Skip to content

Commit

Permalink
docs: add documentation for 802.1x Wifi (#4896)
Browse files Browse the repository at this point in the history
* feat: initial impl of 802.1x docs

* refactor: spelling mistakes

* fix: configurations -> authentication methods

Co-authored-by: Mattia Dal Ben <[email protected]>

* fix: setup -> H2

Co-authored-by: Mattia Dal Ben <[email protected]>

* fix: setup -> H2

Co-authored-by: Mattia Dal Ben <[email protected]>

* fix: sub title -> H3

Co-authored-by: Mattia Dal Ben <[email protected]>

* fix: sub-heading -> H3

Co-authored-by: Mattia Dal Ben <[email protected]>

* fix: removed inner auth step for eap-tls

* fix: formating, and added link to keystore service

* feat: added screenshot of finished config

* refactor: scaled up images, seperated PEAP+TTLS

* refactor: fixed bullets on EAP-TLS

---------

Co-authored-by: Mattia Dal Ben <[email protected]>
  • Loading branch information
GregoryIvo and mattdibi authored Oct 24, 2023
1 parent 10e65aa commit e165a06
Show file tree
Hide file tree
Showing 10 changed files with 63 additions and 0 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
62 changes: 62 additions & 0 deletions docs/gateway-configuration/wifi-configuration-8021x.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Wi-Fi 802.1x Configuration
Enterprise Wi-Fi is currently only supported on gateways running our [generic profiles](/getting-started/install-kura/#installer-types). The following is a list of currently supported 802.1x authentication methods.

- [TTLS-MSCHAPv2](/gateway-configuration/wifi-configuration-8021x/#ttls-mschapv2)
- [PEAP-MSCHAPv2](/gateway-configuration/wifi-configuration-8021x/#peap-mschapv2)
- [EAP-TLS](/gateway-configuration/wifi-configuration-8021x/#eap-tls)

## TTLS-MSCHAPv2
1. Set up gateway Wi-Fi as described in the [Wi-Fi configuration guide](/gateway-configuration/wifi-configuration/#wireless-configuration).
2. Ensure Wireless Security is set to `WPA2/WPA3-Enterprise`
![Alt text](images/802-1x-images/wifi-enterprise-enum.png)
3. select the 802.1x tab
4. Set Enteprise EAP -> `TTLS`
5. Set Inner Authentication -> `MSCHAPV2`
6. Set `Identity (Username)`
7. Set `Password`
6. Press 'Apply'

The configuration should look like the following:
![Alt text](images/802-1x-images/wifi-ttls.png)

## PEAP-MSCHAPv2
1. Set up gateway Wi-Fi as described in the [Wi-Fi configuration guide](/gateway-configuration/wifi-configuration/#wireless-configuration).
2. Ensure Wireless Security is set to `WPA2/WPA3-Enterprise`
![Alt text](images/802-1x-images/wifi-enterprise-enum.png)
3. select the 802.1x tab
4. Set Enteprise EAP -> `PEAP`
5. Set Inner Authentication -> `MSCHAPV2`
6. Set `Identity (Username)`
7. Set `Password`
6. Press 'Apply'

The configuration should look like the following:
![Alt text](images/802-1x-images/wifi-peap.png)

## EAP-TLS
To connect via EAP-TLS you will need the following items in unencrypted PEM format:

- Certificate Authority (CA) Certificate
- Client Certificate + Private Key (PKCS8)

### Enrolling secrets in the [Keystore service](/gateway-configuration/keystores-management/).

1. Navigate to `Security` under the `System` tab.
2. Under the `Keystore Configuration` add a new keystore, and keep note of the name. ![Adding a new keystore](images/802-1x-images/wifi-create-keystore.png)
3. After the Keystore is created, be sure to change the path to a persistent directory. ![Alt text](images/802-1x-images/wifi-create-change-path.png)
4. Navigate to the `Certificate List` and create a new Certificate. Insert the PEM and Apply, keep note of the name. ![add certificate](images/802-1x-images/wifi-create-keystore-add-certificate.png)
5. Now press `add` and create a new Private Key. Insert both the certificates in the PEM in the dialogue and press apply. keep note of the name. ![Alt text](images/802-1x-images/wifi-create-keystore-add-privatekey.png)

### Wifi Setup

1. Set up gateway Wi-Fi as described in the [Wi-Fi configuration guide](/gateway-configuration/wifi-configuration/#wireless-configuration).
2. Ensure Wireless Security is set to `WPA2/WPA3-Enterprise`. ![Alt text](images/802-1x-images/wifi-enterprise-enum.png)
3. Select the 802.1x tab.
4. Set Enteprise EAP -> `TLS`.
5. Set `Identity (Username)`.
6. Set `Keystore Pid` to the name of the keystore created above.
7. Set `Certificate Authority Certificate (CA-Cert)` to the name of the certificate created above.
8. Set the `Client Private Key` to the name of the Private Key created above.

When completed the Wi-Fi configuration should look like the following:
![tls-configuration](images/802-1x-images/wifi-tls.png)
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ nav:
- Network Failover: gateway-configuration/network-failover.md
- Ethernet Configuration: gateway-configuration/ethernet-configuration.md
- Wi-Fi Configuration: gateway-configuration/wifi-configuration.md
- Wi-Fi 802.1x Configuration: gateway-configuration/wifi-configuration-8021x.md
- Cellular Configuration: gateway-configuration/cellular-configuration.md
- Firewall Configuration: gateway-configuration/firewall-configuration.md
- Network Threat Manager: gateway-configuration/network-threat-manager.md
Expand Down

0 comments on commit e165a06

Please sign in to comment.