Cradlepoint WiFi Authentication using Windows 2012 NPS Server for Radius
Products Supported: MBR1400v2, AER2100, AER3100, IBR1100, IBR600, IBR600B Click here to identify your router.
This article will provide assistance with configuring WiFi WPA2 Enterprise Authentication using Windows 2012 NPS Server as Radius. In this configuration, the Cradlepoint functions as an Wireless Controller, forwarding authentication requests to the Windows 2012 NPS Radius Server.
When configuring the Cradlepoint WiFi for WPA2 Enterprise, it is helpful to be familiar with RADIUS authentication workflow.
Client initiates authentication to the Cradlepoint Router.
Cradlepoint router prompts for username and password.
Client supplies credentials.
Client sends username and encrypted password to the Windows 2012 NPS RADIUS server.
RADIUS server responds with Accept, Reject, or Challenge.
Radius Clients - The Radius Client in this scenario will be the Cradlepoint router.
Windows 2012 NPS radius configuration will also include defining a "Network Policies"
Configuration Difficulty: Medium
Note: The number of WiFi Radios listed will be dependent on the model of Cradlepoint, this guide will use an AER1600. The AER1600 has two WiFi radios, 2.4GHz and 5GHz
- Step 1: Log into the router's NCOS Page. For help with logging in please click here.
- Step 2: From the Networking tab -> Local Networks -> WiFi Radio
- Step 3: Select an SSID -> Edit
Windows 2012 Server:
- Step 4: Change the "Security Mode" to "WPA2 Enterprise"
- Step 5: In the "IP" field, enter the IP address of the Windows 2012 NPS Server
- Step 6: In the "Shared Key" field enter the RADIUS shared key (I'm using "pass123")
- Step 7: Click Save
- Step 1: Log into the Windows 2012 Server.
- Step 2: From the Sever Manager -> Manage -> Add Roles and Features
- Step 3: Click Next -> Next -> Next -> Select Network Policy and Access Services
- Step 4: Click Next
Note: Wait for the installation to finish before moving on.
- Step 5: Click Next -> Install
- Step 6: Open "Network Policy Server" manager
- Step 7: Expand "RADIUS Clients and Server" -> right click "RADIUS clients" -> click New
- Step 8: Enter a Friendly name for the client
- Step 9: Enter the IP address that is assigned to the Cradlepoint "Primary LAN"
- Step 10: Enter the RADIUS share secret password (I'm using "pass123")
- Step 11: Click OK
- Step 12: Expand "Policies" -> right click "Network Policies" and select "New"
- Step 13: Give the new policy a name, confirm that the policy is enabled and is set to Grant Access
Note: At this point 802.1x clients should be able to authenticate against the Windows 2012 NPS Radius server
- Step 14: Click the "Conditions" tab and verify that "Domain Users" is included as conditional parameter
- Step 15: Click OK
Published Date: 07/14/2017
This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at firstname.lastname@example.org.