Skip to main content

 

Cisco Meraki Documentation

Enabling WPA2-Enterprise in Windows

It is important to manually configure WPA2-Enterprise for your wireless network profile in Windows. You must not be in the process of associating to the SSID because the configurations will not save correctly. Follow the steps below to configure WPA2-Enterprise:

Windows Vista/7

  1. In Windows, navigate to Control Panel > Network and Internet > Network and Sharing Center.
  2. Click Manage Wireless networks.
  3. Click Add.
  4. Choose Manually create a network profile.
    90e5c615-4df4-42f0-ace5-fdd787d7f700
     
  5. On the next page, enter the following:
    • Network name: This is the SSID name. It is case sensitive.
    • Security type: Choose WPA2-Enterprise.
    • Encryption type: Choose AES.
    • Check Start this connection automatically if you want Windows to connect to this network automatically.
    • Check Connect even if the network is not broadcasting if the SSID is hidden and you want Windows to connect to this network automatically.
       
  6. Click Next.
    008b595d-6d70-4419-b2a9-9eb28216bf74
    Note: If the RADIUS server has a certificate that may not be trusted by the wireless client or is not a member of the domain in which the RADIUS server resides, on the "Successfully added" page, click Change connection settings.
     
  7. Choose the Security tab.
     
  8. Click Settings.
     
  9. Uncheck Validate server certificate if the wireless client may not trust the RADIUS server certificate.
    6732bbc0-7301-4e68-bb2d-a0ef97bc920f
  10. For the Authentication Method, choose EAP-MSCHAP v2.
     
  11. Click Configure.
     
  12. Uncheck Automatically use my Windows logon on name and password if the computer is not on the domain.
    000eb712-54d8-4b44-895f-756e47fde056
  13. Click OK.
    Note: It may be required to specify user or computer authentication based on whether the client is part of the domain or if machine or user authentication is a condition of the RADIUS policy.

    To choose user or computer authentication, from the Security tab,
    1. Click Advanced settings.
    2. Select the 802.1X settings tab.
    3. Check Specify authentication mode.
    4. Choose User or computer authentication. Or choose an alternate option if required.
      2f738eb6-5348-4a76-b0af-92b34b2674c1
    5. Click OK to close out.
       

Windows 10/11

  1. Navigate to Control Panel > Network and Sharing Center.
  2. Click Set up a new connection or network.
  3. Select Manually connect to a wireless network.
    clipboard_e1ed201c30612f782b71406cfac7a2ee2.png

     
  4. On the next page, enter the following:
    1. Network name: This is the SSID name. It is case sensitive.
    2. Security type: Choose WPA2-Enterprise.
    3. Encryption type: Choose AES.
    4. Check Start this connection automatically if you want Windows to connect to this network automatically.
    5. Check Connect even if the network is not broadcasting if the SSID is hidden and you want Windows to connect to this network automatically.
       
  5. Click Next.
    clipboard_ebb8aaebb662eff37760425faae159bc9.png

     
  6. Click Change connection settings.
    clipboard_ec5497dc365f08ff49e4ddd72969ff4a9.png

     
  7. Choose the Security tab.
     
  8. Click Settings.
    clipboard_e2b34cbd5a1b18e2872b2d5bb969e3403.png

    Note: Make sure that Microsoft: Protected EAP (PEAP) has been selected under 'Choose a network authentication method:'
     
  9. Uncheck Verify the server's identity by validating the certificate if the wireless client may not trust the RADIUS server certificate
    clipboard_e69b256de53f03cb0a1b55fabede5d608.png
    Note: Make sure that Secured password (EAP-MSCHAP v2) has been selected under 'Select Authentication Method:'
     
  10. Click Configure...
     
  11. Uncheck Automatically use my Windows logon name and password (and domain if any) if the computer is not on the domain.
    clipboard_e56ff01eb4c3ad9f114f2299f9566518b.png
     
  12. Click OK.
    Note: It may be required to specify user or computer authentication based on whether the client is part of the domain or if machine or user authentication is a condition of the RADIUS policy.
     
  13. Back at the security tab, click on Advanced settings.
    clipboard_e9840834245af7ca3a0d2b842de8914f6.png

     
  14. Check 'Specifiy authentication mode:' 
    clipboard_e742bc3c5252651a36005389c88bc2856.png

     
  15. Click Ok.
     

Note: Your computer will use your Windows logon credentials and domain unless you uncheck the box as shown in the Step 12 screenshot.

  1. WPA2-Enterprise with 802.1X Authentication
    https://documentation.meraki.com/MR/Encryption_and_Authentication/Wireless_Encryption_and_Authentication_Overview
     
  2. RADIUS: Configuring PEAP EAP-MSCHAPv2
    /Wireless_LAN/Encryption_and_Authentication/Enterprise_(802.1X)/RADIUS:_WPA2-Enterprise_With_PEAP-MSCHAPv2_Using_Microsoft_NPS
  • Was this article helpful?