Versions Compared

Old Version 24

changes.mady.by.user Chandrakanth Pokuru

Saved on

compared with

New Version 25

changes.mady.by.user Chandrakanth Pokuru

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

      • The Passpoint profile on the client device needs to specify the EAP method (either EAP-TTLS or EAP-PEAP) and the credentials (username and password) that the client will use to authenticate.
      • The profile also contains the identity provider (IDP) information that allows the device to automatically connect to Passpoint-enabled networks.

Steps:

        • Configure the ANQP (Access Network Query Protocol) settings on the Wi-Fi AP to advertise support for EAP-TTLS or EAP-PEAP.
        • On the client device, create a Passpoint configuration profile that specifies the username and password for authentication, as well as the EAP type (EAP-TTLS or EAP-PEAP)
        • draw.io Diagram
          bordertrue
          diagramNameexpp
          simpleViewerfalse
          width
          linksauto
          tbstyletop
          lboxtrue
          diagramWidth421
          revision1

6.Install the Passpoint Profile on Client Devices:

      • The Passpoint profile containing the username, password, and EAP method needs to be installed on the client device.
      • The client device must also have the CA certificate installed to trust the RADIUS server’s certificate.

Steps:

        • For Windows/macOS/Linux: Use the system’s network manager or profile manager to install the profile.
        • For Android and iOS devices: The Passpoint profile can be pushed via Mobile Device Management (MDM), or users can install it manually.

7. EAP-TTLS or EAP-PEAP Authentication Workflow:

When the client with a Passpoint profile containing the username and password tries to connect to a Passpoint-enabled Wi-Fi network, the following occurs:

Steps:

        1. The client sends an authentication request to the AP.
        2. The AP forwards this request to the RADIUS server.
        3. The RADIUS server responds with its certificate to establish a secure TLS tunnel.
        4. The client validates the server certificate (using the CA certificate installed on the client device).
        5. The client sends the username and password (inside the secure TLS tunnel) to the RADIUS server.
        6. The RADIUS server verifies the username and password by checking the credentials against its backend database (such as LDAP, AD, etc.).
        7. Upon successful authentication, the client is granted access to the Wi-Fi network.
        8. A secure TLS session is established for the client’s data to be transmitted securely.

8. User Experience:

Once the Passpoint profile with the username and password is configured, the client device can automatically connect to Passpoint-enabled networks that support EAP-TTLS or EAP-PEAP without needing to re-enter the credentials.

The client device will also automatically authenticate securely, ensuring a seamless and secure experience.