Wi-Fi employee access – Mist

In this topic, you will learn how to configure the Mist Cloud to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Wi-Fi connections.

WPA2/WPA3 Enterprise

In this section, you will configure your Mist Cloud AP to work with WPA2/WPA3 Enterprise and Portnox Cloud RADIUS servers.

  1. In the Mist Cloud, navigate to Site > WLANs.

  2. In the WLANs pane, click on the Add WLAN button in the top-right corner.

  3. In the New WLAN pane, in the SSID field, type the SSID of your new WLAN.

  4. In the Security section, click on either the WPA3 or the WPA2 tile, and then click on the Enterprise (802.1X) tile below.

  5. In the Authentication Servers section, select the RADIUS option, and then in the RADIUS Authentication Servers section, click on the Add Server link.

    1. In another browser tab, open your Portnox Cloud, and go to Settings > Services > CLEAR RADIUS SERVICE > CLEAR RADIUS instance to open your Portnox Cloud RADIUS settings. Then, open either the Europe and Asia section or the United States and North America section, depending on which RADIUS server you want as your primary server.
      Note: You can also choose to add your local RADIUS server as your primary server, and then add both cloud RADIUS servers as secondary.
    2. In the Hostname field in Mist Cloud, enter the Cloud RADIUS IP value from Portnox Cloud.
    3. In the Port field in Mist Cloud, enter the Authentication Port value from Portnox Cloud.
    4. In the Shared Secret field in Mist Cloud, enter the Shared Secret value from Portnox Cloud.

  6. In the RADIUS Accounting Servers section, click on the Add Server link.

    1. In the Hostname field in Mist Cloud, enter the Cloud RADIUS IP value from Portnox Cloud.
    2. In the Port field in Mist Cloud, enter the Accounting Port value from Portnox Cloud.
    3. In the Shared Secret field in Mist Cloud, enter the Shared Secret value from Portnox Cloud.

  7. Optional: Repeat the above steps for the other cloud RADIUS server, if necessary, or for both cloud RADIUS servers if you added your local RADIUS server as the primary server.

  8. In all other sections of the New WLAN pane, either leave the default values or configure the values as required for your WLAN environment. These fields are not related to Portnox Cloud or RADIUS authentication.
  9. Click on the Create button in the top-right corner of the New WLAN pane to create the new WLAN.

Identity PSK (IPSK)

In this section, you will configure your Mist Cloud AP to work with identity pre-shared keys (IPSK) and Portnox Cloud.

For more information about IPSK in Portnox Cloud, see the following topic: Create a MAC-based account.
  1. In the Mist Cloud, navigate to Site > WLANs.

  2. In the WLANs pane, click on the Add WLAN button in the top-right corner.

  3. In the New WLAN pane, in the SSID field, type the SSID of your new WLAN.

    Important: You cannot use the same SSID for both WPA2/WPA3 Enterprise authentication and IPSK authentication, so you need to create separate SSIDs.
  4. In the Security section, click on the WPA2 tile, then click on the Personal (PSK) tile below, then select the Multiple passphrases option, and select the RADIUS PSK option.

  5. In the Authentication Servers section, select the RADIUS option, and then in the RADIUS Authentication Servers section, click on the Add Server link.

    1. In another browser tab, open your Portnox Cloud, and go to Settings > Services > CLEAR RADIUS SERVICE > CLEAR RADIUS instance to open your Portnox Cloud RADIUS settings. Then, open either the Europe and Asia section or the United States and North America section, depending on which RADIUS server you want as your primary server.
      Note: You can also choose to add your local RADIUS server as your primary server, and then add both cloud RADIUS servers as secondary.
    2. In the Hostname field in Mist Cloud, enter the Cloud RADIUS IP value from Portnox Cloud.
    3. In the Port field in Mist Cloud, enter the Authentication Port value from Portnox Cloud.
    4. In the Shared Secret field in Mist Cloud, enter the Shared Secret value from Portnox Cloud.

  6. In the RADIUS Accounting Servers section, click on the Add Server link.

    1. In the Hostname field in Mist Cloud, enter the Cloud RADIUS IP value from Portnox Cloud.
    2. In the Port field in Mist Cloud, enter the Accounting Port value from Portnox Cloud.
    3. In the Shared Secret field in Mist Cloud, enter the Shared Secret value from Portnox Cloud.

  7. Optional: Repeat the above steps for the other cloud RADIUS server, if necessary, or for both cloud RADIUS servers if you added your local RADIUS server as the primary server.

  8. In all other sections of the New WLAN pane, either leave the default values or configure the values as required for your WLAN environment. These fields are not related to Portnox Cloud or RADIUS authentication.
  9. Click on the Create button in the top-right corner of the New WLAN pane to create the new WLAN.