Skip to main content

How do I Configure RADIUS Authentication for Wi-Fi

Pronto Networks – RADIUS Configuration Guide

Written by Sunny

Purpose 

This guide explains how to configure RADIUS Authentication & Accounting in Pronto Networks dashboard for secure Wi-Fi access. 

Used when: 

· You want username/password login (Enterprise Wi-Fi)  

· Centralized authentication via RADIUS server  

· User tracking & session logging required  
​ 

Step 1: Navigate to RADIUS Configuration 

From Dashboard: Configure → Organization → Radius Configuration 

This is the central place where all RADIUS servers are created and managed. 

Step 2: Create Authentication RADIUS Server 

RADIUS Configuration Screen 

Fields Explanation  

Field

What it Means

RADIUS Name

Any friendly name (e.g., Radius-Pronto)

RADIUS IP

IP address of your RADIUS server

RADIUS Port

Default 1812 (used for authentication)

RADIUS Secret

Password shared between AP & RADIUS server

Type

Select RADIUS (for authentication)

Click Create RADIUS

This server will be used to authenticate users (login process)

Step 3: Create RADIUS Accounting Server 

Why is this needed? 

Tracks: 

· User login/logout  

· Session duration  

· Usage details  
​ 

Field Explanation

Field

Explanation

RADIUS Name

Example: Radius-Accounting-Pronto

RADIUS IP

Same as authentication server (if using same server)

RADIUS Port

1813 → Used for accounting logs

RADIUS Secret

Must match server configuration

Type

Select RADIUS Accounting

  

Important Note  

Authentication (1812) and Accounting (1813) are different functions

Type

Purpose

RADIUS (1812)

Authenticates user (login)

RADIUS Accounting (1813)

Tracks session, usage, logs

Both should be configured for complete enterprise setup
​ 

Common Mistake  

  • Only configuring Authentication (1812) 
    Result: Users can log in, but no session logs / tracking

  • Correct approach: 
    Configure both 1812 + 1813

Click Create RADIUS

Now both servers will appear in list 

Step 4: Verify Configured Servers 

Configured RADIUS Servers Table 

What customers should check: 

· Authentication Server → Port 1812  

· Accounting Server → Port 1813  

· IP address is correct  

· Both entries are visible  

Step 5: Go to SSID Configuration 

Configure → Network SSIDs

Click Edit on required SSID 


 Step 6: Configure SSID for Enterprise Authentication 

⚙️ Edit SSID Screen 


Important Settings 🔐 Association

Select: 

  • WPA2-Enterprise

  • This enables RADIUS login instead of password-based Wi-Fi 

Step 7: Configure RADIUS in SSID 

RADIUS Configuration Section 

Fields Explained 

Field

Meaning

RADIUS Authentication Server

Select server created in Step 2

RADIUS Accounting Enabled

Enable (recommended)

RADIUS Accounting Server

Select accounting server

Default Interim Update Time

Default: 300 sec (session update interval)

RADIUS Gateway Proxy

Usually Disabled

Default Idle Timeout

Time after user inactivity (e.g., 1800 sec)

MAC Auth

Used for device-based authentication (optional)

Click Update SSID

Step 8. Client-Side Configuration (Android) (EAP-TLS Wi-Fi Connection)

Step 8.1: Download Certificates

Use this link to download certificate certs

User must have: 

· CA Certificate (ca.crt)  

· Client Certificate (client.p12)  

On your mobile navigate to  

Files > downloads> Download folder showing .crt and .p12 

Step 8.2: Install Certificates

Navigate: 

Settings → Network & Internet → Internet → Network Preferences → Install Certificates 

Actions: 

· Select .p12 file  

· Enter password   (whatever is the password)

· Name the certificate  

1. Settings screen  

2. Network & Internet  

3. Go to Network Preferences and select the Install Certificates

4. Select the Client Certificate to install.

5. Password prompt (Password is “whatever”) and name of the certificate 

6. Validate that you get certificate installed screen  

Step 8.3: Connect to SSID 

Open Wi-Fi → Select SSID (Hotspot-1.0) 

Step 8.4: Configure EAP-TLS Settings

Set the following options as defined below:

Field

Value

EAP Method

TLS

CA Certificate

Pronto-Radius-CA

User Certificate

Client2

Domain

wifi.prontonetworks.com

Identity

Client2

1. EAP Method dropdown (TLS selection)  

2. Install certificates option  

3. CA certificate selection  

4. Client certificate selection

5. Final config screen (with all fields filled)  

Step 8.5: Connect 

Click Connect

Step 8.6: Verification 

After setup: 

· SSID visible 

· No password prompt

· Device connects 

· Internet working 

Step 9: Client-Side Configuration (iOS) (EAP-TLS Wi-Fi Connection)

Step 9.1:

Download both Certificates (Client and CA) from this link (---) and save them in your file manager.

Step 9.2: Certificate file validation and profile import

· Confirm that certificates are visible in your downloaded files.

· Import Client.p12 profile in iPhone

Step 9.3: Install the imported profile in iPhone

· Go to General Settings and select VPN & Device Management

· Select Downloaded profile (Identity Certificate)

· Install the Identity Certificate

· Use the passcode “whatever” to install the certificate

· Port certificate installation validate you are able to see Client2 Profile

Step 9.4: Import CA certifiate profile and install

· Go to again in File manager and select Ca.cert

· Now again go to General Settings and select VPN & Device Management

· Now you will see ProntoRootCA downloaded profile, select it to install

· Install the CA profile to trust by your Iphone.

Step 9.5: Test the authentication using installed certificates

· Go to Wifi section and select Hotspot-1.0 (SSID created and setup with radius based auth)

· In Mode select EAP-TLS auth method and in Identity select Client2 certificate we have installed

· Now click on connect icon and select to Trust the ProntoRootCA certificate if prompted.

· Validate your connection and test the connectivity

Common Issues

1. User cannot connect

Check:

  • WPA2/WPA3 Enterprise selected?

  • Correct RADIUS server selected?


2. Authentication failed

Check:

  • RADIUS IP correct?

  • Secret mismatch?

  • Port 1812 open?


3. No user logs

Check:

  • Accounting enabled?

  • Port 1813 configured?


4. Connected but no internet

Check:

  • VLAN settings

  • DHCP working?

  • Gateway reachable?


Best Practices

  • Always configure Authentication + Accounting both

  • Keep Interim Update Time = 300 sec

  • Use strong RADIUS Secret

  • Ensure RADIUS reachable from network

  • Use WPA3-Enterprise if supported


Quick Summary

  • Create RADIUS Server

  • Create Accounting Server

  • Edit SSID

  • Enable Enterprise Security

  • Map RADIUS Servers

  • Install certificates

  • Connect using TLS

Did this answer your question?