HowTo configure 802.1x WiFi on MikroTik and Windows radius

HowTo configure 802.1x WiFi on MikroTik and Windows radius

Video:

Network scheme:

Scenario:

We want to configure 802.1x authentication on enterprise network. We will configure wireless network and 802.1x authentication on MikroTik router.

Windows server configuration:

First we create test user John Smith on ad01 and create user group WiFi-Users. We will configure Network Policy Server on Radius server, through which users will authenticate. CA Authority will be installed on Radius, we will export NetLAB CA and import it to client PC. More detailed windows configuration in video.

MikroTik configuration:

/system identity
set name=netlab-mt-2

/interface vlan
add interface=ether1 name=Vlan10-MgMT vlan-id=10
add interface=ether1 name=Vlan101-Users vlan-id=101

/ip address
add address=192.168.10.3/24 interface=Vlan10-MgMT network=192.168.10.0

/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=192.168.10.1

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-eap management-protection=allowed mode=\
dynamic-keys name=NetLAB-radius supplicant-identity=””

/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=\
NetLAB-radius ssid=NetLAB-WiFi wps-mode=disabled
set [ find default-name=wlan2 ] disabled=no mode=ap-bridge security-profile=\
NetLAB-radius ssid=NetLAB-WiFi wps-mode=disabled

/interface bridge
add name=WiFi-Users-Bridge

/interface bridge port
add bridge=WiFi-Users-Bridge interface=wlan1
add bridge=WiFi-Users-Bridge interface=wlan2
add bridge=WiFi-Users-Bridge interface=Vlan101-Users

/radius
add address=192.168.100.252 secret=******* service=wireless