Setting up 802.1x method of MS-CHAPv2

**Conner** · 24-03-2009

hello to all,

I understand the implementation in my company with the 802.1x-MS method CHAPv2, I believe it is:
1) set up a Radius server and then configure IAS accounts in the IAS (correspondence with the active directory),
2) identify the switches as "client radius. then set the radius server (with all the settings that go well),
2) to complete and configure the client (authentication on login / password).

But smaller issues notice in this area:
1) Can I set up any type of Radius server to perform the functionality of an IAS server. For example FreeRadius? Or is it absolutely necessary to install a Microsoft IAS server. And if so I imagine that there is also a cost associated with significant licensing?

2) We have a lot of network printers, how they are integrated in an 802.1x or MS-CHAPv2 authentication is on the couple login / password to Active Directory? Should connect to the switch not configured 802.1x (not great at security) Otherwise how they have access to the LAN?

3) What are the main weaknesses of this method, apart from what is a little on the complexity imposed on users for building their passwords AD.

Thank you in advance for your answers!

**Steve123** · 24-03-2009

1) Yes you can put another server radius. After there are no additional licenses to do so tte IAS met you (unless you have no other windows servers but it surprise me because you have a AD)

2) Generally no 802.1x on printers