Android - EAP-PEAP Configuration
Configure Android devices to connect securely to IronWifi WPA-Enterprise wireless networks using EAP-PEAP authentication. This guide covers manual configuration for individual devices and automated deployment through Mobile Device Management solutions.
Overview
EAP-PEAP (Protected Extensible Authentication Protocol) provides secure wireless authentication using a username and password protected by a TLS tunnel. All Android versions support EAP-PEAP natively.
Prerequisites
- Android 4.0 or later
- Valid IronWifi user credentials
- Wireless network configured with WPA2-Enterprise
Configuration Steps
Android 10 and Later
- Open Settings > Network & Internet > Wi-Fi
- Tap your enterprise network (or tap Add network)
- Configure the following settings:
- EAP method: PEAP
- Phase 2 authentication: MSCHAPV2
- CA certificate: Use system certificates (or select specific CA)
- Online certificate status: Do not verify (or Request status)
- Domain: Your RADIUS server domain (optional)
- Identity: Your username (usually email address)
- Anonymous identity: Leave blank or enter
anonymous - Password: Your password
- Tap Connect
Android 9 and Earlier
- Open Settings > Wi-Fi
- Tap your enterprise network
- Configure:
- EAP method: PEAP
- Phase 2 authentication: MSCHAPV2
- CA certificate: Do not validate (or select certificate)
- Identity: Your username
- Password: Your password
- Tap Connect
Certificate Configuration
Using System Certificates (Android 10+)
Android 10 introduced the ability to use system certificates:
- Select CA certificate: Use system certificates
- Enter Domain:
radius.ironwifi.com(or your RADIUS hostname)
Installing a Custom CA Certificate
If your organization uses a private CA:
- Download the CA certificate to your device
- Open Settings > Security > Encryption & credentials
- Tap Install a certificate > CA certificate
- Select the downloaded certificate file
- When configuring Wi-Fi, select your installed certificate
MDM Deployment
For enterprise deployment via MDM (Mobile Device Management):
Android Enterprise (Work Profile)
Create a Wi-Fi configuration profile with:
- SSID: Your network name
- Security: WPA2-Enterprise
- EAP type: PEAP
- Phase 2: MSCHAPV2
- Identity:
${user.email}(variable) - Certificate: Deploy CA certificate
Samsung Knox
Use Knox Configure to deploy:
- Create a Wi-Fi policy
- Set EAP configuration
- Push to enrolled devices
Troubleshooting
"Authentication Problem" Error
- Verify your username and password
- Check that your account is active in IronWifi
- Try removing and re-adding the network
Certificate Validation Failed
- Check the CA certificate is correctly installed
- Verify the domain name matches the RADIUS server
- Ensure the certificate hasn't expired
Cannot Connect After Android Update
- Remove the saved network
- Re-enter credentials
- May need to reinstall CA certificate
Network Disconnects Randomly
- Disable battery optimization for Wi-Fi
- Go to Settings > Apps > Wi-Fi > Battery > Unrestricted
- Check for Android system updates
Identity Configuration
Standard Identity
Use your full email address: user@company.com
Anonymous Identity
For privacy, configure anonymous identity:
- Identity:
user@company.com(encrypted) - Anonymous identity:
anonymous@company.com(visible)
Related Topics
- Android - EAP-TLS - Certificate-based authentication
- Windows - EAP-PEAP - Windows configuration
- Chromebook - EAP-PEAP - Chromebook configuration