Integrating SecureW2 with Cambium Networks

Integrating SecureW2 with Cambium Networks

SecureW2’s onboarding software brings certificate-based authentication to the masses. By leveraging existing infrastructure and integrating directly with Cambium APs, setting up a WPA2-Enterprise network with EAP-TLS authentication can be completed in mere hours. Certificates offer the highest level of network security and protect from a myriad of attacks; additionally, they can be configured for SSL inspection, VPN, wired security, and much more. This setup will demonstrate how to integrate with existing Cambium APs to configure certificate-based authentication for secure Wi-Fi access.

To complete this setup, you need to have already configured:

  • A SecureW2 Network Profile
  • Cambium Networks Access Points and controller

 

Creating an EAP-TLS Network Profile

  1. Login to the SecureW2 Management Portal
  2. Click Getting Started under Device Onboarding
  3. For the Profile Type, select Wireless
  4. Enter a name in the SSID field
  5. For the Security Type, select WPA2-Enterprise
  6. For the EAP Method, select EAP-TLS
  7. For the Policy, select DEFAULT
  8. Click Create, and the EAP-TLS Network Profile is added to the Network Profiles list

Creating a SecureW2 Network Profile with EAP-TLS authentication

 

Creating an SSID

  1. Login to cnMaestro (Cambium Networks Wireless Network Manager)
  2. Click New WLAN
  3. Create a new WLAN using the same SSID Name as early created for the SecureW2 Network Profile
  4. The new SSID gets added to the WLANs list as shown in the screenshot below

Creating the SSID in Cambium Networks

Configuring the SSID to Authenticate with 802.1x

  1. Click the name of the newly created SSID under WLANs in the earlier section and the following screen will appear

Displaying the screen that appears when editting the Cambium WLAN

  1. Navigate to Configurations > WLANs > Basic Settings
  2. Select WPA2-Enterprise (802.1x) from the Security drop-down list

 

Adding the SecureW2 RADIUS Server to the SSID

  1. Click Configurations > AAA Servers
  2. In the SecureW2 Management Portal, navigate to and click AAA Configuration under AAA Management
  3. Copy the Primary IP Address, Shared Secret, and Port and paste them in the 1. Host, Secret, and Port fields, respectively
  4. Navigate back to the SecureW2 Management Portal and copy the Secondary IP Address, Shared Secret, and Port and paste them in the 2. Host, Secret, and Port fields, respectively
  5. Click Save

Connecting SecureW2 RADIUS with the Cambium Network

 

Configuring and Open Onboarding SSID

  1. Click the name of the open SSID under WLANs in cnMaestro
  2. Navigate to Configurations > WLANs > Basic Settings
  3. Select Open from the Security drop-down list
  4. Navigate to Configurations > WLANs > Guest Access
  5. Under Whitelist, in the IP Address/Domain Name section, enter in the names that you want to permit in the walled garden and click Add
  6. Click Save

 

Configuring Redirect to SecureW2 Landing Page

  1. Navigate to Configurations > WLANs > Guest Access
  2. Click View on the Network Profile configured earlier and paste it in the External Page URL field
  3. Click Save

Configuring the redirect to the SecureW2 landing page

Concluding Thoughts

By clicking Save, the Cambium APs and controller have been successfully configured for a WPA2-Enterprise network with EAP-TLS authentication. Users can easily use the onboarding software to enroll for certificates and avoid disconnects from password-expiration policies. Also, without passwords, the network is protected from credential leaks, Evil Twin Attacks, and MITM attacks. So if you’d like to try out SecureW2, or have any questions about how we integrate with Cambium Networks, drop us a line! We are happy to introduce a network professional with a Cambium expert to facilitate a free trial and show how easy it can be to deploy certificate-based authentication.

Cambium Networks and Cambium Networks Wireless Network Manager are either registered trademarks or trademarks of Cambium Networks in the United States and/or other countries. Other trademarks, logos and service marks used in this site are the property of SecureW2 or other third parties.

  • Email addresses from free providers (Gmail, Hotmail, etc.) will not be accepted.
  • This field is for validation purposes and should be left unchanged.