Defending your internal network with 802.1x and Microsoft Certificate and Internet Authentication Services

This posting is provided "AS IS" with no warranties, and confers no rights.

Scenario description: Recently I was working with a client who wanted to ensure that only authorized machines can connect to the corporate network. In other words, we needed to setup an environment where corporate workstations were authenticated prior to attaching to internal switched network. Luckily, the client had 802.1x capable Ethernet switches (CISCO Catalyst 3550), which made this task possible. The blog will take you through the steps on setting up a proof of concept environment. The purpose of this blog is not to outline the most optimal or secure configuration with respect to 802.1x but rather to provide assistance in setting-up the initial proof of concept environment where the security parameters appropriate for you organization may be tested and verified.

Please, follow this link for a complete step-by-step solution guide.