Skip to content

Wi-Fi 802.1x Configuration

Enterprise Wi-Fi is currently only supported on gateways running our generic profiles. The following is a list of currently supported 802.1x authentication methods.

TTLS-MSCHAPv2

  1. Set up gateway Wi-Fi as described in the Wi-Fi configuration guide.
  2. Ensure Wireless Security is set to WPA2/WPA3-Enterprise Alt text
  3. select the 802.1x tab
  4. Set Enteprise EAP -> TTLS
  5. Set Inner Authentication -> MSCHAPV2
  6. Set Identity (Username)
  7. Set Password
  8. Press 'Apply'

The configuration should look like the following: Alt text

PEAP-MSCHAPv2

  1. Set up gateway Wi-Fi as described in the Wi-Fi configuration guide.
  2. Ensure Wireless Security is set to WPA2/WPA3-Enterprise Alt text
  3. select the 802.1x tab
  4. Set Enteprise EAP -> PEAP
  5. Set Inner Authentication -> MSCHAPV2
  6. Set Identity (Username)
  7. Set Password
  8. Press 'Apply'

The configuration should look like the following: Alt text

EAP-TLS

To connect via EAP-TLS you will need the following items in unencrypted PEM format:

  • Certificate Authority (CA) Certificate
  • Client Certificate + Private Key (PKCS8)

Enrolling secrets in the Keystore service.

  1. Navigate to Security under the System tab.
  2. Under the Keystore Configuration add a new keystore, and keep note of the name. Adding a new keystore
  3. After the Keystore is created, be sure to change the path to a persistent directory. Alt text
  4. Navigate to the Certificate List and create a new Certificate. Insert the PEM and Apply, keep note of the name. add certificate
  5. Now press add and create a new Private Key. Insert both the certificates in the PEM in the dialogue and press apply. keep note of the name. Alt text

Wifi Setup

  1. Set up gateway Wi-Fi as described in the Wi-Fi configuration guide.
  2. Ensure Wireless Security is set to WPA2/WPA3-Enterprise. Alt text
  3. Select the 802.1x tab.
  4. Set Enteprise EAP -> TLS.
  5. Set Identity (Username).
  6. Set Keystore Pid to the name of the keystore created above.
  7. Set Certificate Authority Certificate (CA-Cert) to the name of the certificate created above.
  8. Set the Client Private Key to the name of the Private Key created above.

When completed the Wi-Fi configuration should look like the following: tls-configuration