Securing a wireless network means stepping up beyond the preshared key authentication. The weakness in preshared key is the password that is shared amongst people and across many devices. If a person or device leaves the organization, the password must be changed to prevent that person from joining the network.
A stronger way of securing the wireless network is to use 802.1X.
In this example, we will go over configuring the Mojo Networks C-120 access point as the authenticator which will point to our FreeRADIUS server.
Within the Mojo Wireless Manager, Click on Configuration at the top menu and then click on Device Configuration in the main panel.
Next, click on SSID Profiles to modify the SSID in which we will configure 802.1X.
Select the SSID in the list where we will configure 802.1X security. You may have multiple SSIDs listed here.
While in the Edit Wi-Fi Profile subconfiguration menu, the first option we want to display is Security. Click on it to expand the options.
Make sure the Security Mode is set to WPA2. Right below it, select 802.1X.
To configure our authentication server, look for the section RADIUS Authentication. A Primary and Secondary Authentication server can be configured. In this example I will configure only one.
Input the details of the Authentication server.
When complete, click on Save at the bottom of the page and verify connectivity to the SSID. Using the Monitoring tab, verify the device is successfully connected. In my configuration I am using EAP-TTLS which is configured to authenticate devices using a username and password.
Improve High Density Wi-Fi Areas On Campus
Get the FREE PDF of best practices for deploying high density Wi-Fi