Home > Wireless LAN > Encryption and Authentication > Freeradius: Configure freeradius to work with EAP-TLS authentication

Freeradius: Configure freeradius to work with EAP-TLS authentication

Table of contents
No headers

When using WPA2-Enterprise with 802.1X authentication EAP-TLS can be specified as an authentication method. When EAP-TLS is the chosen authentication method both the wireless client and the RADIUS server use certificates to verify their identities to each other and perform mutual authentication. Below are the steps for configuring EAP-TLS in freeradius.

Edit /etc/freeradius/eap.conf with the following changes

  1. Change default_eap_type to “tls”
  2. Comment out all the authentication methods sections except for tls
  3. Comment out “private_key_password” with #
  4. Change private_key_file to ${certdir}/radius.key
  5. Change certificate_file to ${certdir}/radius.crt
  6. Change CA_file to ${cadir}/ca.crt

Below is a configuration file after the changes have made.


Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1943

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community