The Radius Server enables 802.1x wireless access points to enforce authentication via WPA/WPA2 Enterprise. WPA2 Enterprise wireless networking provides an optimal level of network authorization by requiring each wireless device to authenticate with unique credentials of an authorized user rather than a shared password. Users can be authenticated against Local Users or Active Directory via the RADIUS Proxy.
To configure Wi-Fi authentication using WPA/WPA2 Enterprise, you need to consult the documentation for your wireless access point. The following parameters may be necessary to configure WPA/WPA2 Enterprise for your access point.
- RADIUS Server IP address - the IP address of your Untangle server on the same LAN segment as your wireless access point.
- RADIUS port number - the Untangle RADIUS authentication server listens on port 1812.
- RADIUS accounting port - the Untangle RADIUS accounting server listens on port 1813. This parameter is optional and may not be supported or configurable on some access points. RADIUS accounting is used by the access point to inform the Untangle server about login and logout activities of each authenticated user and their associated device address.
- Shared Secret - the shared secret may also be called a password or key and is used to authorize communication between the access point and the Untangle RADIUS server.
To enable support for WPA/WPA2 Enterprise authentication, select Enable external access point authentication and assign a strong RADIUS password.
When clients connect to the wireless network, they must install the root certificate of your server. See Certificates. Most devices supporting WPA/WPA2 Enterprise authentication prompt the user to install the certificate when joining the network for the first time.