Configuring EAP-TTLS + PAP Authentication on Windows 8 and 10
The following steps outline how to configure a Windows 8 or 10 device to authenticate to a Meraki wireless network configured to use WPA2-Enterprise 802.1X with Google Auth:
- In Windows, navigate to the Network and Sharing Center:
- Click Set up a new connection or network.
- Select Manually connect to a wireless network:
- Enter information for the wireless network:
- Specify your SSID name.
- Select WPA2-Enterprise as the security type:
- After the new WiFi configuration is successfully added, click Change connection Settings to open the connection properties:
- Go the the Security tab under the connection properties page.
- Choose Microsoft: EAP-TTLS as the authentication method.
- Click Settings:
- Select PAP as the non-EAP method for authentication:
Note that it is generally best practice for end user security to set up Server certificate validation, which requires some additional client side configurations. Those steps will vary based on your environment's server configuration, and as such, they are not outlined here. If Server certificate validation is not configured, Enable identity privacy should be checked to maintain end user security, preventing user credentials from being sent in plain text to a potentially untrusted server.
- Close the TTLS Properties window, then select Advanced Settings:
- Check Specify authentication mode
- Select User authentication
- Click Save credentials
- Enter the user’s credentials
