Home > Wireless LAN > Encryption and Authentication > Configuring Windows and Mac OS clients for use with 802.1X and Meraki-hosted RADIUS

Configuring Windows and Mac OS clients for use with 802.1X and Meraki-hosted RADIUS

Windows XP

The following steps will configure a Windows XP client to use 802.1X with Meraki-hosted RADIUS (NOTE:  these are instructions for the 802.1X with Meraki-hosted RADIUS only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

  1. Switch to a network other than the one you want to configure (otherwise Windows will not retain your changes).
  2. Go to Control Panel -> Network Connections -> Wireless Network Connection
  3. Click on Properties, go to "Wireless Networks" tab
  4. Find the network name under the "Preferred Networks" list, click Properties, click Authentication tab.
  5. For "EAP type", choose PEAP. (The default is "smart card or other certificate" which will not work).
  6. Still on the Authentication tab, uncheck the "Authenticate as computer when computer information is available" box.
  7. Click Properties under PEAP.
  8. Under 'Trusted Root Certification Authorities', scroll down to "UTN-USERFirst-Hardware" and check that box.
  9. Still under 'Trusted Root Certification Authorities', scroll down to "Go Daddy Class 2 Certification Authority" and/or "http://www.valicert.com" and check those boxes.
  10. Make sure the "do not prompt user to authorize new servers...." box is unchecked.
  11.  Under "select authentication method", make sure that "EAP-MSCHAPv2" is selected. Click the "configure" button next to it, and uncheck the "Automatically use my Windows logon name..." box.
  12. Click OK to close all the open dialog boxes.

Windows Vista

The following steps will configure a Windows Vista client to use 802.1X with Meraki-hosted RADIUS (NOTE:  these are instructions for the 802.1X with Meraki-hosted RADIUS only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

  1. Go to Start and enter "Network and Sharing Center".
  2. Click "Set up a connection or network".
  3. Click "Manually connect to a wireless network".
  4. Enter the SSID (case sensitive).
  5. Choose WPA2-Enterprise and AES.
  6. Check "Start this connection automatically" and "Connect even if the network is not broadcasting" (for hidden SSIDs).
  7. On the next screen, choose "Change connection settings".
  8. On the Connection tab, check only the boxes "Connect automatically when this network is in range" and "Connect even if the network is not broadcasting" (for hidden SSIDs).
  9. On the Security tab, make sure "WPA2-Enterprise" and "AES" are selected as well as "Microsoft: Protected EAP (PEAP)". Click Settings.
  10. Uncheck "Validate server certificate".
  11. Click "Configure" and uncheck "Automatically use my Windows logon name and password (and domain if any)". Click OK three times.
  12. Now click "Connect to network", select your SSID from the list, and "Enter/select additional log on information".
  13. Here you enter the username and password which are configured on the Configure->Users page on the dashboard. Click OK.
  14. You should now be successfully connected.

Windows 7

The following steps will configure a Windows 7 client to use 802.1X with Meraki-hosted RADIUS (NOTE:  these are instructions for the 802.1X with Meraki-hosted RADIUS only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

  1. Click the "Start" menu. 
  2. Navigate to Control Panel>Network and Internet>Network and Sharing Center>Manage Wireless Networks.
  3. Click "Add".
  4. Select "Manually create a network profile".
  5. Enter the SSID name in the "Network name:" field.
  6. Select "WPA2-Enterprise" in the "Security type:" drop down.
  7. Select your encryption type from the "Encryption type" drop down.
  8. Click "Next".
  9. When "Successfully added" appears "Click Change connection settings".
  10. Select the "Security" tab.
  11. Click the "Advanced settings" button.
  12. On the "802.1x settings" tab, check the box "Specify authentication mode" and choose "User Authentication" from the drop down.
  13. Click "OK".
  14. Back on the "Security" tab, make sure "Choose a network authentication method" is set to "EAP (PEAP)" and then click the "Settings" button.  
  15. For "Protected EAP Properties" uncheck "Validate server certificate" or if you choose to validate server certificate make sure "Go Daddy Class 2 Certification Authority" and/or "http://valicert.com" is checked in the "Trusted Root Certification Authorities" list.
  16. Click the "Configure" button.
  17. Uncheck "Automatically use my Windows logon name".
  18. Click "OK" to close all the open dialog boxes.

Windows 8

Unlike previous versions of the OS, Windows 8 will not attempt to automatically use local credentials for wireless connections. As such, associating with an 802.1x-protected SSID consists of simply connecting to the network, as outlined below:

  1. Navigate to the Desktop.
  2. Select the wireless network icon on the lower-right hand of the screen.
  3. Select the intended SSID on the right.
  4. Check/uncheck the Connect automatically option as intended, and press Connect.
  5. Enter the email address and password of the Meraki RADIUS user, in the User name and Password fields respectively.
  6. Select Connect.
  7. If prompted about a certificate warning, select Connect again.

Apple OSX

The following steps will configure a Macintosh client to use 802.1X with Meraki-hosted RADIUS (NOTE:  these are instructions for the 802.1X with Meraki-hosted RADIUS only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

  1. Go to System Preferences => Network => AirPort => Advanced => 802.1X
  2. Click the "+" button in the lower left corner of the screen to add a new user profile
  3. Enter your user name and password given to you by your network administrator into the fields to the right.
  4. Select your network from the drop down list of menus
  5. Make sure TTLS and PEAP checkboxes are selected
  6. Click "OK"
  7. You should now be able to connect to the network.
You must to post a comment.
Last modified
10:51, 19 May 2015

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 2115

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case