Skip to main content

 

Cisco Meraki Documentation

Enabling WPA2-Enterprise in Windows

It is important to manually configure WPA2-Enterprise for your wireless network profile in Windows. You must not be in the process of associating to the SSID because the configurations will not save correctly. Follow the steps below to configure WPA2-Enterprise:

Windows Vista/7

  1. In Windows, navigate to Control Panel > Network and Internet > Network and Sharing Center.
  2. Click Manage Wireless networks.
  3. Click Add.
  4. Choose Manually create a network profile.
    Screenshot of Manually connect to a wireless network and the option for how do you want to add a network and the selected option is Manually create a network profile.png
     
  5. On the next page, enter the following:
    • Network name: This is the SSID name. It is case sensitive.
    • Security type: Choose WPA2-Enterprise.
    • Encryption type: Choose AES.
    • Check Start this connection automatically if you want Windows to connect to this network automatically.
    • Check Connect even if the network is not broadcasting if the SSID is hidden and you want Windows to connect to this network automatically.
       
  6. Click Next.
    Screenshot of manually connect to a wireless network to enter information of the wireless network you want to add like network name, security type, encryption type, security key.png
    Note: If the RADIUS server has a certificate that may not be trusted by the wireless client or is not a member of the domain in which the RADIUS server resides, on the "Successfully added" page, click Change connection settings.
     
  7. Choose the Security tab.
     
  8. Click Settings.
     
  9. Uncheck Validate server certificate if the wireless client may not trust the RADIUS server certificate.
    Screenshot of Protected EAP Properties and the Add Trust External CA Root is highlighted and for authentication method secured password (EAP-MSCHAP v2) has been chosen along with Enable Fast Reconnect box is check with a check mark.png
  10. For the Authentication Method, choose EAP-MSCHAP v2.
     
  11. Click Configure.
     
  12. Uncheck Automatically use my Windows logon on name and password if the computer is not on the domain.
    Screenshot of the EAP MSCHAPv2 Properties popup window showing when connecting check the box for Automatically use my Windows logon name and password (and domain if any).png
  13. Click OK.
    Note: It may be required to specify user or computer authentication based on whether the client is part of the domain or if machine or user authentication is a condition of the RADIUS policy.

    To choose user or computer authentication, from the Security tab,
    1. Click Advanced settings.
    2. Select the 802.1X settings tab.
    3. Check Specify authentication mode.
    4. Choose User or computer authentication. Or choose an alternate option if required.
      Screenshot of Advanced settings with tab 802.1X settings showing with check mark next to the option Specify authentication mode and the toggle option was chosen is User or computer authentication.png
    5. Click OK to close out.
       

Windows 10/11

  1. Navigate to Control Panel > Network and Sharing Center.
  2. Click Set up a new connection or network.
  3. Select Manually connect to a wireless network.
    Screenshot of Set Up a Connection or Network where you choose a connection option and the Manually connect to a wireless network, Connect to a hidden network or create a new wireless profile is selected from the options listed.png

     
  4. On the next page, enter the following:
    1. Network name: This is the SSID name. It is case sensitive.
    2. Security type: Choose WPA2-Enterprise.
    3. Encryption type: Choose AES.
    4. Check Start this connection automatically if you want Windows to connect to this network automatically.
    5. Check Connect even if the network is not broadcasting if the SSID is hidden and you want Windows to connect to this network automatically.
       
  5. Click Next.
    Screenshot of manually connect to a wireless network to enter information of the wireless network you want to add like network name, security type, encryption type, security key.png

     
  6. Click Change connection settings.
    Screenshot of manually connect to a wireless network stating successfully added WPA2-Meraki or Change Connection settings arrow.png

     
  7. Choose the Security tab.
     
  8. Click Settings.
    Screenshot of WPA2-Meraki Wireless Network Properties security tab where the red box is around the settings for choose a network authentication method and Microsoft: Protected EAP (PEAP) is selected from the toggle option.png

    Note: Make sure that Microsoft: Protected EAP (PEAP) has been selected under 'Choose a network authentication method:'
     
  9. Uncheck Verify the server's identity by validating the certificate if the wireless client may not trust the RADIUS server certificate
    Screenshot of Protected EAP Properties when connecting red box is highlighting the box Verify the server's identity by validating the certificate and the Trusted Root Certification Authorities AAA Certificate Services is highlighted in blue while the Select Authentication Method has Secured password (EAP-MSCHAP v2) chosen with the box checked for Enable fast Reconnect.png
    Note: Make sure that Secured password (EAP-MSCHAP v2) has been selected under 'Select Authentication Method:'
     
  10. Click Configure...
     
  11. Uncheck Automatically use my Windows logon name and password (and domain if any) if the computer is not on the domain.
    Screenshot of the EAP MSCHAPv2 Properties popup window showing when connecting check the box for Automatically use my Windows logon name and password (and domain if any).png
     
  12. Click OK.
    Note: It may be required to specify user or computer authentication based on whether the client is part of the domain or if machine or user authentication is a condition of the RADIUS policy.
     
  13. Back at the security tab, click on Advanced settings.
    Screenshot of Security tab for the WPA2-Meraki Wireless Network Properties showing the red box around the Advanced Settings button.png

     
  14. Check 'Specifiy authentication mode:' 
    Screenshot of Advanced settings tab of 802.1X settings with the red box highlighted around the check mark box Specify authentication mode.png

     
  15. Click Ok.
     

Note: Your computer will use your Windows logon credentials and domain unless you uncheck the box as shown in the Step 12 screenshot.

  1. WPA2-Enterprise with 802.1X Authentication
    https://documentation.meraki.com/MR/Encryption_and_Authentication/Wireless_Encryption_and_Authentication_Overview
     
  2. RADIUS: Configuring PEAP EAP-MSCHAPv2
    /Wireless_LAN/Encryption_and_Authentication/Enterprise_(802.1X)/RADIUS:_WPA2-Enterprise_With_PEAP-MSCHAPv2_Using_Microsoft_NPS
  • Was this article helpful?