Training
Certifications
Books
Special Offers
Community




 
Microsoft® Windows® XP Professional Resource Kit Documentation
Author Microsoft Corporation
Pages 1744
Disk 1 Companion CD(s)
Level Advanced
Published 10/17/2001
ISBN 9780735614857
Price $59.99
To see this book's discounted price, select a reseller below.
 

More Information

About the Book
Table of Contents
Sample Chapter
Index
Related Series
Related Books
About the Author

Support: Book & CD

Rate this book
Barnes Noble Amazon Quantum Books

 


Chapter 7: Supporting Mobile Users continued


Wireless Networking

With the rapid growth of wireless networking, users can access data from anywhere in the world, using a wide range of devices. Wireless networks offer additional benefits, by reducing or eliminating the high cost of laying expensive fiber and cabling and by providing backup functionality for wired networks. Microsoft® Windows® XP Professional provides extensive support for wireless networking technology so that businesses can extend the capabilities of their enterprise networks to wireless devices.

Wireless networking for Windows XP Professional can be categorized by the size of the area over which data can be transmitted. Wireless Personal Area Networking (WPAN) operates over a small coverage area (approximately 10 meters). Wireless Local Area Networking (WLAN) operates to a larger coverage area (approximately 100 meters). This chapter provides an overview of WPANs and WLANs and describes how you can use the wireless networking support in Windows XP Professional to exchange data over WPANs and WLANS. It does not discuss wireless wide area networks (WWANs) or wireless metropolitan area networks (WMANs).

WPAN

A Wireless Personal Area Network (WPAN) includes data communication technology that allows devices that are in very close proximity to each other to access resources and exchange data, without the use of cables. These devices can automatically create an ad hoc network, an informal network of devices, often by using wireless connectivity. Due to their small size and limited processing power, WPAN devices lend themselves well to ad hoc networking. In an ad hoc network scenario, the wireless devices connect to each other directly rather than through wireless access points, which are used in infrastructure networks. In infrastructure networks, wireless stations (devices with radio network cards, such as portable computers) connect to wireless access points, rather than directly to each other. These access points function as bridges between the devices and the existing network backbone.

The key WPAN technology supported in Windows XP Professional is Infrared Data Association (IrDA). IrDA is a WPAN technology that allows users with infrared-enabled devices to transfer files and images and to establish dial-up network connections and LAN access network connections.

Infrared Data Association

IrDA specifies a networking protocol that allows computers, printers, mobile phones, personal digital assistants, digital cameras, and other devices to exchange information over short distances by using infrared light. Infrared light is electromagnetic radiation covering a spectrum of wavelengths between 850 and 900 nanometers. These wavelengths are somewhat longer than visible light and are invisible to the human eye.

Due to propagation properties of light, a clear line of sight is required between the devices communication by infrared light. The clear line of sight requirement has some advantages (for example, when making a purchase with a mobile device, the required proximity between the devices ensures that you are communicating with the correct payment device), and some drawbacks (for example, you cannot connect a phone in your pocket to a portable computer on a desk) there are numerous clear advantages to using infrared light for communication:

  • Infrared light offers large bandwidth.
  • The exchange of data by means of infrared light is not regulated by the FCC or any other governmental agency.
  • Infrared light does not interfere with radio frequency (RF) wireless networks.
  • All infrared radiation is confined to a room, preventing easy eavesdropping.

IrDA is a short-range, half duplex, asynchronous serial transmission technology. Furthermore, IrDA specifies three distinct modes of transmission for different data transmission rates: Serial Ir (SIR), Fast Ir (FIR), and Very Fast Ir (VFIR). The SIR specification defines a maximum data rate of 115.2 kilobits per second (Kbps). FIR specifies a data rate of 4 megabits per second (Mbps), and VFIR specifies a data rate of 16 Mbps. A number of intermediate speeds are also available. For more information about the intermediate speeds that are available over infrared, see the Windows XP Professional Driver Development Kit (DDK) link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

IrDA User Profiles

The IrDA implementation in Windows XP Professional supports the following five user profiles:

  • File transfer (IrOBEX) enables easy file transfer between IrDA devices.
  • Printing (IrLPT) enables printing directly from IrDA devices to IrDA printers.
  • Image transfer (IrTran-P) enables point-and-shoot one-step image transfer between digital cameras and Windows devices.
  • Dial-up networking (IrCOMM) enables dial-up Internet access through IR-enabled cellular phones.
  • LAN access and peer-to-peer networking (IrNET) enables network access through IR access points or through a direct network connection between two Windows devices.

These supported profiles provide the following advantages:

  • IrDA does not require use of cable. It is impossible to mismatch connectors and wiring with IrDA. The speed and configuration parameters are negotiated transparently at connect time and a common set is used for connection. IrDA at 16 Mbps is compatible with IrDA at 9.6 Kbps. Also, the IrDA connector is completely sealed, inexpensive, and available from multiple vendors.
  • IrDA and WinSock provide a common user-space API. The combination of IrDA and Windows Sockets (WinSock) presents the application programmer with a powerful yet simple Win32® user-space API that exposes multiple, fully error-corrected data streams. Serial and parallel ports are the only other point-to-point technologies that have a commonly available user-space API. IrDA defines rich functionality that does not exist with serial and parallel cables, and it borrows from the very successful client/server connection and programming model defined by the TCP/IP family of protocols and the WinSock APIs.
  • The open protocols of IrDA support other devices. WinSock exposes the IrDA TinyTP protocol to the application writer. A device that implements the TinyTP protocol can easily exchange data with Windows applications.
  • IrDA is uniquely suited for ad hoc point-to-point networking. The core IrDA services are similar to those exposed by the popular TCP protocol. Applications running on two different computers can easily open multiple reliable connections to send and receive data. As with TCP, client applications connect to a server application by specifying a device address (TCP host) and an application address (TCP port). Thus, the combination of IrDA and WinSock supports easy-to-use, zero configuration, ad hoc point-to-point networking.

For more information about installing, configuring, and using IrDA for wireless networking in Windows XP Professional, see "Wireless Networking" in Windows XP Professional Help and Support Center.

WLAN

The primary wireless Local Area Network (WLAN) solution is IEEE 802.11, which is the WLAN standard developed by the Institute of Electrical and Electronics Engineers (IEEE). The IEEE 802.11b specification, recently created and adopted, adds to the groundwork laid by IEEE 802.11. IEEE 802.11a, currently in development, will make further improvements to 802.11b. The IEEE 802.11-defined media access control is also used for the 802.11 extensions, 802.11b and 802.11a. To achieve higher data rates, 802.11b and 802.11a define different physical layer specifications.

802.11

IEEE 802.11 is a shared WLAN standard using the carrier sense multiple access media access control protocol with collision avoidance. The standard allows for both direct sequence and frequency-hopping spread spectrum transmissions at the physical layer. The original 802.11 specification defines data rates of 1 Mbps and 2 Mbps and uses a radio frequency of 2.45 GHz.

802.11b

The major enhancement to IEEE 802.11 by IEEE 802.11b is the standardization of the physical layer to support higher bandwidth. IEEE 802.11b supports two additional speeds, 5.5 Mbps and 11 Mbps, using the same frequency of 2.45 GHz. A different modulation scheme is used in order to provide the higher data rates of 5 Mbps and 11 Mbps. Direct sequence spread spectrum (DSSS) is the physical layer defined in the 802.11b standard.

802.11a

The latest standard, IEEE 802.11a, is currently being developed. This wireless standard operates at a data transmission rate as high as 54 Mbps and uses a radio frequency of 5.8 gigahertz (GHz). Instead of DSSS, which 802.11b uses, 802.11a uses Orthogonal Frequency Division Multiplexing (OFDM). ODFM allows data to be transmitted by subfrequencies in parallel. This provides greater resistance to interference and provides greater throughput. This higher speed technology allows wireless networking to perform better for video and conferencing applications. Because they are not on the same frequencies as Bluetooth or microwave ovens, OFDM and IEEE 802.11a will provide both a higher data rate and a cleaner signal.

802.11 Architecture

The 802.11 architecture contains several main components: station (STA), access point (AP), independent basic service set (IBSS), basic service set (BSS), distribution system (DS), and extended service set (ESS). The wireless STA contains an adapter card, PC Card, or an embedded device to provide wireless connectivity. The AP functions as a bridge between the wireless STAs and the existing network backbone for network access.

