This checklist provides the tasks required to deploy 802.1X authenticating switches with Network Policy Server (NPS).

Task Reference

Install and configure 802.1X authenticating switches on your network.

RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation

Determine the authentication method you want to use.

RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; EAP Overview; PEAP Overview; and your hardware documentation

Autoenroll a server certificate to servers running NPS or, if you are using Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) only, optionally purchase a server certificate rather than deploying your own CA.

Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication on the Microsoft Download Center at

If you are using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain member client computers.

Deploy Client Computer Certificates; Deploy User Certificates

Configure 802.1X wired access clients by using the Group Policy Management extension, Wired Network (IEEE 802.3) Policies.

Configure 802.1X Wired Access Clients by using Group Policy Management

Configure 802.1X authenticating switches as Remote Authentication Dial-In User Service (RADIUS) clients in NPS.

Add a New RADIUS Client and RADIUS Client

Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the switches.

Create a Group for a Network Policy

In NPS, configure one or more network policies for 802.1X switch access.

Add a Network Policy; Create policies for 802.1X Wired or Wireless with a Wizard; and Network Policies