Menu path: Setup > Network > LAN Interfaces > [Interface] > Authentication

Here, you can enable and configure network port authentication.

Enable IEEE-802.1x authentication

☑ Network port authentication is enabled.

☐ Network port authentication is not enabled. (Default)

If you enable authentication, further options are available:

EAP type: Here, you can select the authentication procedure:

  • PEAP
  • TLS
  • TTLS

Auth method: The following authentication methods are available:

  • MSCHAPV2
  • TLS
  • GTC
  • MD5
  • PAP

Validate server certificate

☑ The server’s certificate is checked cryptographically. (Default)

CA Root certificate: The path to the CA root certificate file. This can be in PEM or DER format.

Identity: User name for RADIUS

Password: Password for network access

If you leave the Identity and Password fields empty, an entry mask for authentication purposes will be shown. However, this does not apply to the methods with a client certificate (TLS and PEAP-TLS) where these details are mandatory.


The following settings are relevant if you have selected "TLS" as EAP type:

Manage certificates with SCEP (NDES)

☑ Client certificates will automatically be managed with SCEP.

☐ Client certificates will not be managed with SCEP. (Default)

Client certificate: Path to the file with the certificate for client authentication in the PEM (base64) or DER format.

If a private key in the PKCS#12 format is used, leave this field empty.

Private key: Path to the file with the private key for the client certificate. The file can be in the PEM (base64), DER, or PFX format. The Private key password may be required for access.

Identity: User name for network access

Private key password: Password for the Private key for the client certificate