Categories
How-To Technical

Windows XP WPA2-Enterprise using IEEE 802.1X

On occasions I get a question where someone is trying to connect Microsoft Windows XP to a WPA2-Enterprise level Wireless network using RADIUS authentication.

First I would like inform you that in order to so this you need to be running Service Pack 2; I’d recommend you run Service Pack 3, which is the latest Service Pack for Microsoft Windows XP.

If you are running only Service Pack 2, you will need to install an update for you wireless client, which covers “Wi-Fi Protected Access 2 (WPA2) Provisioning Services – http://support.microsoft.com/kb/893357

Once you are up to date you should be able to simply follow these steps to configure your access to a WPA2 Enterprise Network.

In your Control Panel, double click Network Connections, then right click on your wireless network card and select Properties. The Wireless Network Connection dialog box displays. OR you may also access Wireless Network Connection Properties directly (Step 3) by clicking on the wireless network icon located in your system tray on your desktop (skip Step 2)

On the Wireless Network Connection dialog box under Choose a wireless network, click on the network name. Under Related Tasks, click Change advanced settings.

The Wireless Network Connection Properties dialog box displays.
Click on the Wireless Networks tab. Confirm that “Use Windows to configure my wireless network settings” is checked.
Click on the Add button.

The Wireless network properties dialog box displays.
Next to Network Name type: the name of your network
Under Wireless network key, next to Network Authentication, select WPA2 Enterprise, (other options are: WPA Enterprise, or WPA)
Next to Data encryption, and select AES

Select the Authentication tab.
Next to EAP type, select Protected EAP (PEAP)
Uncheck Authenticate as computer when computer information is available.
Click on the Properties tab.

The Protected EAP Properties dialog box displays.
Uncheck Validate server certificate.
Under Select Authentication Method, assure that Secured password (EAP-MSCHAP v2) is selected.

Confirm that Enable Fast Reconnect is checked. (Depending on your network, if you have multiple access points you may want to enable this)
Click on the Configure button.

The EAP MSCHAPv2 Properties dialog box displays.
Uncheck automatically use my Windows logon name and password. (Applies to machines not joined to a domain)
Click OK

The Enter Credentials dialog box will display and you just need to
Enter your User name and password.
Click [OK]
A bunch of steps, but this should work if setting up manually.