Passwordless 802.1X with Cloud RADIUS and a Sophos Access Point:
This article explains how to configure a Sophos Access Point (AP) with Cloud RADIUS for passwordless 802.1X authentication and jump to a Zero Trust architecture. Integrating Cloud RADIUS with any Access Point is really easy because it comes already setup for passwordless WPA2-Enterprise authentication. No need to setup servers or Certificate Authorities.
Prerequisites
- Sophos Central Account
- Sophos Access Point (AP)
- Cloud RADIUS Subscription
Configuring Sophos Central Account:
First, we need to create a new SSID in our Sophos Central Account that we can configure for WPA2-Enterprise.
Configuring an SSID on Sophos Central
- Go to Wireless > SSIDs.
- Click Create.
- Ensure that the Basic Settings looks like the table below.
- In SSID, Enter the Name you want your wireless network to be in the Case-Sensitive format.
- Select WPA2-Enterprise in Encryption mode.
- In the Encryption Algorithm, the Advanced Encryption Standard (AES) is the default algorithm. It is highly recommended to use this. as a quick and strong cipher and it is accepted widely.
- Set aside the rest of the settings, because we need to get the info from our SecureW2 Management Portal.
| Settings | Value |
| SSID | The name is case-sensitive. |
| Encryption Mode | WPA2 Enterprise |
| Encryption Algorithm | AES |
| RADIUS Server IP | The IP address for Cloud RADIUS |
| RADIUS Port | Enter the Port for Cloud RADIUS |
| Shared Secret | Enter the Shared Secret found in your Cloud RADIUS AAA Configuration settings. |
| Frequency Band | 2.4 GHz and 5 GHz |
Configuring Sophos with Cloud RADIUS
By integrating with Cloud RADIUS with a Sophos AP, you can tie your Identity Provider(Azure AD, Okta, Google) to WPA2-Enterprise network security. In WPA2-Enterprise Network, enter the Cloud RADIUS the Primary IP Address and Secondary IP Addresses in your AP to check and verify the multiple user ID and Passwords. If the primary IP Address does not work, the Secondary IP Address can also be used..
Getting the Cloud RADIUS Configuration For WPA2-Enterprise
- Login to the SecureW2 Management Portal
- Select AAA Management and then click AAA Configuration. The RADIUS Configuration dialog box will appear.
- If it does not appear, you may have the need to run the Getting Started Wizard when you signed in to the portal.
- If it does not appear, you may have the need to run the Getting Started Wizard when you signed in to the portal.
- Take the Primary IP Address, Authorization Port, and Shared Secret and put it in their respective sections in the SSID we created earlier in Sophos Central.
- If does not appear, Take the Secondary IP Address, Accounting Port, and Shared Secret and put it in their respective sections in the SSID we created earlier in Sophos Central.
- If does not appear, Take the Secondary IP Address, Accounting Port, and Shared Secret and put it in their respective sections in the SSID we created earlier in Sophos Central.
Now that you have created a WPA2-Enterprise SSID, you can now enroll your users for Digital Certificates using Azure, Okta or Google Identity Provider for ultra-secure passwordless Wi-Fi authentication. To learn how, follow our documentation below: