration options are available from the terminal connection.  Its important that you're running at least 11.08T firmware, as of this writing the latest 11.10T is best.

Step 1 - Set Radius Server

Step 2 - Enable 802.1x EAP Authentication

Step 3 - Enable Encryption (Optional - see note on Using Dynamically Keyed WEP with Windows XP and Cisco APs)

    The only way to ensure strong mutual authentication between Windows XP and the access point is to enable dynamic WEP - without it, your machines are vulnerable to a man in the middle attack. 802.1x port access authentication isn't enough by itself.

This how-to is still under development, comments, questions, problems and feedback welcomed at
Last updated January 30th, 2002 by Mike van Opstal