Wireless 存取部署概觀Wireless Access Deployment Overview

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

下圖顯示元件所需部署 802.1 X 驗證 PEAP-MS-CHAP v2 wireless 存取。The following illustration shows the components that are required to deploy 802.1X authenticated wireless access with PEAP-MS-CHAP v2.

802.1 x 部署基礎結構概觀

Wireless 存取部署元件Wireless access deployment components

以下基礎結構是此 wireless 存取部署所需項目:The following infrastructure is required for this wireless access deployment:

802.1X-能無線存取點802.1X-capable Wireless access points

支援 wireless 區域網路所需的網路基礎結構服務會在位置之後,您就可以開始的位置,wireless Ap 設計程序。After the required network infrastructure services supporting your wireless local area network are in place, you can begin the design process for the location of the wireless APs. Wireless AP 部署設計程序包含下列步驟:The wireless AP deployment design process involves these steps:

  • 找出 wireless 使用者涵蓋的範圍。Identify the areas of coverage for wireless users. 檢測軍人區域的涵蓋範圍時,請務必找出您是否想要提供的建築物、 外的電信業雖然,如果有的話判斷特定位置外部的區域。While identifying the areas of coverage, be sure to identify whether you want to provide wireless service outside the building, and if so, determine specifically where those external areas are.

  • 判斷多少 wireless Ap,以確保適當的涵蓋範圍部署。Determine how many wireless APs to deploy to ensure adequate coverage.

  • 判斷放置 wireless Ap 的位置。Determine where to place wireless APs.

  • 選取 wireless Ap 通道的頻率。Select the channel frequencies for wireless APs.

Active Directory Domain ServicesActive Directory Domain Services

下列項目 AD ds 部署所需的 wireless 存取。The following elements of AD DS are required for wireless access deployment.

使用者和電腦Users and Computers

使用 Active Directory 使用者和電腦 snap\ 中建立及管理使用者帳號,並建立包含每個您要權限授與 wireless 的網域成員 wireless 安全性群組。Use the Active Directory Users and Computers snap-in to create and manage user accounts, and to create a wireless security group that includes each domain member to whom you want to grant wireless access.

無線網路 \ (IEEE 802.11) 原則Wireless Network (IEEE 802.11) Policies

您可以使用 Wireless 網路 \ (IEEE 802.11) 原則設定原則套用到 wireless 電腦嘗試存取網路時,群組原則管理的擴充功能。You can use the Wireless Network (IEEE 802.11) Policies extension of Group Policy Management to configure policies that are applied to wireless computers when they attempt to access the network.

群組原則管理編輯器] 中,當您 right\ 按一下Wireless 網路 \ (IEEE 802.11) 原則,您有下列兩個選項 wireless 原則您所建立的類型。In Group Policy Management Editor, when you right-click Wireless Network (IEEE 802.11) Policies, you have the following two options for the type of wireless policy that you create.

  • 建立新的網路 Wireless 原則適用於 Windows Vista 和較新版本Create a New Wireless Network Policy for Windows Vista and Later Releases

  • 建立新的 Windows XP 原則Create a New Windows XP Policy

提示

在設定新網路 wireless 原則時,您可以選擇變更名稱與原則的描述。When configuring a new wireless network policy, you have the option to change the name and description of the policy. 如果您變更原則的名稱,變更會反映在的詳細資料窗格中的群組原則管理編輯器和 wireless 的網路原則對話方塊中的標題列。If you change the name of the policy, the change is reflected in the Details pane of Group Policy Management Editor and on the title bar of the wireless network policy dialog box. 無論您重新命名您的原則為何,新 XP 無線原則一律會列在群組原則管理編輯器的輸入顯示XPRegardless of how you rename your policies, the New XP Wireless Policy will always be listed in Group Policy Management Editor with the Type displaying XP. 其他原則所列的輸入顯示Vista 和稍後發行Other policies are listed with the Type showing Vista and Later Releases.

Wireless 網路原則適用於 Windows Vista 和稍後發行,可讓您設定、 排定優先順序,並管理多個 wireless 設定檔。The Wireless Network Policy for Windows Vista and Later Releases enables you to configure, prioritize, and manage multiple wireless profiles. Wireless 設定檔是連接和安全性設定連接到特定的 wireless 網路所使用的集合。A wireless profile is a collection of connectivity and security settings that are used to connect to a specific wireless network. 群組原則 wireless client 電腦上的更新,當您建立網路 Wireless 原則中的設定檔會自動新增 wireless client Wireless 的網路原則適用於電腦的設定。When Group Policy is updated on your wireless client computers, the profiles you create in the Wireless Network Policy are automatically added to the configuration on your wireless client computers to which the Wireless Network Policy applies.

讓連接多部 wireless 網路Allowing connections to multiple wireless networks

如果您有 wireless 戶端您在組織中的所在位置間移動,例如主要辦公室之間分公司,您可能想電腦連接到更多個 wireless 網路。If you have wireless clients that are moved across physical locations in your organization, such as between a main office and a branch office, you might want computers to connect to more than one wireless network. 此時,您可以設定 wireless 包含每個網路的特定連接和安全性設定的設定檔。In this situation, you can configure a wireless profile that contains the specific connectivity and security settings for each network.

