Use the Router's Internal RADIUS Server for Local 802.1X Authentication

This document demonstrates how to use the router's Local 802.1X to authenticate wireless clients. Since firmware version 3.8.1, Vigor Router supports Local 802.1X which can be regarded as a built-in RADIUS server. It can act as authenticator and authentication server simultaneously and authenticate wireless or wired clients by the user profiles stored on it.

Configuration of the router

1. First of all, make sure Wireless LAN is enabled and SSID are ready.

2. Create a user profile for the wireless client. Go to User Management >> User Profile, click on an index number to add/edit a profile:

1. Enable this account.
2. Enter username and password, confirm the password again.
3. Enable Local 802.1X at Internal Services, so that this user profile can be used by 802.1X authentication.
4. Click OK to save

NOTE: For 802.1X authentication by Local 802.1X, Vigor Router now supports PEAP for phase 1 and MSCHAPV2 for phase 2.

3. Set up Security for the Wireless LAN. Go to Wireless LAN >> Security, select a security Mode that uses 802.1X, and click Wireless LAN 802.1X Setting.

4. In Wireless LAN 802.1X Setting page, set Authentication Type to "Local 802.1X" and select "Enable," so the router will use the user profiles on the router to authenticate wireless clients. Then click OK to apply.

NOTE: In this page, it shows all the user profiles on the router. In the right column are the ones that have Local 802.1X enabled and can be used for 802.1X authentication. For example, the profile created in step 2 will be listed here. In the left column are the ones that don't enable Local 802.1X; however, we may select those profiles, and click ">>" to move it to "Enable Local 802.1X" list, then they will be ready for 802.1X authentication as well.

Wireless Client Connecting

5. After the above configuration, wireless clients can join the network by entering the user name and password set in the router's user profiles.

6. In Diagnostics >> Authentication Information, we can check the failed authentication attempts from Authentication User List tab and the logs about authentication.