When learning 802.1X (wired or wireless) in the lab, I recommend starting with Windows NPS—it can be easily enabled on any Microsoft server platform at no additional charge, uses vendor-neutral standard RADIUS attributes by default, and doesn't have a ton of other vendor-specific NAC features you need to sift through such as profiling, posturing, and third-party integrations.

Most products, including NPS, will have an option to configure 802.1X policies using a wizard or walk-through, which I highly recommend on all platforms. The information here and in Chapter 3 will guide you through adjustments to the default policies to meet your needs.

The section “Planning Enterprise (802.1X) Secured SSIDs” in Chapter 2, “Understanding Technical Elements,” includes a short list of six (plus some optional) components required for 802.1X in Wi-Fi. This content expands on that with explanations of the discrete configurations for each of the components. That was your list of raw materials needed and here's your instruction booklet for how to build your secure network with those pieces.

Wi-Fi Infrastructure That Supports Enterprise (802.1X) SSID Security Profiles

The first and most obvious requirement is a Wi-Fi product that supports the WPA Enterprise (802.1X) security profiles for SSIDs. This isn't a problem for any enterprise-grade products; they'll all support WPA2- and/or WPA3-Enterprise security, but it's unlikely to find this ...