Appendix A: 802.1X Authenticated Wireless Access Requirements
Applies To: Windows Server 2008, Windows Server 2008 R2
Support for IEEE 802.11 Standards
Windows Server 2008, Windows Vista, Windows XP, and Windows Server 2003 provide built-in support for 802.11 wireless LAN networking. An installed 802.11 wireless LAN network adapter appears as a wireless network connection in the Network Connections folder. Although there is built-in support for 802.11 wireless LAN networking, the wireless components of Windows are dependent upon the following:
The capabilities of the wireless network adapter. The installed wireless network adapter must support the wireless LAN or wireless security standards that you require. For example, if the wireless network adapter does not support Wi-Fi Protected Access (WPA), you cannot enable or configure WPA security options.
The capabilities of the wireless network adapter driver. To allow you to configure wireless network options, the driver for the wireless network adapter must support the reporting of all of its capabilities to Windows. Verify that the driver for your wireless network adapter was written for the capabilities of Windows Vista or Windows XP and is the most current version by checking Microsoft Update or the Web site of the wireless network adapter vendor.
The following table shows the transmission rates and frequencies for IEEE 802.11 wireless standards.
| Standards | Frequencies | Bit Transmission Rates | Usage |
|---|---|---|---|
802.11 |
S-Band Industrial, Scientific, and Medical (ISM) frequency range (2.4 to 2.5 GHz) |
2 megabits per second (Mbps) |
Obsolete. Not commonly used. |
802.11b |
S-Band ISM |
11 Mbps |
Commonly used. |
802.11a |
C-Band ISM (5.725 to 5.875 GHz) |
54 Mbps |
Not commonly used due to expense and limited range. |
802.11g |
S-Band ISM |
54 Mbps |
Widely used. 802.11g devices are compatible with 802.11b devices. |
802.11n (IEEE standards development are in progress) |
C-Band and S-Band ISM |
250 Mbps |
Devices based on the pre-ratification IEEE 802.11n standard became available in August 2007. Many 802.11n devices are compatible with 802.11a, b, and g devices. |
Wireless security standards
The following table shows wireless security standards and their corresponding authentication and encryption methods.
| Security Standard | Authentication Methods | Encryption Methods | Encryption Key Size (in bits) | Comments |
|---|---|---|---|---|
IEEE 802.11 |
Open system and shared key |
Wired Equivalent Privacy (WEP) |
40 and 104 |
Use is strongly discouraged due to weak Wi-Fi authentication and encryption. |
IEEE 802.1X |
Extensible Authentication Protocol (EAP) authentication methods |
N/A |
N/A |
Strong EAP methods provide strong authentication. |
Wi-Fi Protected Access (WPA)-Enterprise |
802.1X |
Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) (optional) |
128 |
Strong authentication (with strong EAP method) and strong (TKIP) or very strong (AES) encryption. |
WPA-Personal |
Pre-shared key (PSK) |
TKIP and AES (optional) |
128 |
Strong authentication (with strong PSK) and strong (TKIP) or very strong (AES) encryption. |
WPA2-Enterprise |
802.1X |
TKIP and AES |
128 |
Strong authentication (with strong EAP method) and strong (TKIP) or very strong (AES) encryption. |
WPA2-Personal |
PSK |
TKIP and AES |
128 |
Strong authentication (with strong PSK) and strong (TKIP) or very strong (AES) encryption. |
Microsoft recommends that you use one of the following combinations of wireless security technologies (in order of most to least secure):
WPA2 with AES encryption, PEAP-TLS or EAP-TLS authentication, and both user and computer certificates.
WPA2 with AES encryption, PEAP-MS-CHAP v2 authentication, and a requirement for users to set strong user passwords.
WPA with EAP-TLS or PEAP-TLS authentication and both user and computer certificates.
WPA with PEAP-MS-CHAP v2 authentication and a requirement for users to set strong user passwords.