TP-LINK Archer C6 AC1200 – Authentication on the Active Directory

0
32



Would you like to learn how to configure the Active Directory authentication on the TP-LINK ARCHER C6 AC1200? In this tutorial, we are going to show you how to configure the AC1200 router to authenticate users using the Radius protocol on the Active Directory.

• TP-LINK ARCHER C6 AC1200 – Version 2.0
• Windows 2012 R2

We are going to use the Radius protocol to perform the Active Directory authentication.

In our example, the Radius server IP address is 192.168.0.200.

In our example, the AC1200 IP address is 192.168.0.1.

Hardware List:

The following section presents the list of equipment used to create this tutorial.

Every piece of hardware listed above can be found at Amazon website.






Tutorial – Radius Server Installation on Windows

• IP – 192.168.0.200
• Operacional System – Windows 2012 R2
• Hostname – TECH-DC01
• Active Directory Domain: TECH.LOCAL

Open the Server Manager application.

Access the Manage menu and click on Add roles and features.

Windows 2012 add role

Access the Server roles screen, select the Network Policy and Access Service option.

Click on the Next button.

Network Policy and Access Service

On the following screen, click on the Add features button.

network policy features

On the Role service screen, click on the Next Button.

network policy server

On the next screen, click on the Install button.

radius server installation on windows

You have finished the Radius server installation on Windows 2012.



Tutorial Radius Server – Active Directory Integration

Next, we need to create at least 1 account on the Active directory.

The ADMIN account will be used to connect to the wireless network of the AC1200 router.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: ADMIN

Password configured to ADMIN: 123qwe123.

This account will be used to connect to the wireless network of the AC1200 router.

active directory admin accountzabbix active directory admin properties

Congratulations, you have created the required Active Directory accounts.

Next, we need to create at least 1 group on the Active directory.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new group inside the Users container.

Radius Active directory group

Create a new group named: WIRELESS-USERS.

Members of this group will be able to connect to the wireless network of the AC1200 router.

WIRELESS-USERS

Important! Add the ADMIN account as a member of the WIRELESS-USERS group.

Wireless users Active directory

Congratulations, you have created the required Active Directory group.



Tutorial Radius Server – Add Client Devices

On the Radius server, open the application named: Network Policy Server

You need to authorize the Radius server on the Active directory database.

Right-click on NPS(LOCAL) and select the Register server in Active Directory option.

authorize radius server on windows

On the confirmation screen, click on the OK button.

Next, you need to configure Radius clients.

Radius clients are devices that will be allowed to request authentication from the Radius server.

Important! Do not confuse Radius clients with Radius users.

Right click on Radius Clients folder and select the New option.

AC1200 Active directory authentication

Here is an example of a Client configured to allow the AC1200 router to connect to the Radius server.

You need to set the following configuration:

• Friendly name to the device – Add a description to your Wireless router.
• Device IP Address – IP address of your AC1200 router.
• Device Shared secret – kamisama123.

The Shared secret will be used to authorize the device to use the Radius server.

You have finished the Radius client configuration.

Tutorial Radius Server – Configure a Network Policy

Now, you need to create a Network Polity to allow authentication.

Right click on the Network Policies folder and select the New option.

Enter a name to the network policy and click on the Next button.

nps - network policy name

Click on the Add condition button.

We are going to allow members of the WIRELESS-USERS group to authenticate.

Select the User group option and click on the Add button.

nps - user group condition

Click on the Add Groups button and locate the WIRELESS-USERS group.

Windows radius Wireless users

Select the Access granted option and click on the Next button.

This will allow members of the WIRELESS-USERS group to authenticate on the Radius server.

NPS Access granted

On the Authentication Methods screen, select the Unencrypted authentication (PAP, SPAP) option.

Radius server authentication method

If the following warning is presented, click on the No button.

NPS Warning message

Click on the Next button until the summary screen is displayed.

Verify the Radius server configuration summary and click on the Finish button.

Congratulations! You have finished the Radius server configuration.

Archer C6 AC1200 – Radius authentication

Open your browser and enter the IP address of your wireless router.

In our example, the following URL was entered in the Browser:

• http://192.168.0.1

The AC1200 web interface should be presented.

On the login screen, enter the management password.

ARCHER C6 - LOGIN SCREEN

Access the Advanced tab on the top of the screen.

ARCHER C6 - Advanced menu

Access the WIRELESS menu and select the WIRELESS SETTINGS option.

ARCHER C6 - Wireless menu

On the Wireless settings screen, perform the following configuration:

• Enable Wireless Radio – Yes.
• Network name – Enter the desired SSID name.
• Security – WPA2-Enterprise.
• Version – WPA2-PSK.
• Encryption – AES.
• Radius server IP – The IP address of the Radius server.
• Radius port – 1812.
• Radius password – The device secret configured on the Radius server.

Click on the Save button.

Archer C6 AC1200 - Radius authentication

Try to connect a device to the new wireless network.

Use the username and password configured on the Radius server.

In our example, we were able to authenticate using the following credentials.

Copy to Clipboard

Congratulations, you have configured the Active Directory authentication on the AC1200 router.



The post TP-LINK Archer C6 AC1200 – Authentication on the Active Directory appeared first on TechExpert.

Sumber: TechExpert

LEAVE A REPLY

Please enter your comment!
Please enter your name here