An IBSS is a wireless network, consisting of at least two STAs, used where no access to a DS is available. An IBSS is also sometimes referred to as an ad hoc wireless network.

A BSS includes connectivity to the existing network backbone through an AP. A BSS is also sometimes referred to as an infrastructure wireless network. All STAs in a BSS communicate through the AP. The AP provides connectivity to the wired LAN and provides bridging functionality when one STA initiates communication to another STA.

An ESS is where the APs of multiple BSSs are interconnected. This allows for mobility, because STAs can move from one BSS to another BSS. APs can be interconnected with or without wires; however, most of the time they are connected with wires. The DS is the logical component used to interconnect BSSs. The DS provides distribution services to allow for the roaming of STAs between BSSs.

Figure 7.1 shows the 802.11 architecture.

Click to view graphic
Click to view graphic

Figure 7.1   802.11 architecture

The IEEE 802 standards committee defines two separate layers, the Logical Link Control (LLC) and media access control, for the Data-Link layer of the OSI model. The IEEE 802.11 wireless standard defines the specifications for the physical layer and the media access control (MAC) layer and communicates up to the LLC layer.

All of the components in the 802.11 architecture fall into either the media access control layer or the physical layer.

Wireless stations, when entering the range of an access point, choose a wireless access point to associate with. This selection is made automatically by using signal strength and packet error rate information. Next, the wireless station selects the assigned frequency of the access point that it is to begin communicating with. Periodically, the wireless station listens to other access points to determine whether they would provide a stronger signal or a better error rate. If a different access point provides a better signal, the workstation switches to the frequency of that access point. This process is called reassociation.

Reassociation can occur for many different reasons. The signal can weaken because the wireless station moves away from the access point or the access point becomes congested with too much other traffic or interference. The wireless station, by switching to another wireless station, can distribute the load over adjacent access points, increasing the performance of other wireless stations. By using a pattern of overlapping channels, coverage over large areas can be achieved. As a wireless station moves about, it can associate and reassociate from one access point to another, maintaining a continuous connection during transit.

The 802.11 media access control frame, as shown in Figure 7.2, consists of a media access control header, the frame body, and a frame check sequence (FCS). The numbers in Figure 7.2 represent the number of bytes for each field.

Click to view graphic
Click to view graphic

Figure 7.2   802.11 Media access control frame format

802.11 Security

The 802.11 standard provides both authentication and encryption specifications. The standard includes open system and shared key authentication types. Open system authentication is the default authentication algorithm. It involves a two-step process, consisting of an identity assertion and a request for authentication, followed by the authentication result. Shared key supports authentication of an STA either as a member of those stations that know a shared secret key, or as a member of stations that do not. The standard currently assumes that the shared key is delivered to the participating STAs by means of a secure channel that is independent of the IEEE 802.11.

Wireless Equivalent Privacy (WEP) is the encryption specification that is defined by the IEEE 802.11 standard. The intention of WEP security is to provide the same security to a wireless network that is provided on a wired network. In wireless networks, because the data is broadcast using an antenna, the signals can be intercepted, and, if not encrypted, viewed by an intruder to the system.

Although the 802.11 specification does provide both authentication and encryption, it does not define or provide a WEP key management protocol. This is a limitation to IEEE 802.11 security services — especially in a wireless infrastructure network mode with a large number of STAs. The 802.1x draft standard addresses the security limitations of 802.11.

802.11 Authentication

All 802.11 authentication frames have the management frame type and the authentication subtype. The authentication type is determined by the authentication algorithm number field, located in the frame body of the 802.11 media access control frame. An authentication algorithm number value of 0 indicates open system authentication, and a value of 1 indicates shared key authentication. The authentication transaction sequence number field, also located in the frame body of the 802.11 media access control frame, indicates the current status of the authentication process.

Open System Authentication

Open system authentication involves a two-step communication process using plaintext. The authentication-initiating STA sends a frame consisting of an identity assertion and a request for authentication. This has the authentication transaction sequence number field of 1 and the authentication algorithm number value of 0. The authenticating STA then replies to the authentication-initiating STA with the authentication result, which has the authentication transaction sequence number field of 2.

Open system authentication allows all devices that have the authentication algorithm number for open system to authenticate.

Shared Key Authentication

Shared key authentication involves a four-step process using secure or encrypted text by means of WEP. The authentication-initiating STA sends a frame consisting of an identity assertion and a request for authentication. This has the authentication transaction sequence number field of 1. The authenticating STA then responds to the authentication-initiating STA with a frame with the challenge text created by the WEP algorithm and the transaction sequence number field of 2. The authentication-initiating STA then replies to the authenticating STA with the encrypted challenge text created by the WEP algorithm and the transaction sequence number field of 3. The authenticating STA concludes the shared key authentication process by sending the authentication result, which has the transaction sequence number field of 4.

The authentication result is positive if the authenticating STA is able to conclude that the decrypted challenge text matches the challenge text originally sent in the second frame.

802.11 Encryption

Wired networks normally require a physical connection in order to be compromised. In wireless networks, because the data is broadcast using an antenna, the signals can be intercepted, and, if not encrypted, viewed by an intruder to the system. Wireless Equivalent Privacy (WEP) security is intended to provide security that is equivalent to the security of a wired network.

WEP is the encryption standard that is specified by the IEEE 802.11 standard. Privacy is the encryption of data that is transmitted across the wireless network. IEEE 802.11 does not require that the same WEP keys be used by all portable devices. It also allows portable devices to maintain two sets of shared keys: a unicast session key and a multicast/global key. Current IEEE 802.11 implementations primarily support shared multicast/global keys.

WEP provides encryption services to protect authorized users of a wireless LAN from eavesdroppers. WEP functions by encrypting a data frame and its contents. The encrypted information then replaces the formerly unencrypted information. The WEP bit is set in the frame control field portion of the media access control header. This informs the receiving node that the transmission is encrypted. The receiving node unencrypts the encrypted portion of the data frame by using the same encryption scheme. It then places the unencrypted information back into the data frame, recreating the original data frame.

The IEEE 802.11 standard specifies 40-bit secret key encryption with a 24-bit initialization vector (IV). Different vendors utilize other encryption bit lengths, such as 104-bit secret key encryption with a 24-bit IV. The encryption mechanism is a symmetrical cipher that uses the same key for encryption and decryption. The secret key remains constant for a prolonged period. The initialization values are changed periodically, however, based on the degree of privacy required of the WEP algorithm.

The current IEEE 802.11 security option for access control does not scale appropriately in large infrastructure network mode (for example, corporate campuses and public places), or in an ad hoc network mode. A principal limitation to this security mechanism is that the standard does not define a key management protocol for distribution of the keys. This assumes that the secret, shared keys are delivered to the IEEE 802.11 wireless station by means of a secure channel independent of IEEE 802.11. This becomes even more challenging when a large number of stations are involved, such as on a corporate campus.

To provide a better mechanism for access control and security, a key management protocol must be included in the specification. The 802.1x draft standard addresses the key management and security limitations of the 802.11 standard.

802.1x

The 802.1x draft standard defines port-based, network access control used to provide authenticated network access for Ethernet networks. This port-based network access control uses the physical characteristics of the switched LAN infrastructure to authenticate devices attached to a LAN port. Access to the port can be denied if the authentication process fails. While this standard is designed for wired Ethernet networks, it can be applied to 802.11 wireless LANs.

The following terms are specific to the 802.1x draft standard:

  • Supplicant. The entity that requests to be authenticated.
  • Authenticator. The entity that allows access to resources and services on the network.
  • Authentication server. The entity that provides the authentication service for the authenticator. The authentication server checks the credentials of the supplicant on behalf of the authenticator, and indicates in a response to the authenticator whether the supplicant is authorized to access the authenticator's services. The authentication server might be a separate entity, or its functions might be co-located with the authenticator.

The 802.1x draft standard defines two port access control methods for the authenticator: controlled and uncontrolled. Access by means of the controlled port is only allowed to those entities that have been successfully authenticated. Before authentication takes place, all communication goes through the uncontrolled port. The 802.1x authentication process is illustrated in Figure 7.3.

Click to view graphic
Click to view graphic

Figure 7.3   802.1x authentication

When authentication successfully takes place, the supplicant is able to access the LAN resources and services through the controlled port.

