Configure 802.1x network security and manage user certificates

You can enable 802.1x security and configure the EAP method for Pearl-2 to use for secure network access using the Admin panel. Supported EAP methods include:

  • PEAP (default)
  • EAP-TLS
  • EAP-TTLS

Important considerations

  • If TLS authentication is used on the network, then you need to get a user certificate and a user private key from the network administrator and upload those to Pearl-2 as part of this procedure.
  • Before you proceed with this setup, check that the network server's signed CA certificate appears in the list of CA certificates on Pearl-2 and is valid, see Manage CA and self-signed certificates.
  • If the network server's CA certificate doesn't appear in the list of signed CA certificates and you can't obtain a valid signed CA certificate for network server authentication, do not check Verify server's identity when performing this setup.
  • Security certificates must be PEM encoded.

Configure 802.1x and upload the user certificate and user private key using the Admin panel

  1. Login to the Admin panel as admin, see Connect to Admin panel.
  1. From the Configuration menu, select Network. The Network configuration page opens.
  2. Under IEEE 802.1x, check Enabled and select an EAP method: PEAP, EAP-TLS, or EAP-TTLS.

  1. (Optional) Check Verify server's identity.
  2. Choose an Authentication method if you selected EAP-TTLS as the EAP method. The authentication method is automatically selected if PEAP or EAP-TLS is the EAP method.
  3. Authentication methods

    EAP method Authentication method
    PEAP EAP-MSCHAPv2
    EAP-TLS TLS
    EAP-TTLS EAP-MSCHAPv2
    TLS
    PAP
  4. Enter the network access User name and Password to use for this device. Available fields depend on the EAP method that is selected.
  1. If TLS is chosen as the Authentication method, upload a user certificate and a user private key. You can request those from your network administrator.
  1. Click Apply when you're done.
  2. Reboot Pearl-2 when prompted. After the system has finished rebooting, log back in to the Admin panel as admin and verify that all changes were applied.

If you need to delete the user certificate or private key, click Delete certificate.