MicroNugget: What is WPA2 Enterprise?



you see it every single time you configure a wireless access point the question always circles your mind what is that wpa2 Enterprise option wpa2 Enterprise is often contrasted with wpa2 personal which most people call PSK or pre shared key the beauty of that mode is its simplicity all you have to do is go into your wireless access point and say the passcode is secret ninja 1 2 3 and everybody has to now type in this passcode secret ninja 1 2 3 on their device and bam they join the wireless network well the problem with that is in corporations you have angry people hopefully not too many but when they leave the company they take their laptop and their pre shared key with them who's to say they're not going to sit in the parking lot trying to hack your network no so you have 2 choices then one cross your fingers that they're not going to do that or to change the passcode to where now every single laptop has to type in and again even people that barely even know how to open their laptop now have to type that in which usually means IT people are having to visit each device so wpa2 Enterprise what is it what it does is move away from this pre shared key scheme it does that by introducing a concept called a radius server what is radius it is just an vendor-independent protocol meaning everybody can support it that allows authentication so now when somebody with a laptop hits the wireless access point the wireless access point doesn't look for a pre-shared key it says well what is your good you can fill that in most people use a certificate which is their way of blessing that device they go to the laptop and install a certain certificate so that it's able to join the wireless network or you could use a username and password or you can use you know sometimes the laptops have these little thumbprint scanners we can there's all kinds of ways that you can authenticate the wireless access point doesn't really care it's just saying I've got something for you radius server tell me if it's good or not the radius server looks and says ok well based on their but whether it be a fingerprint or based on their user name and password I mean take some software on here they are good ding ding ding and that means that user can now join the wireless network the beauty of that is now when that person leaves the company you can go on the radio server and disable their user and you don't have to change a pre-shared key in your organization now that device or that user can no longer join the wireless network so what do you need to set it up well just a server and configuration so the server can be Windows Server 2003 2008 2012 whatever Linux server could be running free radius on there you got to create your user database over here then you configure your wireless access points to report to that server usually that will involve a pre shared key between those two so the radius server says oh you're allowed to ask me those kind of questions and the wireless access point is configured with the IP address of the radius server then you do all the configuration all your clients need to be changed over to use wpa2 enterprise and choose what kind of authentication method they're going to use the gray December and you are good to go I hope this has been informative for you and I'd like to thank you for viewing

14 thoughts on “MicroNugget: What is WPA2 Enterprise?

  1. Geez. This video explained better in 3 minutes than my networking professor took 15 to explain. Nobody understood what he was talking about in class…

  2. really thank you for making me understand what radius is and how it communicates with the WiFi AP for authentication.

  3. I love your voice Jeremy ! Thanks again for uploading another Video for networking aspirants,

    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *