Guides 3 Tips for Deploying a RADIUS Server for Wi-Fi Security

3 Tips for Deploying a RADIUS Server for Wi-Fi Security

Getting ready to deploy a RADIUS server so you can utilize 802.1X authentication for enterprise Wi-Fi security? There are a few tips you should consider before moving forward.

Check your existing servers for RADIUS functionality

Before purchasing or setting up a server specifically for RADIUS, ensure you don’t already have the functionality in any existing server. Windows Server Tutorials If you have a Windows Server, for instance, you can use the Internet Authentication Service (IAS) component in Windows Server 2003 R2 and earlier, or the Network Policy Server (NPS) component in Windows Server 2008 and later.

Other network components can also have a built-in RADIUS server, such as network-attached storage (NAS) servers and even in some wireless access points.

Consider other server alternatives

For large networks with hundreds of Wi-Fi users, an on-premises server dedicated for RADIUS is likely the best option. But before purchasing a server, consider using the free and open source FreeRADIUS.

For small and medium-sized networks, there are other alternatives you should investigate that could save you significant time and money. There are cloud-hosted RADIUS solutions that don’t require you to set up a server at all — so no time needed to spend on installation, configuration or maintenance. As briefly mentioned, there are also some network-attached storage (NAS) servers and wireless access points that have a built-in RADIUS server. However, these solutions are generally best suited for very small networks due to the lack of computing resources dedicated for the server.

If a traditional on-premises server is desired, again first determine if the free and open source FreeRADIUS server might work. However, it’s best to have some Linux and command-line experience when working with FreeRADIUS. If you want more of an out-of-the-box GUI solution, consider one of lower-cost server solutions, such as TekRADIUS or ClearBox.

Choose a EAP type

As you might be aware, there are multiple ways you can deploy 802.1X authentication, based upon which EAP type you choose. The two most popular EAP types are PEAP and TLS. PEAP is easier to set up and use, and it enables Wi-Fi users to log in with usernames and passwords. Pretty much all operating systems these days make it quick and simple to log in via PEAP, so you’ll likely just have to inform users of their credentials and they’ll be able to log in.

TLS is a more complex solution, but it does offer better overall security. You’ll need to give each Wi-Fi user a digital certificate or SmartCard, which must be installed on the devices before they can connect to the Wi-Fi. Since you must give each user a unique certificate file or SmartCard, the process takes considerably more time and effort from everyone.

Check out previous articles

We have previously discussed additional tips you can utilize when implementing a RADIUS server for Wi-Fi security. You may find some of these previous articles useful: 4 Mistakes to Avoid When Deploying a RADIUS Server, Troubleshooting RADIUS Server or Client Issues, Enabling Server Validation for Windows and Android 802.1X Clients, and 5 Free RADIUS Testing and Monitoring Tools.

Eric Geier is a freelance tech writer — keep up with his writings on Facebook. He’s also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, an on-site RF site surveying and other computer services company.

Follow ServerWatch on Twitter and on Facebook

Latest Posts

How to Convert a Physical Computer to a Virtual Machine

Many organizations are implementing virtualization technology into their networks to convert physical computers to virtual machines (VM). This helps reduce overall physical hardware costs,...

HPE ProLiant DL380 Gen10: Rack Server Overview and Insight

The HPE ProLiant DL380 series has consistently been a market leader in the server space. The Gen10 released in 2017 further increased HPE's market...

Best Server Management Software & Tools 2021

Finding the best server management software tools for your organization can have a major impact on the success of your business operations. Manually handling...

IBM AS/400: Lasting the Test of Time

Some server operating systems (OS) were built to survive the test of time – the IBM AS/400 is one such system.  The AS/400 (Application System/400)...

What is Disaster Recovery?

The modern organization's heavy dependence on using data to drive their business has made having a Disaster Recovery (DR) plan in place a necessity....

Related Stories