Purpose
This guide explains how to configure RADIUS Authentication & Accounting in Pronto Networks dashboard for secure Wi-Fi access.
Used when:
· You want username/password login (Enterprise Wi-Fi)
· Centralized authentication via RADIUS server
· User tracking & session logging required
Step 1: Navigate to RADIUS Configuration
From Dashboard: Configure → Organization → Radius Configuration
This is the central place where all RADIUS servers are created and managed.
Step 2: Create Authentication RADIUS Server
RADIUS Configuration Screen
Fields Explanation
Field | What it Means |
RADIUS Name | Any friendly name (e.g., Radius-Pronto) |
RADIUS IP | IP address of your RADIUS server |
RADIUS Port | Default 1812 (used for authentication) |
RADIUS Secret | Password shared between AP & RADIUS server |
Type | Select RADIUS (for authentication) |
Click Create RADIUS
This server will be used to authenticate users (login process)
Step 3: Create RADIUS Accounting Server
Why is this needed?
Tracks:
· User login/logout
· Session duration
· Usage details
Field Explanation
Field | Explanation |
RADIUS Name | Example: Radius-Accounting-Pronto |
RADIUS IP | Same as authentication server (if using same server) |
RADIUS Port | 1813 → Used for accounting logs |
RADIUS Secret | Must match server configuration |
Type | Select RADIUS Accounting |
Important Note
Authentication (1812) and Accounting (1813) are different functions
Type | Purpose |
RADIUS (1812) | Authenticates user (login) |
RADIUS Accounting (1813) | Tracks session, usage, logs |
Both should be configured for complete enterprise setup
Common Mistake
Only configuring Authentication (1812)
Result: Users can log in, but no session logs / tracking
Correct approach:
Configure both 1812 + 1813
Click Create RADIUS
Now both servers will appear in list
Step 4: Verify Configured Servers
Configured RADIUS Servers Table
What customers should check:
· Authentication Server → Port 1812
· Accounting Server → Port 1813
· IP address is correct
· Both entries are visible
Step 5: Go to SSID Configuration
Configure → Network SSIDs
Click Edit on required SSID
Step 6: Configure SSID for Enterprise Authentication
⚙️ Edit SSID Screen
Important Settings 🔐 Association
Select:
WPA2-Enterprise
This enables RADIUS login instead of password-based Wi-Fi
Step 7: Configure RADIUS in SSID
RADIUS Configuration Section
Fields Explained
Field | Meaning |
RADIUS Authentication Server | Select server created in Step 2 |
RADIUS Accounting Enabled | Enable (recommended) |
RADIUS Accounting Server | Select accounting server |
Default Interim Update Time | Default: 300 sec (session update interval) |
RADIUS Gateway Proxy | Usually Disabled |
Default Idle Timeout | Time after user inactivity (e.g., 1800 sec) |
MAC Auth | Used for device-based authentication (optional) |
Click Update SSID
Step 8. Client-Side Configuration (Android) (EAP-TLS Wi-Fi Connection)
Step 8.1: Download Certificates
Use this link to download certificate certs
User must have:
· CA Certificate (ca.crt)
· Client Certificate (client.p12)
On your mobile navigate to
Files > downloads> Download folder showing .crt and .p12
Step 8.2: Install Certificates
Navigate:
Settings → Network & Internet → Internet → Network Preferences → Install Certificates
Actions:
· Select .p12 file
· Enter password (whatever is the password)
· Name the certificate
1. Settings screen
2. Network & Internet
3. Go to Network Preferences and select the Install Certificates
4. Select the Client Certificate to install.
5. Password prompt (Password is “whatever”) and name of the certificate
6. Validate that you get certificate installed screen
Step 8.3: Connect to SSID
Open Wi-Fi → Select SSID (Hotspot-1.0)
Step 8.4: Configure EAP-TLS Settings
Set the following options as defined below:
Field | Value |
EAP Method | TLS |
CA Certificate | Pronto-Radius-CA |
User Certificate | Client2 |
Domain | wifi.prontonetworks.com |
Identity | Client2 |
1. EAP Method dropdown (TLS selection)
2. Install certificates option
3. CA certificate selection
4. Client certificate selection
5. Final config screen (with all fields filled)
Step 8.5: Connect
Click Connect
Step 8.6: Verification
After setup:
· SSID visible
· No password prompt
· Device connects
· Internet working
Step 9: Client-Side Configuration (iOS) (EAP-TLS Wi-Fi Connection)
Step 9.1:
Download both Certificates (Client and CA) from this link (---) and save them in your file manager.
Step 9.2: Certificate file validation and profile import
· Confirm that certificates are visible in your downloaded files.
· Import Client.p12 profile in iPhone
Step 9.3: Install the imported profile in iPhone
· Go to General Settings and select VPN & Device Management
· Select Downloaded profile (Identity Certificate)
· Install the Identity Certificate
· Use the passcode “whatever” to install the certificate
· Port certificate installation validate you are able to see Client2 Profile
Step 9.4: Import CA certifiate profile and install
· Go to again in File manager and select Ca.cert
· Now again go to General Settings and select VPN & Device Management
· Now you will see ProntoRootCA downloaded profile, select it to install
· Install the CA profile to trust by your Iphone.
Step 9.5: Test the authentication using installed certificates
· Go to Wifi section and select Hotspot-1.0 (SSID created and setup with radius based auth)
· In Mode select EAP-TLS auth method and in Identity select Client2 certificate we have installed
· Now click on connect icon and select to Trust the ProntoRootCA certificate if prompted.
· Validate your connection and test the connectivity
Common Issues
1. User cannot connect
Check:
WPA2/WPA3 Enterprise selected?
Correct RADIUS server selected?
2. Authentication failed
Check:
RADIUS IP correct?
Secret mismatch?
Port 1812 open?
3. No user logs
Check:
Accounting enabled?
Port 1813 configured?
4. Connected but no internet
Check:
VLAN settings
DHCP working?
Gateway reachable?
Best Practices
Always configure Authentication + Accounting both
Keep Interim Update Time = 300 sec
Use strong RADIUS Secret
Ensure RADIUS reachable from network
Use WPA3-Enterprise if supported
Quick Summary
Create RADIUS Server
Create Accounting Server
Edit SSID
Enable Enterprise Security
Map RADIUS Servers
Install certificates
Connect using TLS


























