Cannot Connect to the Wireless Network When Using 802.1x (WPA-EAP) for Authentication

03/26/2020 17 People found this article helpful 487,185 Views

Description

When using WPA-EAP, WPA-EAP2 or WPA-AUTO-EAP for authentication, SonicWall Wireless or SonicPoint is required to set Radius Server for Wifi client authentication. During the configuration process, you may encounter some issues. This article aims to show you how to do the troubleshooting when you cannot connect to the wireless network by 802.1x.

NOTE: In this scenario, 192.168.136.168 as Radius Client has been added on the Radius server 192.168.136.66.

Resolution

1. Check Radius Server Settings

Normally, Radius Server is configured in Wireless or SonicPoint page.

However, when doing troubleshooting, navigate to Users | Settings page. You can use Radius testing tool here.

1) Click Configure Radius button | Click tab Settings | Input the IP Address, Shared Secret and Port Number of your Radius Server

2) Click tab Test | Input User name , Password and Authentication type | Click Test button.

Issue A: Server Response Server Timeout.
Resolution A: On SonicWall, please double check the IP Address, Port Number of your Radius Server.
On Radius Server (Windows 2008 NPS), please check the Radius Client settings is correct and also ensure the Radius Server is available.

Issue B: Server Response RADIUS communication error.
Resolution B: Please check Shared Secret setting.

Issue C: Server Response Radius Client Authentication Failed.
Resolution C: Your User name, Password is not correct, or authentication methods is not enabled in the Network Policy on your Radius Server.

2. Check NAT Policy or Access Rule configuration on the SonicWall

When the testing is OK from DMZ interface 192.168.236.168 to the Radius server but you still cannot connect to the wireless network, please check whether there is any necessary NAT policy or Access Rule you need add.

1 ) On the Radius Server, if you add DMZ 192.168.136.168 as Radius Client and you access Radius server through WLAN interface 10.10.10.1. Go to Network | NAT Policies, you are required to add an NAT Policy on the firewall as following.

If there is no NAT policy, you may receive error on the NPS server as below picture. When capture the Radius packet , the Source IP is 10.10.10.1.

2) On the Radius Server, if you add WLAN ip 10.10.10.1 as Radius Client. You are required to add an Access Rule on the firewall as the Radius Server of LAN zone is inaccessible from wireless zone by default. Go to Firewall | Access Rules, add an Access Rule as following.

3. Check Wifi client Settings
On Radius Server, please check ther EAP Type. If just using password for authentication , please uncheck the option Validate server certificate on your WIFI client.

How to test:

When everything above configured correctly, you can connect your WIFI client to the network successfully by 802.1x protocol.

Related Articles
How to Block Google QUIC Protocol on SonicOSX 7.0?
How to block certain Keywords on SonicOSX 7.0?
How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories

Firewalls > TZ Series

Firewalls > SonicWall SuperMassive E10000 Series

Firewalls > SonicWall SuperMassive 9000 Series

Firewalls > SonicWall NSA Series
Not Finding Your Answers?
ASK THE COMMUNITY
Was This Article Helpful?
YES NO

Article Helpful Form

How may we assist you?
Hidden
SolutionID

Article Not Helpful Form

How may we assist you?
Hidden
SolutionID

Follow Us

© 2024 SonicWall. All Rights Reserved.

Legal
Privacy

Company

Careers
News
Leadership
Awards
Press Kit
Contact Us

Popular resources

Communities
Blog
SonicWall Capture Labs

Subscribe to newsletter

Stay In Touch

Email Address*

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
Hidden
Country
Hidden
Company

Hidden
States
Hidden
Dnb- ZIP

Hidden
Dnb- Phone
Hidden
elqCampaignId

Hidden
elqTrackId

Hidden
utm_campaign

Hidden
utm_medium

Hidden
utm_source

Hidden
utm_term

Hidden
utm_content

Hidden
gclid

Hidden
sfdc_campaign_id

Hidden
DnB - Address

Hidden
DnB - First Name

Hidden
DnB - Last Name

Hidden
DnB - Duns

Hidden
DnB - Global Ult (HQ) DUNS

Hidden
DnB - Global Ult (HQ) Company

Hidden
DnB - Employee Count

Hidden
DnB - Trade Name

Hidden
DnB - Currency

Hidden
DnB - Vanity Title

Hidden
DnB - Country

Hidden
DnB - State

Hidden
DnB - Zip

Hidden
DnB - City

Hidden
DnB - Global Employee Count

Hidden
DnB - SIC Code

Hidden
DnB - SIC Description

Hidden
DnB - NAICS Code

Hidden
DnB - NAICS Description

Hidden
DnB - Revenue

Hidden
DnB - Domain

Hidden
DnB - Business Phone

Hidden
DnB - Company

Hidden
DnB - DataSource

Hidden
DnB - DMACode

Hidden
DnB - EmployeeRange

Hidden
DnB - Fortune1000

Hidden
DnB - Fortune200

Hidden
DnB - Industry

Hidden
DnB - Postal Code

Hidden
DnB - PrimarySIC

Hidden
DnB - SubIndustry

Hidden
DnB - PrimaryNAICS

Hidden
DnB - StockTicker

Hidden
DnB - Revenue Range

Hidden
DnB - State or Province

Hidden
DnB - Website

Email
This field is for validation purposes and should be left unchanged.