PPP Extensible Authentication Protocol

The Point-to-Point Protocol (PPP), as defined in RFC 1661, does not require authentication, but it does provide an optional authentication phase. RFC 2284, PPP Extensible Authentication Protocol (EAP), defines the authentication process for PPP. The 802.1x draft standard lists EAP as the authentication protocol to use for the authentication process between the supplicant and the authentication server. Different EAP types are defined in RFC 2284, such as Message Digest 5 (MD5)-Challenge. Additional EAP types, such as Transport Layer Security (TLS), are also available through follow-up RFCs.

EAP-TLS

EAP-TLS, as defined in RFC 2716, is an EAP type that is used in certificate-based security environments. EAP-TLS is a Secure Channel (SChannel) authentication and encryption protocol, which provides for mutual authentication, integrity-protected cipher-suite negotiation, and key exchange between the two endpoints by means of public-key cryptography.

EAP-MD5

EAP-MD5 uses the same challenge-handshake protocol that is used by the PPP-based Challenge Handshake Authentication Protocol (CHAP), but the challenges and responses are sent as EAP messages. EAP MD5 is intended for prototyping and testing.

RADIUS and 802.1x with 802.11

While providing convenience, wireless networking technologies and wireless APs present the following security risks:

  • Anyone who has a compatible wireless network adapter can gain access to the network.
  • Wireless networking signals use radio waves to send and receive information. Anyone within an appropriate distance to a wireless AP can detect and receive all data sent to and from the wireless AP.

To counter the first security risk, wireless APs must require authentication and authorization of the wireless node before data can be sent to and received from the network attached to the wireless AP. To provide their own authentication and authorization, each WAP would need a user account database with each user's authentication credentials and a set of rules by which authorization is granted. Because this is administratively difficult to manage, modern WAPs are Remote Authentication Dial-In User Service (RADIUS) clients and use the industry standard RADIUS protocol to send a connection request and accounting messages to a central RADIUS server. The RADIUS server has access to a user account database and a set of rules for granting authorization. The RADIUS server processes the wireless AP's connection request and either grants the connection request or rejects it.

To counter the second security risk, the data sent between the wireless nodes and the wireless APs must be encrypted. Therefore, the authentication method used by the wireless node must allow for the determination of encryption keys that are used to encrypt data.

In addition to the security provided by authentication and encryption, using the combination of a RADIUS server and 802.1x in a WLAN also provides key management capabilities.

When using a RADIUS server and 802.1x in a WLAN, it is best if EAP-TLS is used for authentication. This is because the global key used for EAP authentication must be encrypted so that only the STA and AP can read the authentication key. The EAP authentication method used in a WLAN must be capable of generating an encryption key as part of the authentication process, which is possible with EAP-TLS.

If RADIUS is selected and configured as the authentication provider on the remote access server, then user credentials and parameters of the connection request are sent as a series of RADIUS request messages to a RADIUS server such as a computer running Windows 2000 Server and the Internet Authentication Service (IAS).

The RADIUS server receives a user-connection request from the remote access server and authenticates the client against its authentication database. A RADIUS server can also maintain a central storage database of other relevant user properties. In addition to the simple yes or no response to an authentication request, RADIUS can provide other applicable connection parameters for this user — such as maximum session time, static IP address assignment, and so on.

When a RADIUS server is used for authentication in a WLAN, the AP acts as a RADIUS client to the RADIUS server (authenticating server), and acts as the authenticator to the supplicant STA.

The AP and STA must support a multicast/global authentication key, and might also support a per-STA unicast session key. The AP has a process that listens for IEEE 802.1x traffic — both with and without authentication keys.

Windows XP Professional Wireless Support

Windows XP Professional has improved and built upon the wireless support provided in Windows 2000. Windows XP Professional includes support for automatic switching between different APs when roaming, auto detection of a wireless network, and automatic wireless configuration — allowing for zero client configuration. Additional security is also provided by the inclusion of an 802.1x client implementation in Windows XP Professional and the inclusion of wireless device authentication support in the Windows RADIUS server, Internet Authentication Service (IAS).

