Knowledge Base

Reset Search



NCOS: WiFi Authentication using Windows 2012 NPS Server

« Go Back



Cradlepoint WiFi Authentication using Windows 2012 NPS Server for Radius

Products Supported: MBR1400v2, AER2100, AER3100, IBR1100, IBR600, IBR600B Click here to identify your router.





Related Articles



This article will provide assistance with configuring WiFi WPA2 Enterprise Authentication using Windows 2012 NPS Server as Radius. In this configuration, the Cradlepoint functions as an Wireless Controller, forwarding authentication requests to the Windows 2012 NPS Radius Server. 

User-added image      User-added image




When configuring the Cradlepoint WiFi for WPA2 Enterprise, it is helpful to be familiar with RADIUS authentication workflow.

Radius workflow: 

  1. Client initiates authentication to the Cradlepoint Router.

  2. Cradlepoint router prompts for username and password.

  3. Client supplies credentials.

  4. Client sends username and encrypted password to the Windows 2012 NPS RADIUS server.

  5. RADIUS server responds with Accept, Reject, or Challenge.

Radius Clients -  The Radius Client in this scenario will be the Cradlepoint router.

Windows 2012 NPS radius configuration will also include defining a "Network Policies"



Configuration Difficulty: Medium
Cradlepoint Router:
  • Step 1: Log into the router's NCOS Page. For help with logging in please click here.
  • Step 2: From the Networking tab  -> Local Networks -> WiFi Radio
Note: The number of WiFi Radios listed will be dependent on the model of Cradlepoint, this guide will use an AER1600. The AER1600 has two WiFi radios,  2.4GHz and 5GHz 

User-added image
  • Step 3: Select an SSID -> Edit
User-added image
  • Step 4: Change the "Security Mode" to "WPA2 Enterprise"
  • Step 5: In the "IP" field, enter the IP address of the Windows 2012 NPS Server
  • Step 6: In the "Shared Key" field enter the RADIUS shared key (I'm using "pass123")
  • Step 7: Click Save
User-added image

Windows 2012 Server:
  • Step 1: Log into the Windows 2012 Server
  • Step 2: From the Sever Manager  -> Manage -> Add Roles and Features

User-added image

  • Step 3: Click Next -> Next -> Next -> Select Network Policy and Access Services 
  • Step 4: Click Next
User-added image
  • Step 5: Click Next -> Install 
Note: Wait for the installation to finish before moving on.
  • Step 6: Open "Network Policy Server" manager
  • Step 7: Expand "RADIUS Clients and Server" -> right click "RADIUS clients" -> click New
User-added image
  • Step 8: Enter a Friendly name for the client
  • Step 9: Enter the IP address that is assigned to the Cradlepoint "Primary LAN"
  • Step 10: Enter the RADIUS share secret password (I'm using "pass123")
  • Step 11: Click OK
User-added image
  • Step 12: Expand "Policies" -> right click "Network Policies" and select "New"
  • Step 13: Give the new policy a name, confirm that the policy is enabled and is set to Grant Access

User-added image
  • Step 14: Click the "Conditions" tab and verify that "Domain Users" is included as conditional parameter 
  • Step 15: Click OK
User-added image

Note: At this point 802.1x clients should be able to authenticate against the Windows 2012 NPS Radius server


Published Date: 07/14/2017

This article not have what you need?  Not find what you were looking for?  Think this article can be improved?  Please let us know at



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255