Setting Up the RADIUS Client 331Windows 2000 Built-inClientWindows 2000 requires Service Pack 3 and the IEEE 802.1X client patch forWindows 2000.1 Downloaded the patches if required from:http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=6B78EDBE-D3CA-4880-929F-453C695B96372 After the updates have been installed, start the Wireless Authentication Service inComponent Services on the Windows 2000 workstation (set the service to startuptype Automatic).3 Open the Network and Dial up connections folder, right-click the desired NetworkInterface and select Properties.4 Select the Authentication tab and check Enable Network Access Control using IEEE802.1X5 Set Smart Card or Certificate as EAP type and select the previously importedcertificate as shown below.Windows XP Built-inClientThe RADIUS client shipped with Windows XP has a security issue which affects theport authentication operation. If the RADIUS client is configured to use EAP-MD5,after a user logs-off, then the next user to log-on will remain authorized with theoriginal user’s credentials. This occurs because the Microsoft client does notgenerate an EAPOL-Logoff message when the user logs-off, which leaves the portauthorized. To reduce the impact of this issue, decrease the "session-timeout"return list attribute to force re-authentication of the port more often. Alternatively,use a RADIUS client without this security flaw, for example the Aegis clientA patch for the Windows XP RADIUS client may be available from Microsoft sincepublishing this guide.Aegis Client Installation The Aegis Client is a standards-based implementation of IEEE 802.1X and supportsmany different encrypted algorithms such as MD5. It works on different Windowsand Linux operating systems, such as Win XP, 2000, NT, 98, ME, Mac OSX. Detailsof the Aegis client can be found at http://www.mtghouse.com/