Roaming

Windows 2000 includes technologies that allow wireless devices to detect the availability of a network and act appropriately. Windows XP Professional enhances this technology to accommodate the transitional nature of a wireless network.

The media sense feature of Windows 2000 is enhanced in Windows XP Professional to allow for detection of a move to a new access point, thus forcing reauthentication in order to ensure appropriate network access. Media sense also allows detection of changes in the IP subnet, so that an appropriate address can be used in order to ensure optimum resource access.

Multiple IP address configurations (DHCP assigned or static) can be made available on a Windows XP Professional system and the appropriate configuration automatically chosen. When an IP address change occurs, Windows XP Professional allows for additional reconfiguration to occur, if necessary. For example, IE proxy settings can be redetected. By means of Windows Sockets extensions, applications that can be configured to be network aware (such as firewalls or browsers) can be notified of changes in network connectivity and can update their behavior based on these changes. The auto-sensing and reconfiguration effectively negates the need for a mobile IP to act as a mediator and solves most of the problems users face when roaming between networks.

When a station is roaming from access point to access point, information about the state of the station, as well as other information, must be moved along with it. This includes station location information for message delivery and other attributes of the association. Rather than recreate this information upon each transition, one access point can pass the information to the new access point. The protocols to transfer this information are not defined in the standard, but several wireless LAN vendors have jointly developed an Inter-Access Point Protocol (IAPP) for this purpose, further enhancing multivendor interoperability.

Zero Client Configuration

Automatic wireless network configuration and 802.1x authentication are selected by default. When automatic wireless configuration is enabled on your computer, you can roam between different WLANs without having to reconfigure the network connection settings on your computer for each location. These Windows XP Professional technologies allow for zero client configuration.

Zero configuration is a client-based user identification method. Zero configuration allows wireless devices to work in different modes without the need for configuration changes after the initial configuration. The zero configuration initiative automatically provides the IP address, the network prefix, the gateway router location, the DNS server address, the address of a RADIUS or IAS server, and all other necessary settings for the wireless device. It also provides security features for the client.

Zero configuration allows a wireless device to function in different environments, such as work, the airport, and home, without any user intervention. Zero configuration uses the Windows XP Professional user interface when attempting to connect wireless devices. The order of preference for zero configuration IEEE 802.11 connection using IEEE 802.1x authentication is infrastructure before ad hoc mode, and computer authentication before user authentication. You can change the default settings to allow, for example, guest access, which is not enabled by default.

WEP authentication attempts to perform an IEEE 802.11 shared key authentication if the network adapter has been preconfigured with a WEP shared key. In the event that authentication fails or the network adapter is not preconfigured with a WEP shared key, the network adapter reverts to the open system authentication.

The IEEE 802.1x security enhancements are available in Windows XP Professional. Wireless network adapters and access points must also be compatible with IEEE 802.1x for an IEEE 802.1x deployment.

Network Adapter Support

Microsoft partnered with 802.11 network adapter vendors to improve the roaming experience by automating the process of configuring the network adapter to associate with an available network.

The wireless network adapter and its Network Driver Interface Specification (NDIS) driver need to do very little beyond supporting some new NDIS Object Identifiers (OIDs) used for the querying and setting of device and driver behavior. The network adapter scans for available networks and passes those to Windows XP Professional. The Windows XP Professional Wireless Zero Configuration service then takes care of configuring the network adapter with an available network. If there are two networks covering the same area, the user can configure a preferred network order and the computer will try each network in the order defined until it finds one that is active. It is even possible to limit association to only the configured, preferred networks.

If an 802.11 network is not found nearby, Windows XP Professional configures the network adapter to use ad hoc networking mode. It is possible for the user to configure the wireless network adapter either to disable or be forced into ad hoc mode.

These network adapter enhancements are integrated with security features so that if authentication fails another network will be located to attempt association with.

Automatic Wireless Configuration

Automatic wireless configuration supports the IEEE 802.11 standard for wireless LANs (WLANs) and minimizes the configuration required to access WLANS. When automatic wireless configuration is enabled on your computer, you can roam between different WLANs without having to reconfigure the network connection settings on your computer for each location. Whenever you move from one location to another, automatic wireless configuration scans for an available WLAN in the new location, configures your network adapter card to match the settings of that WLAN, and attempts to access that WLAN. When several WLANs are available in the same location, you can create a list of preferred WLANs and define the order in which access to each is attempted. You can also specify that if an access attempt to a preferred WLAN fails, an attempt will be made to access any visible (available) WLAN of the same type.

