Configuring UniFi Wireless Network for WPA-Enterprise with External RADIUS Server
This guide will walk you through the steps to configure a UniFi wireless network for WPA-Enterprise authentication using an external RADIUS server.
Prerequisites
- UniFi Controller installed and accessible.
- External RADIUS server configured and accessible.
- Administrative access to the UniFi Controller and RADIUS server.
Step 1: Configure the RADIUS Server Profile in UniFi
- Log in to your UniFi Controller.
- Navigate to Settings > Profiles > RADIUS.
- Click on Create New RADIUS Profile.
- Enter the following details:
| Setting | Value |
|---|---|
| Profile Name | Enter a name for the RADIUS profile |
| RADIUS Server | Enter the IP address of the RADIUS server |
| RADIUS Port | Enter the port number (default is 1812) |
| RADIUS Secret | Enter the shared secret for the RADIUS server |
| Authentication Servers | Enter the IP address of the RADIUS server(s) |
| Accounting Servers | Do not configure |
- Click Save to create the RADIUS profile.
Step 2: Configure the Wireless Network for WPA-Enterprise
- In the UniFi Controller, navigate to Settings > WiFi.
- Click on Create New WiFi Network.
- Enter the following details:
| Setting | Value |
|---|---|
| Name/SSID | Enter the SSID for the WiFi network |
| Security | Select WPA-Enterprise |
| RADIUS Profile | Select the RADIUS profile created earlier |
| VLAN | (Optional) Enter the VLAN ID if applicable |
- Click Save to create the WiFi network.
Step 3: Configure EasyRadius
Ensure your EasyRadius instance is configured to handle authentication requests from the UniFi devices. It's important that the client entry in the EasyRadius portal is created with the public ip that it connects to EasyRadius from.
After adding the client entry it can take up to 2 minutes before configuration is applied.
Step 4: Deploy WiFi profile using MDM
See this guide.