Ever wondered what that WPA2 Enterprise option is while you were configuring your wireless access point? And how is it different from WPA2 Personal?
The difference is that WPA2 Personal has a rather simple concept; it uses a password for all the users to type in if they want to connect to the network. And that’s it. But using this concept in a corporate environment exposes the company to being hacked by someone who previously was with the company but still has access to the wireless network (such as a disgruntled employee) or by a lost or stolen device with the password saved in it. And when this happens, the IT staff would be forced to change the network password and type it again in all the devices on the network, which can be very problematic and a hassle, especially for users that are not very tech savvy, requiring IT to do it for them.
So here comes WPA2 Enterprise, which instead of using a static password for everyone like WPA2 Personal does, WPA2 Enterprise uses a unique username & password for every users. It works by having the access point connect to a database first when a user tries to connect to the network, and checks to see if the credentials are valid every time they connect to the network.
This is done using a RADIUS server, which acts as an access control protocol, which provides the access point a way of communicating with most databases, such as Active Directory or LDAP. It also supports authentication via a certificate, instead of a username and password, which is a more secure way of authentication.
So using this method, if a user leaves the company or their device is stolen, all you have to do is disable that users account in the database, and the next time the access point tries to authenticate them, it will see they have been disabled, and will not allow them to connect. This is much easier than having to change the password on every device on the network.
Now, to set it up, you just need a server with whatever server operating system, set up your user database, then configure your wireless access point with your server for the user database, then configure the devices to use WPA2 Enterprise, and lastly, choose the authentication method that you want to use for the radius server. Now you’re all set!
Thank you for watching, and I hope this video was helpful.