Note : This is the classic/original FAQ. For the very latest articles and new content for UK/Ireland users, please visit the Product Knowledgebase here

DrayTek Logo

Vigor AP-700

Interal Radius Server

WPA2 with Radius Authentication

For additional security, wireless access can be restricted to authorised users only by use of a unique username and password for each user. This is in addition the encryption provided by WEP/WPA etc. When the user first opens their wireless connection, the AP-700 will request their username/password and not permit access to the LAN or Internet without it.

In Pre-Shared-Key mode a wireless access point authenticates WLAN users using a network password (the every WLAN connection would use the same password). An alteriative to this is using Radius for authentication. An advantage of this could be that to allow a visitor access to the WLAN you could create them a user account that they could use to connect to the wireless network and then when they've left you would simply need to disable their account, rather than changing the WPA2 security key on every WLAN device that is connected to the network

The AP-700 supports radius authentication using either the internal Radius server or separate Radius server that is running on the network. If a Radius server is available then this can make management of user credentials easier

The Vigor AP-700 should be in AP mode if you want to use RADIUS authentication. Log into the Vigor AP-700 web interface and set the mode to AP in the Basic setup menu.

Basic Settings - AP Mode

Then go to the Security section and select WPA-RADIUS, ideally use WPA2 (AES) for best speed and compatibility and tick the "Use Internal MD5/PEAP RADIUS Server" option, then click Apply – on the next screen, click Continue so that you can configure the RADIUS server without restarting.

If you wish to use a separate Radius server intead of the internal radius server then enter the Radius Servers IP Address and the shared secret password that the AP-700 should use when communicating with the Radius server

Security Settings

In the RADIUS Server section, tick Enable RADIUS Server and enter the username and password of the account that you wish to set up. Then click Add to add the user and click Apply to apply those changes – you will need to apply the settings and restart for each user added.

Radius Server

Now that that is set up, try accessing the wireless network from Windows:

Choose a wireless network

Once you try to connect, it will bring up an error message to say that it was unable to authenticate as shown below:

Choose a wireless network

To fix that, go back to the Choose a Wireless Network screen and select “Change the order of preferred networks”

Choose a wireless network

From there, select the wireless network that you are setting up RADIUS for and go to the properties:

Wireless network properties

On the Authentication tab, set the EAP type from Smartcard to Protected EAP (PEAP) and untick “Authenticate as computer when computer information is available” then click the Properties button, on there untick the “Validate server certificate” option and click the Configure button, untick the “Automatically use my Windows logon name and password (and domain if any)”, click OK on there and on the other properties screens, then try reconnecting to the wireless network

WLAN properties Authentication Tab

When you try to reconnect, windows will bring up a message asking for credentials to log on to the wireless connection, click that and enter the password, ticking the Save password option if available:

Wireless Network Connection

Enter Credentials

That should then allow the wireless network to connect using RADIUS / PEAP:

WLAN now connected

NOTICE : This document is © SEG Communications and may not be distributed without specific written consent. Information and products subject to change at any time without notice.