Blue Light
Space shortcuts
Child pages
  • 802.1X secured wifi installation

Versions Compared

Old Version 85

changes.mady.by.user Dyuman

Saved on

compared with

New Version 86

changes.mady.by.user Dyuman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

These are the settings that usually need to be configured, on dual-band routers it might be necessary to configure some of the settings twice, once under the settings for the 2.4GHz SSID and once for the 5GHz SSID:

  • SSID - SSID of choice
  • Channels - '@@@'
  • Network security type: WPA2 Enterprise
  • WPA type: Set to either Auto or WPA2
  • WPA encryption: Set to either Auto or AES
  • RADIUS server IP - 192.168.9.1
  • RADIUS server port - 1812
  • RADIUS server secret/password - Password chosen in clients.conf for this particular NAS
  • IP address - IP address needs to match IP mentioned in clients.conf
  • Disable DHCP
  • Some models: Reauthentication period - Specify to something equal to or greater than the Session-Timeout specified in /etc/freeradius/3.0/sites-available/default. Some NASes interpret 0 as disabling re-authentication, and might then also ignore any value mentioned by the FreeRADIUS Session-Timeout / Termination-Action attributes.
  • Secure password - Choose a secure password for accessing the NAS web (or other) interface. It is important as it controls access to the wireless security settings, and the web (or other) interface is reachable by supplicants connected to the network.
  • Some models: Operation mode - Some NASes have an Operation mode setting, which sets/locks some settings to defaults that are appropriate for different kinds of uses, e.g. "DSL Router", "Wireless Router", "Wireless Access Point". This varies by model, but usually something like "Wireless Access pointPoint" is a good first choice, if available, alternatively "Wireless routerRouter"

TP-Link Archer C20 v4 00000004

In this model, the "Reauthentication period" setting is not available, but the router does honor the timeout specified by the RADIUS server. Operation mode can be set to "Wireless Access Point" '@@@'. All other settings should be set as mentioned above. This is a dual band router and some settings need to be set in two places, once for each SSID.

TP-Link TD-W8968 V4 0x00000001

In this model, the "Reauthentication period" setting is available as "Network Reauth Period" '@@@'Re-auth Interval", and the router does honor the timeout specified by the RADIUS server overriding the setting specified here if it is lower '@@@'. Operation mode can be set to "Wireless Router Mode" '@@@'. All other settings should be set as mentioned above. '@@@' some more settings

TP-Link TL-WR740N v4 00000000

In this model, the "Reauthentication period" setting is not available, and the router does not honor the timeout specified by the RADIUS server. Judging by the source code of the very old version of hostapd running on this router, it is believed (but not tested) that, once authenticated, the router might allow the supplicant to continue being part of the network for up to twelve hours without querying the RADIUS server again. No operation mode setting is available '@@@'. All other settings should be set as mentioned above.

...