802.1x on 2.0

Yes, it was included, but for some reason I can't fathom, Apple didn't put in the list of protocols. Instead, just choose "WPA (enterprise)" or "WPA2 (enterprise)" and put in the same info you would on your Mac under the 802.1x settings. That little nugget was buried in the Enterprise Deployment Guide and took a while for me to find.

Just as a warning, though, I only got my 802.1x network on the iPhone to work ONCE today the very first time I tried it. It was grand and glorious while it lasted: my phone went to sleep like normal when I put it in my pocket but when I tried to get back on the network later, no dice. I've tried everything since then like deleting the settings and re-entering the network info, rebooting the phone, and even setup a configuration profile using Apple's iPhone Configuration Utility, but it refuses to reconnect. I'm still trying to debug it.

I'm going to be trying this Monday, so keep us all posted.

This thread is probably a good place to do that.

My university uses dynamic WEP ('WEP Enterprise') with EAP-TTLS/PAP. None of that isn't configurable on the iPhone/iTouch itself I've discovered after fiddling around quite a bit. However, the enterprise configuration tool does support creating profiles with customized authentication settings (protocols) as well as WEP Enterprise. You can download it at: http://www.apple.com/support/iphone/enterprise/

Having created a profile however doesn't mean that you can simply install it on every iPhone, when installing the profile the iPhone/iTouch will only ask you for your password, the RADIUS username used with the enterprise encryption types needs to be 'hardcoded' in the configuration it seems. I suppose that's another missing feature. As a workaround I have created a PHP script whichs fills in the username from a form input field, prior to serving the profile to the iPhone/iTouch via HTTP.

I went into my Netgear router and changed the WEP security encryption from "shared" to "open" (go ahead, warn me over and over, I'm just begging for it) and my new 3G got right onto the home wireless. Seems to lose it pretty quickly, though. The wireless icon appears grayed out in settings, although it displays the name of my home network. I thought the little amphitheatre icon stayed constant in the upper left if you were connected.

... and I've only had this for a day, so plenty more to learn.

I don't have an iPhone but I upgraded my iPod Touch to 2.0. I managed after much fiddling to get onto my university's 802.1x network. It appears to be relatively stable so far. It has gone to sleep but remembered the setting.

To get it to talk to the network I had to manually add the network (rather than selecting the network from the list of available networks). Select WEP2 (enterprise). Enter my username (with @institution.edu at the end of my user name) and my password. It then asked me about the digital certificate (I just click "accept"). It then joined the network successfully, I can now check my email and surf the web. It also seem to remember the network and rejoin it without asking me to re-enter all the information I put in to set it up.

Seems I was wrong about the username. If you manually edit the mobileconfig, removing the username field, the device will prompt you for it. Great, though I still would like to be able to configure all this without a profile.

OK. Monday morning. It worked without a hitch.

When I chose the network here at the university, it asked for the username and password (which I had arranged ahead of time), then showed me the certificate and gave me a chance to verify that it is valid. After that, I am on wi-fi.

I "forgot" it and re-did it, just to make sure that would work. It did.

P.S. I didn't have to know any acronyms like EAP or PEAP to do this.

They added 802.1x to the iPhone but it isn't accessible from the phone itself. Instead, they have a special application and guide for use by Enterprise users that you can download from Apple's website:

http://www.apple.com/support/iphone/enterprise/

You actually create a new Configuration Profile in that application, adjust all of the settings (TLS, TTLS, PEAP, LEAP, PAP, CHAP, etc.), choose the type of security (WPA, WPA2 Enterprise, etc.), add the certificate (if necessary) to the credentials tab and set the trust settings, and then email the configuration to whichever iPhone you want to configure. When you click on the attachment in your email (on the iPhone) it asks if you want to install the profile. It takes a couple of seconds to install and then you are on the network. All in all it was pretty simple and it was probably faster to setup from within this utility than it would have been on the iPhone. Also, if you are the one deploying these to end users you can easily create one profile and email it to all of your iPhone users at once.

Hope this helps. It had me up and running pretty quickly.

Frank

Are you able to automatically reconnect to the network after you come out of sleep mode? I have a Touch and whenever I come out of sleep mode, I have to manually go into the Wireless settings and tap on my company's SSID to reconnect (its a hidden network, if that matters--I actually clicked "this is a hidden network" when I used the apple configuration utility). They run WPA-2 Enterprise with LEAP. My IT department has been no help at all.

I was on and off the network for a couple of hours without a problem. I'll let you know if I have any problems.my network is not hidden.

Manually connected to our WPA2 enterprise with no problem, reconnects coming out of sleep mode without a hitch. FYI by choosing "Enterprise" the client knows your using 802.1x and presents that it supports all flavors of EAP to the AP or controller. I image you only have to use the config utility if your org is using certificate-based authentication such as the forementioned EAP-TLS,(which is more secure) that way you can pre-install the certificate.

Thats what I initially figured, but when I configured my Touch without using the configuration utility (which is what my company instructed us to do) by just tapping "WPA2 Enterprise" and typing in my UN/PW, it would connect fine, but upon trying to manually reconnect after coming out of sleep mode, it would prompt me for a PW everytime and would reject my PW everytime. So there is some weird authentication issue with the hardware in my company. When I used the configuration utility and checked "LEAP" as the protocol, this issue disappeared.

UPDATE:

When I came into the office today my iPhone reconnected to the network with no problems and no interaction from me. The funny thing is that it was actually easier to connect to this secure network than my Mac 🙂

Frank

(((i))) wrote:
Manually connected to our WPA2 enterprise with no problem, reconnects coming out of sleep mode without a hitch. FYI by choosing "Enterprise" the client knows your using 802.1x and presents that it supports all flavors of EAP to the AP or controller. I image you only have to use the config utility if your org is using certificate-based authentication such as the forementioned EAP-TLS,(which is more secure) that way you can pre-install the certificate.

That is not the case. There are many different ways of setting up an 802.1x network and the iPhone does NOT automatically figure out which settings it needs simply by choosing WPA2 Enterprise.

Frank