To set up automatic wireless configuration

  1. Open Network Connections.
  2. Right-click the connection for which you want to set up automatic wireless network configuration, and then click Properties.
  3. On the Wireless Networks tab, do one of the following:
    • To enable automatic wireless network configuration for this connection, select the Use Windows to configure my wireless network settings check box. This check box is selected by default.
    • To disable automatic wireless network configuration for this connection, clear the Use Windows to configure my wireless network settings check box.

  4. The list of available wireless networks detected by automatic wireless network configuration appears under Available networks. To make changes to the Preferred networks list, do the following:
    • To add an available wireless network to the Preferred networks list for this connection, under Available networks, click the network that you want to add, and then click Configure.
    • To add a new wireless network to the Preferred networks list for this connection, under Preferred networks, click Add, and in Wireless Network Properties, specify the network name (Service Set Identifier), wireless network key (Wired Equivalent Privacy) settings, and whether the network is a computer-to-computer (ad hoc) network.
    • To change the order in which connection attempts to preferred networks are made for this connection, under Preferred networks, click the wireless network that you want to move to a new position on the list, and then click Move up or Move down.
    • To remove a wireless network from the list of preferred networks for this connection, under Preferred networks, click the wireless network that you want to remove, and then click Remove.

  5. To refine the type of wireless network to access, click Advanced, and then click the network type that you want. For example, if you want to make a computer-to-computer (ad hoc) connection, and if both computer-to-computer and access point (infrastructure) networks are within range of your computer, click Computer-to-computer (AdHoc) networks only.

To set up 802.1x authentication

  1. Open Network Connections.
  2. Right-click the connection for which you want to enable or disable IEEE 802.1x authentication, and then click Properties.
  3. On the Authentication tab, do one of the following:
    • To enable IEEE 802.1xx authentication for this connection, select the Network access control using IEEE 802.1X check box. This check box is selected by default.
    • To disable IEEE 802.1xx authentication for this connection, clear the Network access control using IEEE 802.1X check box.

  4. In EAP type, click the Extensible Authentication Protocol type to be used with this connection.
  5. If you select Smart Card or other Certificate in EAP type, you can configure additional properties if you click Properties and, in Smart Card or other Certificate Properties, do the following:
    • To use the certificate located on your smart card for authentication, click Use my smart card.
    • To use the certificate located in the certificate store on your computer for authentication, click Use a certificate on this computer.
    • To verify that the server certificate presented to your computer is still valid, select the Validate server certificate check box, specify whether to connect only if the server is located within a particular domain, and then specify the trusted root certification authority.
    • To use a different user name when the user name in the smart card or certificate is not the same as the user name in the domain to which you are logging on, select the Use a different user name for the connection check box.

  6. To specify whether the computer attempts authentication to the network if a user is not logged on and/or if the computer or user information is not available, do the following:
    • To specify that the computer attempt authentication to the network if a user is not logged on, select the Authenticate as computer when computer information is available check box.
    • To specify that the computer attempt authentication to the network if user information or computer information is not available, select the Authenticate as guest when user or computer information is unavailable check box.

To connect to an available wireless network

  1. Right-click the network connection icon in the notification area and then click View Available Wireless Networks.
  2. In Connect to Wireless Network, under Available Networks, click the wireless network that you want to connect to.
  3. If a network key is required for Wired Equivalent Privacy (WEP), do one of the following:
    • If the network key is automatically provided (for example, the key is stored on the wireless network adapter given to you by your administrator), leave Network Key blank.
    • If the network key is not automatically provided for you, in Network key, type the key.

  4. Click Connect.
  5. To configure additional wireless network connection settings, or if you are having difficulty making a connection to the wireless network that you selected, click Advanced, and then configure the settings in the Wireless Networks tab.

For more information about zero client configuration for wireless network clients in Windows XP Professional, see "Wireless Networking" in Windows XP Professional Help and Support Center.


Previous   |  Table of Contents   |   Next



Last Updated: October 3, 2001
Top of Page