Client Configuration Guides

Learn how to configure Windows, macOS, iOS, Android, and Chromebook devices to connect securely to IronWifi WPA-Enterprise wireless networks. These guides cover manual configuration and MDM deployment for all major EAP authentication methods.

Authentication Methods

EAP-PEAP (Protected EAP)

PEAP is a widely supported authentication method that uses a username and password protected by a TLS tunnel.

• Windows - EAP-PEAP
• Android - EAP-PEAP
• Apple iOS - EAP-PEAP
• Chromebook - EAP-PEAP

EAP-TLS (Certificate-based)

EAP-TLS is one of the most secure Wi-Fi authentication methods, using client and server certificates for mutual authentication without requiring username/password.

• Windows - EAP-TLS
• Android - EAP-TLS
• Chromebook - EAP-TLS

EAP-TTLS + PAP

EAP-TTLS with PAP provides a secure tunnel for password-based authentication. Useful when integrating with external identity providers.

• Windows - TTLS + PAP
• Mac OS & iOS - TTLS + PAP

Choosing the Right Method

Method	Security	Certificates Required	Best For
EAP-TLS	Highest	Client + Server	Enterprise with PKI
EAP-PEAP	High	Server only	Username/password auth
EAP-TTLS	High	Server only	External identity providers

Prerequisites

Before configuring client devices:

1. Network configured - Ensure your wireless network is set up with IronWifi RADIUS authentication
2. User accounts - Users must exist in the IronWifi console or be synced from an identity provider
3. Certificates (for EAP-TLS) - Client certificates must be provisioned via SCEP or manual installation

MDM Deployment

For enterprise deployments, use Mobile Device Management (MDM) to push WiFi profiles automatically:

• Windows - Deploy via Microsoft Intune, SCCM, or Group Policy
• macOS/iOS - Use Apple Business Manager with Jamf Pro or Kandji
• Android - Deploy through Android Enterprise with Google Workspace or VMware Workspace ONE
• Chromebook - Configure via Google Admin Console for Chrome Enterprise

MDM deployment eliminates manual configuration and ensures consistent security settings across all managed devices.

Troubleshooting Tips

If devices fail to connect:

1. Verify RADIUS server reachability - Check that UDP ports 1812/1813 are open between your access points and IronWifi
2. Check user credentials - Confirm the username and password are correct in the IronWifi console
3. Validate certificates - For EAP-TLS, ensure client certificates are not expired and match the trusted CA
4. Review authentication logs - Check the IronWifi console for detailed error messages

Related Topics

• Passpoint Configuration - Automatic WiFi connection without manual setup
• Connectors - Sync users from identity providers
• Troubleshooting - Detailed troubleshooting guide