Configuring wireless network clients
This chapter shows how to configure typical wireless network clients to connect to a wireless network with WPAEnterprise security.
Windows XP client
Windows 7 client
Mac OS client
Linux client
Troubleshooting
Windows XP client
To configure the WPA-Enterprise network connection
- In the Windows Start menu, go to Control Panel > Network Connections > Wireless Network Connection or select the wireless network icon in the Notification area of the Taskbar. A list of available networks is displayed.
Windows XP
If you are already connected to another wireless network, the Connection Status window displays. Select View Wireless Networks on the General tab to view the list.
If the network broadcasts its SSID, it is listed. But do not try to connect until you have completed the configuration step below. Because the network doesn’t use the Windows XP default security configuration, configure the client’s network settings manually before trying to connect.
- You can configure the WPA-Enterprise network to be accessible from the View Wireless Networks window even if it does not broadcast its SSID.
- Select Change Advanced Settings and then select the Wireless Networks
Any existing networks that you have already configured are listed in the Preferred Networks list.
Windows XP client
- Select Add and enter the following information:
| Network Name (SSID) | The SSID for your wireless network |
| Network Authentication | WPA2 |
| Data Encryption | AES |
- If this wireless network does not broadcast its SSID, select Connect even if this network is not broadcasting so that the network will appear in the View Wireless Networks
Windows XP
- Select the Authentication
- In EAP Type, select Protected EAP (PEAP).
- Make sure that the other two authentication options are not selected.
Windows XP client
- Select Properties.
- Make sure that Validate server certificate is selected.
- Select the server certificate Entrust Root Certification Authority.
- In Select Authentication Method, select Secured Password (EAP-MSCHAPv2).
- Ensure that the remaining options are not selected.
- Select Configure.
- If your wireless network credentials are the same as your Windows logon credentials, select Automatically use my Windows logon name and password. Otherwise, make sure that this option is not selected.
- Select OK. Repeat until you have closed all of the Wireless Network Connection Properties
Windows 7
To connect to the WPA-Enterprise wireless network
- Select the wireless network icon in the Notification area of the Taskbar.
- In the View Wireless Networks list, select the network you just added and then select Connect. You might need to log off of your current wireless network and refresh the list.
- When the following popup displays, click on it.
- In the Enter Credentials window, enter your wireless network User name, Password, and Logon domain (if applicable). Then, select OK.
In future, Windows will automatically send your credentials when you log on to this network.
Windows 7 client
- In the Windows Start menu, go to Control Panel > Network and Internet > Network and Sharing Center > Manage Wireless Networks or select the wireless network icon in the Notification area of the Taskbar. A list of available networks is displayed.
Windows 7 client
- Do one of the following:
l If the wireless network is listed (it broadcasts its SSID), select it from the list. l Select Add > Manually create a network profile.
Windows 7
- Enter the following information and select Next.
| Network name | Enter the SSID of the wireless network. (Required only if you selected Add.) |
| Security type | WPA2-Enterprise |
| Encryption type | AES |
| Start this connection automatically | Select |
| Connect even if the network is not broadcasting. | Select |
The Wireless Network icon will display a popup requesting that you click to enter credentials for the network. Click on the popup notification.
- In the Enter Credentials window, enter your wireless network User name, Password, and Logon domain (if applicable). Then, select OK.
- Select Change connection settings.
- On the Connection tab, select Connect automatically when this network is in range.
- On the Security tab, select the Microsoft PEAP authentication method and then select Settings.
Windows 7 client
- Make sure that Validate server certificate is selected.
- Select the server certificate Entrust Root Certification Authority.
- In Select Authentication Method, select Secured Password (EAP-MSCHAPv2).
- Select Configure.
- If your wireless network credentials are the same as your Windows logon credentials, select Automatically use my Windows logon name and password. Otherwise, make sure that this option is not selected.
- Ensure that the remaining options are not selected.
- Select OK. Repeat until you have closed all of the Wireless Network Properties
Mac OS
Mac OS client
To configure network preferences
- Right-click the AirPort icon in the toolbar and select Open Network Preferences.
- Select Advanced and then select the 1X tab.
- If there are no Login Window Profiles in the left column, select the + button and then select Add Login Window
Profile.
- Select the Login Window Profile and then make sure that both TTLS and PEAP are selected in Authentication.
To configure the WPA-Enterprise network connection
- Select the AirPort icon in the toolbar.
- Do one of the following:
l If the network is listed, select the network from the list. l Select Connect to Other Network.
Mac OS client
One of the following windows opens, depending on your selection.
- Enter the following information and select OK or Join:
| Network name | Enter the SSID of your wireless network. (Other network only) |
| Wireless Security | WPA Enterprise |
| 802.1X | Automatic |
| Username Password | Enter your logon credentials for the wireless network. |
| Remember this network | Select. |
You are connected to the wireless network.
Linux
Linux client
This example is based on the Ubuntu 10.04 Linux wireless client.
To connect to a WPA-Enterprise network
- Select the Network Manager icon to view the Wireless Networks menu.
Wireless networks that broadcast their SSID are listed in the Available section of the menu. If the list is long, it is continued in the More Networks submenu.
- Do one of the following:
- Select the network from the list (also check More Networks).
- Select Connect to Hidden Wireless Network.
One of the following windows opens, depending on your selection.
Linux client
- Enter the following information:
| Connection | Leave as New. (Hidden network only) |
| Network name | Enter the SSID of your wireless network. (Hidden network only) |
| Wireless Security | WPA & WPA2 Enterprise |
| Authentication | Protected EAP (PEAP) for RADIUS-based authentication
Tunneled TLS for TACACS+ or LDAP-based authentication |
| Anonymous identity | This is not required. |
| CA Certificate | If you want to validate the AP’s certificate, select the Entrust Root Certification Authority root certificate. The default location for the certificate is /usr/share/ca-certificates/mozilla/. |
| PEAP version | Automatic (applies only to PEAP) |
| Inner authentication | MSCHAPv2 for RADIUS-based authentication
PAP or CHAP for TACACS+ or LDAP-based authentication |
| Username Password | Enter your logon credentials for the wireless network. |
Troubleshooting
- If you did not select a CA Certificate above, you are asked to do so. Select Ignore.
- Select You are connected to the wireless network.
To connect to a WPA-Enterprise network
- Select the Network Manager icon to view the Wireless Networks menu.
- Select the network from the list (also check More Networks).
If your network is not listed (but was configured), select Connect to Hidden Wireless Network, select your network from the Connection drop-down list, and then select Connect.
Troubleshooting
Using tools provided in your operating system, you can find the source of common wireless networking problems.
Checking that client received IP address and DNS server information
Windows XP
- Double-click the network icon in the taskbar to display the Wireless Network Connection Status
Check that the correct network is listed in the Connection section.
- Select the Support
Check that the Address Type is Assigned by DHCP. Check that the IP Address, Subnet Mask, and Default Gateway values are valid.
- Select Details to view the DNS server addresses.
The listed address should be the DNS serves that were assigned to the WAP. Usually a wireless network that provides access to the private LAN is assigned the same DNS servers as the wired private LAN. A wireless network that provides guest or customer users access to the Internet is usually assigned public DNS servers.
- If any of the addresses are missing, select Repair.
If the repair procedure doesn’t correct the problem, check your network settings.
Troubleshooting
Mac OS
- From the Apple menu, open System Preferences > Network.
- Select AirPort and then select Configure.
- On the Network page, select the TCP/IP
- If there is no IP address or the IP address starts with 169, select Renew DHCP Lease.
- To check DNS server addresses, open a terminal window and enter the following command:
cat /etc/resolv.conf
Check the listed nameserver addresses. A network for employees should us the wired private LAN DNS server. A network for guests should specify a public DNS server.
Linux
This example is based on the Ubuntu 10.04 Linux wireless client.
Troubleshooting
- Right-click the Network Manager icon and select Connection Information.
- Check the IP address, and DNS settings. If they are incorrect, check your network settings.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!