RADIUS For Your Small Wireless Network

Photo of author

SNB CC Team

This article is sponsored by Edimax.

Edimax RADIUS

RADIUS provides an extra measure of security in a wireless LAN by requiring user-based authentication. However, it typically requires a special server to be set up and configured, which puts it beyond the reach of many home and small-business users.

However, Edimax has built a RADIUS server into its Pro line of access points [reviewed], bringing higher security within reach for even small to mid-sized wireless networks.

This How-To will show you how to configure RADIUS in an Edimax Pro access point in both standalone and controller modes. We will also cover configuring a Windows wireless connection to use RADIUS.

Standalone AP Mode

Below are the steps for an Edimax Pro WAP1750 in AP Mode. Note, values in bold italic are your choice. Configurations start with default settings. The gallery below shows screenshots for each step.

Edimax AP Mode

Edimax AP Mode
  1. Wireless Settings – 2.4GHz – Basic. SSID1 = RADIUSWiFi5. Click Apply.
  2. Security: Set Authentication Method = WPA-EAP; WPA Type = WPA/WPA2 mixed mode-EAP; Encryption Type = TKIP/AES mixed mode. Click Apply. Repeat steps 1 and 2 for 5GHz.
  3. RADIUS Settings: On RADIUS Settings screen, set RADIUS Server for both radios to Internal. Click Apply.
  4. RADIUS Internal Server: Set Internal Server = Enable; Shared Secret = Test1; Termination-Action = Reauthenication [sic]. Click Apply.
  5. RADIUS Accounts: Enter User Name = user1. Click Add.
  6. RADIUS Accounts: Select user1, click Edit, enter password = test123. Click Apply.

Step 1: Create SSID

Wireless Settings – 2.4GHz – Basic. SSID1 = RADIUSWiFi5. Click Apply.

Step 2: Security

Set Authentication Method = WPA-EAP; WPA Type = WPA/WPA2 mixed mode-EAP; Encryption Type = TKIP/AES mixed mode. Click Apply. Repeat steps 1 and 2 for 5GHz.

Step 3: RADIUS Settings

On RADIUS Settings screen, set RADIUS Server for both radios to Internal. Click Apply.

Step 4: RADIUS Internal Server

Set Internal Server = Enable; Shared Secret = Test1; Termination -Action = Reauthenication [sic]. Click Apply.

Step 5: RADIUS Accounts

Enter User Name = user1. Click Add.

Step 6: RADIUS Accounts

Select user1, click Edit, enter password = test123. Click Apply.

Standalone AP mode

Controller Mode

You can also use the internal RADIUS server in Controller Mode. I used an Edimax Pro CAP1200 in Controller Mode with two WAP1750s in Managed Mode. Prior to entering the RADIUS configs, I defaulted all devices and used the Edimax configuration Wizard to get the Edimax Pro network up and running. Again, values in bold italic are your choice. The gallery below shows screenshots for each step. These settings are all done on the NMS Settings page in the AP that is in Controller mode.

Edimax AP Controller Mode

Edimax AP Controller Mode
  1. On RADIUS > Internal RADIUS Server: Click Add, Name = RADIUS-Doug; Shared Secret = Test1 ; Termination-Action = Reauthenication [sic] Click Apply.
  2. On RADIUS > RADIUS Account: Click Add, User Name = user1, Click Add.
  3. Set Password =test123, Click Apply.
  4. On Select RADIUS > RADIUS Group: Click Add, Group Name = RADIUSGroupDoug, set 2.4GHz and 5.0GHz RADIUS Primary = RADIUS-Doug, check the box next to user1. Click Apply.
  5. On NMS Settings> WLAN> WLAN : Click Add, Name/ESSID = RADIUSWiFi6, Authentication Method = WPA-EAP, WPA Type = WPA/WPA2 mixed mode-EAP, Encryption Type = TKIP/AES Mixed Mode, Click Apply.
  6. On WLAN> WLAN Group: Select and Edit Wizard WLAN Group 1.
  7. On WLAN> WLAN Group: Select RADIUSWiFi6 and click Apply.
  8. On Access Point> Access Point Group: Select and Edit Wizard AP Group 02.
  9. Scroll to Profile Group Settings, RADIUS Group, click Override Group Setting, select RADIUSGroupDoug, Click Apply.
  10. Reboot Controller and APs. Note, you must reboot after adding user accounts!

