Got it
Huawei Enterprise Support Community
Community Forums WLAN
WiFi Certificate-based au...

WiFi Certificate-based authentication

Latest reply: Jan 21, 2022 06:52:24 5993 11 1 0 0
View the author 1#

Hi, everyone!


This post enquires about the WiFi Certificate-based authentication. Please see more details below.


ISSUE DESCRIPTION


Is there any knowledge on configuring a certificate-based authentication? A big customer has a radius server with certificate authentication. So I think I have to configure an 802.1x authentication.

 
But users don't have to type their username and password? Any idea if it works?

Thanks in advance for assisting me with the WiFi Certificate-based authentication.

Like (1) Dislike (0) Favorite(0) Share Report
Andy.Daws
Andy.Daws Created Apr 1, 2018 09:37:52 (0) (0)
Yes Huawei will work with certificate based authentication no problem using .1x this can be used for example to establish a connection as soon as the device starts up and connects to wifi. Useful for building vpn tunnels before login or in addition to

Ra 
Previous: AC V2R7 new feature--802.11r fast roaming
Next: iPhone connect and disconnect quickly without getting IP address after upgrade to IOS version 11.
(1) (0)
2#
StarOfWest
Created Mar 30, 2018 13:29:16

Hello,

What do you think about using mac-address authentication with Radius. Basically you store all the mac-address as user and password on radius and let users authenticate with their mac-address.

http://support.huawei.com/hedex/pages/EDOC1000153688AEG06285/04/EDOC1000153688AEG06285/04/resources/dc/SemiXML/cfgexample/c_cfgexample_2007.html?ft=0&fe=10&hib=10.3.5.19.3&id=c_cfgexample_2007&text=Example%20for%20Configuring%20Wireless%20MAC%20Address%20Authentication&docid=EDOC1000153688
View more
  • x
  • convention:
(0) (0)
3#
Daniel_Ger
Created Apr 3, 2018 08:09:15

Hello.

thanks for your reply.
Changes in the authentication is not possible, because it is a new branch site of a very big international company. They have a central authentication server with certificates. So the question is, wheater Huawei WiFi is capable of this method? It would be mandatory.
View more
  • x
  • convention:
(0) (0)
4#
Luke_WiFi_Walker
Created Apr 3, 2018 11:51:45

This post was last edited by t84075118 at 2018-04-03 11:53.
Posted by Daniel_Ger at 2018-04-03 11:53 "They have a central authentication server with certificates. So the question is, wheater Huawei WiFi is capable of this method?"


Hello Daniel,

Yes you can achieve certificate authentication for WiFi and wired authentication but you will also need Agile Controller for the certificate synchronization.

Prerequisites
Wired or wireless 802.1X authentication has been configured.
A certificate server has been deployed.
AD/LDAP accounts have been synchronized or local accounts have been created.

Please check the example in the below link:

http://support.huawei.com/hedex/ ... ocid=EDOC1000179561
View more
  • x
  • convention:
(1) (0)
5#
pawellp
Created Apr 3, 2018 13:06:30

If they have central authentication Radius Server with certificate auth I suppose it is a Windows NPS.
Do they have Wifi controller ? If yes you need to add this wifi controller as a radius client in Radius Server(Windows NPS) and in wifi controller set 802.1x as the auth protocol. In last few months I did similar deployments and it is not complicated if they have Certificate Authority and certificate enrollment policy already configured in their Active Directory.
View more
  • x
  • convention:
(0) (0)
6#
Daniel_Ger
Created Apr 10, 2018 18:13:40

Posted by pawellp at 2018-04-03 06:06 If they have central authentication Radius Server with certificate auth I suppose it is a Windows NP ...
Thank You for your answer. So it's possible without the Agile Controller?
What do I have to set on the AC? Do I have to import a CA certificate? I could not find any documentation about this topic?
View more
  • x
  • convention:
(0) (0)
7#
Luke_WiFi_Walker
Created Apr 12, 2018 10:12:47

Posted by Daniel_Ger at 2018-04-10 18:13 Thank You for your answer. So it's possible without the Agile Controller?What do I have to set on ...
It is not possible without Agile as its needed for the AD synchronization of the users.
View more
  • x
  • convention:
(1) (0)
8#
surriken87
Created Apr 14, 2018 10:46:43

Posted by t84075118 at 2018-04-12 10:12 It is not possible without Agile as its needed for the AD synchronization of the users.
Why we need Agile? What AD synchronisation?
We just only need to configure 802.1x auth and external RADIUS server on Access Controller.
In this case topic-starter don't use Agile like RADIUS-server. He use Microsoft NPS. This NPS will interact with AD to synchronise user info.
As i understand this case no certificates need on the AC, only on user device and on the CA.
View more
  • x
  • convention:
(1) (0)
9#
Luke_WiFi_Walker
Created Apr 16, 2018 08:17:17

The 802.1x certificate authentication configuration is same with normal 802.1x authentication on our device ( AC ).
The radius server needs to support 802.1x certificate authentication.
View more
  • x
  • convention:
(0) (0)
10#
Daniel_Ger
Created Apr 16, 2018 10:14:08

Thank you all for your help. This helps me a lot. The important part is the radius server, which can be an Agile Controller or another like NPS.
Thanks a lot, case is solved
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.