# HOWTO: Wireless WPA2-Enterprise Connection



## vermaden (May 9, 2013)

Below are working configs and steps to connect to a WPA2-Enterprice wireless network.


```
# cat /etc/wpa_supplicant.conf
network={
  ssid="NETWORK"
  scan_ssid=1
  key_mgmt=WPA-EAP
  identity="USERNAME"
  password="PASSWORD"
  eap=PEAP
  phase1="peaplabel=0"
  phase2="auth=MSCHAPV2"
}
```

Now connect.

```
# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf
Trying to associate with 00:00:00:00:00:00 (SSID='NETWORK' freq=2442 MHz)
Associated with 00:00:00:00:00:00
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=COM/O=ORGANIZATION/OU=AUTHORITY/CN=LEVEL'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=COM/O=ORGANIZATION/OU=AUTHORITY/CN=LEVEL'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=COM/O=ORGANIZATION/OU=AUTHORITY/CN=LEVEL'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=COM/O=ORGANIZATION/OU=AUTHORITY/CN=LEVEL'
EAP-MSCHAPV2: Authentication succeeded
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:00:00:00:00:00 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:00:00:00:00:00 completed (auth) [id=7 id_str=]
```

Here is the associated connection.

```
# ifconfig wlan0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:00:00:00:00:00
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
        status: associated
        ssid NETWORK channel 7 (2442 MHz 11g) bssid 00:00:00:00:00:00
        country US authmode WPA2/802.11i privacy ON deftxkey UNDEF
        AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 15 bmiss 10 scanvalid 450
        bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5
        protmode CTS wme roaming MANUAL
```

Lets get an IP address.

```
# dhclient wlan0
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 10.0.0.1
bound to 10.0.0.101 -- renewal in 345600 seconds.
```

After getting an IP address.

```
# ifconfig wlan0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:00:00:00:00:00
        inet 10.0.0.101 netmask 0xffffff00 broadcast 10.0.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
        status: associated
        ssid NETWORK channel 7 (2442 MHz 11g) bssid 00:00:00:00:00:00
        country US authmode WPA2/802.11i privacy ON deftxkey UNDEF
        AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 15 bmiss 10 scanvalid 450
        bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5
        protmode CTS wme roaming MANUAL
```

For obvious security reasons things like certificates and MAC addresses in command outputs have been changed.


----------



## torr_from_fallout2 (May 10, 2013)

Thank you! I was about to post how to do this but you answered my question before I got a chance to ask!

Thanks again!


----------



## UnixRocks (Nov 16, 2017)

Wow, whilst renovating our building some dingleberry didn't plan ahead for the wiring closet move. We are losing our wired network tomorrow (17 November 2017) until the first of the year. We are supposed to just switch to corporate wireless and use our laptops.

Thing is, all my stuff is on my FreeBSD workstation and includes a large amount of data, more than will fit on my corporate supplied laptop. So I had to get a wireless adapter installed. *Finally* got the wireless working on our WPA2-Enterprise wireless network thanks to this post. Whew!


----------



## vermaden (Nov 17, 2017)

@ UnixRocks
Welcome


----------