Step 1: Create SSID

Wireless Settings – 2.4GHz – Basic. SSID1 = RADIUSWiFi5. Click Apply.

Step 2: Security

Set Authentication Method = WPA-EAP; WPA Type = WPA/WPA2 mixed mode-EAP; Encryption Type = TKIP/AES mixed mode. Click Apply. Repeat steps 1 and 2 for 5GHz.

Step 3: RADIUS Settings

On RADIUS Settings screen, set RADIUS Server for both radios to Internal. Click Apply.

Step 4: RADIUS Internal Server

Set Internal Server = Enable; Shared Secret = Test1; Termination -Action = Reauthenication [sic]. Click Apply.

Step 5: RADIUS Accounts

Enter User Name = user1. Click Add.

Step 6: RADIUS Accounts

Select user1, click Edit, enter password = test123. Click Apply.

Controller mode

Windows RADIUS Setup

Most operating systems support WLAN RADIUS authentication. Below are the steps for Windows. Windows 7 and Windows 8 are the same after Step 1.

Windows

Windows
  1. Windows:
    • Windows 7 = Control panel> Network and Sharing Center> Manage wireless networks> Add> Manually create network profile.
    • Windows 8 = Control panel> Network and Sharing Center> Setup new connection or network> Manually connect to wireless network> Next.
  2. Enter SSID, Security Type = WPA2-Enterprise Click Next.
  3. Click Change connection settings.
  4. Select Security tab. Click Settings
  5. Uncheck Verify the server’s identity…, leave Enable Fast Reconnect checked.
  6. On same screen, click Configure and uncheck Automatically use my Windows Logon… in the EAP MSCHAPv2 Properties window. Click OK then OK again.
  7. Click Advanced, Click Specify authentication mode, select User authentication and Click OK, OK again. Close window.

Step 1: Create SSID

Wireless Settings – 2.4GHz – Basic. SSID1 = RADIUSWiFi5. Click Apply.

Step 2: Security

Set Authentication Method = WPA-EAP; WPA Type = WPA/WPA2 mixed mode-EAP; Encryption Type = TKIP/AES mixed mode. Click Apply. Repeat steps 1 and 2 for 5GHz.

Step 3: RADIUS Settings

On RADIUS Settings screen, set RADIUS Server for both radios to Internal. Click Apply.

Step 4: RADIUS Internal Server

Set Internal Server = Enable; Shared Secret = Test1; Termination -Action = Reauthenication [sic]. Click Apply.

Step 5: RADIUS Accounts

Enter User Name = user1. Click Add.

Step 6: RADIUS Accounts

Select user1, click Edit, enter password = test123. Click Apply.

Windows RADIUS configuration

Windows 7 has a graphical utility under Manage wireless networks for displaying configured Wi-Fi profiles, which enables you to edit or delete a Wi-Fi profile. Windows 8 uses the command line to list configured Wi-Fi profiles with netsh wlan show profiles and delete a Wi-Fi profile with netsh wlan delete profile name=”SSID name".

Fortunately, Windows 8.1 restored an easier to use method. Click on the network icon in the System Tray to bring up the Networks panel, click on View Connection Settings, then Manage known networks in the next screen that opens. The image below is a composite of the two screens of interest.

Windows 8.1 wireless network management

Windows 8.1 wireless network management

You’ve now configured a RADIUS-authenticated Wi-Fi profile. When you attempt to connect, you’ll be prompted for your RADIUS user name and password. Entering those credentials will connect you to your RADIUS authenticated Wi-Fi network.

Related posts

How To: Wireless LAN Performance Improvement

Probably the most frequently asked question about wireless LANs is how to improve their performance. Although the focus is usually on improving range, what people many times want is to get a better (or any!) wireless connection from a specific location in their home or small office.

How We Test Wireless Adapters & Bridges

We have a new standardized method for testing wireless adapters and bridges.

How To: Adding Internal Wireless LAN to a Notebook

Today's notebooks all come with the ability to host an internal wireless LAN card. But cost-sensitive buyers may choose to forego that option and later regret it. But as long as you're willing to do some homework, our How To shows that it's not that hard to add a WLAN card yourself.