例如,假設您的公司有一個 wireless 主要公司 office,服務設定識別碼與網路 (SSID) WlanCorp。For example, assume your company has one wireless network for the main corporate office, with a service set identifier (SSID) WlanCorp.

您分公司也有 wireless 網路,您也想連接。Your branch office also has a wireless network to which you also want to connect. 分公司已設定為 WlanBranch SSID。The branch office has the SSID configured as WlanBranch.

在本案例中,您可以設定為每個網路,以及電腦或其他裝置在公司辦公室所使用的設定檔並分公司可以連接到任一 wireless 網路時實體在各種不同的網路的涵蓋範圍。In this scenario, you can configure a profile for each network, and computers or other devices that are used at both the corporate office and branch office can connect to either of the wireless networks when they are physically in range of a network's coverage area.

Mixed\ 模式 wireless 網路Mixed-mode wireless networks

或者,假設您網路上有多種 wireless 電腦與裝置支援標準不同的安全。Alternately, assume your network has a mixture of wireless computers and devices that support different security standards. 加勒比某些較舊的電腦有只能使用 WPA-企業版時有較新的裝置可以使用較 WPA2\ 企業標準 wireless 介面卡。Perhaps some older computers have wireless adapters that can only use WPA-Enterprise, while newer devices can use the stronger WPA2-Enterprise standard.

您可以建立兩個不同的設定檔,使用相同的 SSID 和幾乎連接和安全性設定。You can create two different profiles that use the same SSID and nearly identical connectivity and security settings.

一個設定檔,wireless 驗證為 WPA2\ 企業有好一段,及其他設定檔中您可以指定 WPA\ 企業與 TKIP。In one profile, you can set the wireless authentication to WPA2-Enterprise with AES, and in the other profile you can specify WPA-Enterprise with TKIP.

此程序通常稱為 mixed\ 模式部署,並可讓不同類型及 wireless 功能來分享 wireless 在相同網路的電腦。This is commonly known as a mixed-mode deployment, and it allows computers of different types and wireless capabilities to share the same wireless network.

網路原則伺服器 (NPS)Network Policy Server (NPS)

NPS 可讓您建立並執行適用於連接要求驗證與授權網路存取原則。NPS enables you to create and enforce network access policies for connection request authentication and authorization.

當您使用 NPS RADIUS 伺服器時,您可以設定 wireless 存取點,例如網路存取伺服器中 NPS RADIUS 戶端為。When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points, as RADIUS clients in NPS. 您也需要驗證存取戶端和授權連接要求 NPS 使用的網路原則設定。You also configure the network policies that NPS uses to authenticate access clients and authorize their connection requests.

Wireless client 電腦Wireless client computers

本指南,wireless client 電腦的電腦和的配備 IEEE 802.11 wireless 網路介面卡及可執行 Windows client 或 Windows Server 作業系統的其他裝置。For the purpose of this guide, wireless client computers are computers and other devices that are equipped with IEEE 802.11 wireless network adapters and that are running Windows client or Windows Server operating systems.

Wireless 戶端為伺服器電腦Server computers as wireless clients

根據預設,802.11 wireless 的功能已停用電腦正在執行 Windows Server。By default, the functionality for 802.11 wireless is disabled on computers that are running Windows Server.

若要讓 wireless 連接執行 server 作業系統的電腦上,您必須安裝以及 Wireless 區域網路 (WLAN) 服務使用 「 Windows PowerShell 或新增角色與精靈中的功能在伺服器管理員中的功能。To enable wireless connectivity on computers running server operating systems, you must install and enable the Wireless LAN (WLAN) Service feature by using either Windows PowerShell or the Add Roles and Features Wizard in Server Manager.

當您安裝無線區域網路服務功能,新的服務WLAN 自動設定中安裝服務When you install the Wireless LAN Service feature, the new service WLAN AutoConfig is installed in Services. 安裝完成時,您必須重新開機。When installation is complete, you must restart the server.

當您按一下伺服器會重新之後,您可以存取 WLAN 自動設定[開始]Windows 系統管理工具],並服務After the server is restarted, you can access WLAN AutoConfig when you click Start, Windows Administrative Tools, and Services.

安裝和伺服器重新開機,是停止狀態的開機類型 service WLAN 自動設定後自動After install and server restart, the WLAN AutoConfig service is in a stopped state with a startup type of Automatic. 若要開始服務,按兩下 [ WLAN 自動設定To start the service, double-click WLAN AutoConfig. 一般索引標籤上,按一下 [ [開始],然後按一下 [ [確定]On the General tab, click Start, and then click OK.

WLAN 自動設定服務列舉 wireless 介面卡及管理同時 wireless 連接和 wireless 包含所需設定伺服器連接 wireless 網路設定的設定檔。The WLAN AutoConfig service enumerates wireless adapters and manages both wireless connections and the wireless profiles that contain settings that are required to configure the server to connect to a wireless network.

Wireless 存取部署概觀,請查看Wireless 存取部署程序For an overview of wireless access deployment, see Wireless Access Deployment Process.