-
Notifications
You must be signed in to change notification settings - Fork 313
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add documentation for 802.1x Wifi (#4896)
* feat: initial impl of 802.1x docs * refactor: spelling mistakes * fix: configurations -> authentication methods Co-authored-by: Mattia Dal Ben <[email protected]> * fix: setup -> H2 Co-authored-by: Mattia Dal Ben <[email protected]> * fix: setup -> H2 Co-authored-by: Mattia Dal Ben <[email protected]> * fix: sub title -> H3 Co-authored-by: Mattia Dal Ben <[email protected]> * fix: sub-heading -> H3 Co-authored-by: Mattia Dal Ben <[email protected]> * fix: removed inner auth step for eap-tls * fix: formating, and added link to keystore service * feat: added screenshot of finished config * refactor: scaled up images, seperated PEAP+TTLS * refactor: fixed bullets on EAP-TLS --------- Co-authored-by: Mattia Dal Ben <[email protected]>
- Loading branch information
1 parent
10e65aa
commit e165a06
Showing
10 changed files
with
63 additions
and
0 deletions.
There are no files selected for viewing
Binary file added
BIN
+373 KB
docs/gateway-configuration/images/802-1x-images/wifi-create-change-path.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+387 KB
...way-configuration/images/802-1x-images/wifi-create-keystore-add-certificate.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+877 KB
...eway-configuration/images/802-1x-images/wifi-create-keystore-add-privatekey.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+332 KB
docs/gateway-configuration/images/802-1x-images/wifi-create-keystore.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+328 KB
docs/gateway-configuration/images/802-1x-images/wifi-enterprise-enum.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
# Wi-Fi 802.1x Configuration | ||
Enterprise Wi-Fi is currently only supported on gateways running our [generic profiles](/getting-started/install-kura/#installer-types). The following is a list of currently supported 802.1x authentication methods. | ||
|
||
- [TTLS-MSCHAPv2](/gateway-configuration/wifi-configuration-8021x/#ttls-mschapv2) | ||
- [PEAP-MSCHAPv2](/gateway-configuration/wifi-configuration-8021x/#peap-mschapv2) | ||
- [EAP-TLS](/gateway-configuration/wifi-configuration-8021x/#eap-tls) | ||
|
||
## TTLS-MSCHAPv2 | ||
1. Set up gateway Wi-Fi as described in the [Wi-Fi configuration guide](/gateway-configuration/wifi-configuration/#wireless-configuration). | ||
2. Ensure Wireless Security is set to `WPA2/WPA3-Enterprise` | ||
![Alt text](images/802-1x-images/wifi-enterprise-enum.png) | ||
3. select the 802.1x tab | ||
4. Set Enteprise EAP -> `TTLS` | ||
5. Set Inner Authentication -> `MSCHAPV2` | ||
6. Set `Identity (Username)` | ||
7. Set `Password` | ||
6. Press 'Apply' | ||
|
||
The configuration should look like the following: | ||
![Alt text](images/802-1x-images/wifi-ttls.png) | ||
|
||
## PEAP-MSCHAPv2 | ||
1. Set up gateway Wi-Fi as described in the [Wi-Fi configuration guide](/gateway-configuration/wifi-configuration/#wireless-configuration). | ||
2. Ensure Wireless Security is set to `WPA2/WPA3-Enterprise` | ||
![Alt text](images/802-1x-images/wifi-enterprise-enum.png) | ||
3. select the 802.1x tab | ||
4. Set Enteprise EAP -> `PEAP` | ||
5. Set Inner Authentication -> `MSCHAPV2` | ||
6. Set `Identity (Username)` | ||
7. Set `Password` | ||
6. Press 'Apply' | ||
|
||
The configuration should look like the following: | ||
![Alt text](images/802-1x-images/wifi-peap.png) | ||
|
||
## EAP-TLS | ||
To connect via EAP-TLS you will need the following items in unencrypted PEM format: | ||
|
||
- Certificate Authority (CA) Certificate | ||
- Client Certificate + Private Key (PKCS8) | ||
|
||
### Enrolling secrets in the [Keystore service](/gateway-configuration/keystores-management/). | ||
|
||
1. Navigate to `Security` under the `System` tab. | ||
2. Under the `Keystore Configuration` add a new keystore, and keep note of the name. ![Adding a new keystore](images/802-1x-images/wifi-create-keystore.png) | ||
3. After the Keystore is created, be sure to change the path to a persistent directory. ![Alt text](images/802-1x-images/wifi-create-change-path.png) | ||
4. Navigate to the `Certificate List` and create a new Certificate. Insert the PEM and Apply, keep note of the name. ![add certificate](images/802-1x-images/wifi-create-keystore-add-certificate.png) | ||
5. Now press `add` and create a new Private Key. Insert both the certificates in the PEM in the dialogue and press apply. keep note of the name. ![Alt text](images/802-1x-images/wifi-create-keystore-add-privatekey.png) | ||
|
||
### Wifi Setup | ||
|
||
1. Set up gateway Wi-Fi as described in the [Wi-Fi configuration guide](/gateway-configuration/wifi-configuration/#wireless-configuration). | ||
2. Ensure Wireless Security is set to `WPA2/WPA3-Enterprise`. ![Alt text](images/802-1x-images/wifi-enterprise-enum.png) | ||
3. Select the 802.1x tab. | ||
4. Set Enteprise EAP -> `TLS`. | ||
5. Set `Identity (Username)`. | ||
6. Set `Keystore Pid` to the name of the keystore created above. | ||
7. Set `Certificate Authority Certificate (CA-Cert)` to the name of the certificate created above. | ||
8. Set the `Client Private Key` to the name of the Private Key created above. | ||
|
||
When completed the Wi-Fi configuration should look like the following: | ||
![tls-configuration](images/802-1x-images/wifi-tls.png) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters