Skip to main content

Windows - EAP-PEAP Configuration

Configure Windows devices to connect securely to IronWifi WPA-Enterprise wireless networks using EAP-PEAP authentication. This widely supported method protects username and password credentials within an encrypted TLS tunnel, providing strong security for Windows environments.

Overview

EAP-PEAP is a widely supported authentication method that creates a secure TLS tunnel to protect user credentials. Windows 7 and later versions include built-in support for EAP-PEAP.

Prerequisites

  • Windows 7, 8, 10, or 11
  • Valid IronWifi user credentials (username and password)
  • Wireless network configured with WPA2-Enterprise

Configuration Steps

Windows 10/11

  1. Click the Wi-Fi icon in the system tray
  2. Select your enterprise wireless network
  3. Click Connect
  4. When prompted for credentials:
    • Username: Your IronWifi username (usually email address)
    • Password: Your IronWifi password
  5. If prompted about the server certificate, click Connect to accept

Advanced Configuration

For more control over the connection settings:

  1. Open Settings > Network & Internet > Wi-Fi
  2. Click Manage known networks
  3. Click Add a new network
  4. Enter the following settings:
    • Network name: Your SSID
    • Security type: WPA2-Enterprise
    • EAP method: PEAP
    • Authentication method: EAP-MSCHAPv2

Certificate Validation

For enhanced security, configure certificate validation:

  1. Open Control Panel > Network and Sharing Center
  2. Click Set up a new connection or network
  3. Select Manually connect to a wireless network
  4. Configure the network and click Next
  5. Click Change connection settings
  6. Go to the Security tab
  7. Click Settings next to the EAP type
  8. Check Verify the server's identity by validating the certificate
  9. Select Trusted Root Certification Authorities

Group Policy Deployment

For enterprise deployment via Group Policy:

Computer Configuration > Policies > Windows Settings > Security Settings > Wireless Network (IEEE 802.11) Policies

Create a new policy with:

  • SSID: Your network name
  • Authentication: WPA2-Enterprise
  • Encryption: AES
  • EAP type: Microsoft: Protected EAP (PEAP)

Troubleshooting

Connection Fails

  1. Verify your username and password are correct
  2. Ensure the wireless network is within range
  3. Check that your account is active in the IronWifi console

Certificate Errors

If you receive certificate warnings:

  1. The server certificate may not be trusted
  2. Contact your administrator to verify the RADIUS server certificate
  3. Temporarily disable certificate validation to test (not recommended for production)

Cannot See Network

  1. Ensure the SSID is being broadcast
  2. Verify your wireless adapter supports WPA2-Enterprise
  3. Update wireless adapter drivers