Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

802.1x add profile ?

802.1x no(+) add profile button ??? help

MacBook Air, Mac OS X (10.7)

Posted on Jul 21, 2011 11:39 PM

Reply
Question marked as Best reply

Posted on Jul 21, 2011 11:42 PM

From Apple Help



You can connect to a Wi-Fi or Ethernet network that is protected by the Institute of Electrical and Electronics Engineers (IEEE) 802.1X standard. The 802.1X standard is designed to enhance the security of local area networks.

In most cases your network administrator provides a configuration profile that contains the information and settings you need to authenticate with the network.

When you download the profile from the web or open the attachment using Mail, the computer recognizes the .mobileconfig extension as a configuration profile and begins installing when you click Install.

During installation, you may be asked to enter any necessary information, such as passwords that weren’t specified in the profile, and other information as required. Enter any password necessary to use certificates included in the profile.

  1. Choose Apple menu > System Preferences, and then click Network.
  2. Select the network service you want to use, such as Ethernet or Wi-Fi, from the list.
  3. Click Connect. If you have installed multiple profiles, choose the one you want to use from the 802.1X pop-up menu, and then click Connect.


If you are connecting to an Ethernet network that uses 802.1X and want to connect automatically to the network when it’s detected, click Advanced, and then click 802.1X. Select “Enable automatic connection.”

Ask your network administrator or service provider if you need more information.

42 replies
Question marked as Best reply

Jul 21, 2011 11:42 PM in response to seonykr

From Apple Help



You can connect to a Wi-Fi or Ethernet network that is protected by the Institute of Electrical and Electronics Engineers (IEEE) 802.1X standard. The 802.1X standard is designed to enhance the security of local area networks.

In most cases your network administrator provides a configuration profile that contains the information and settings you need to authenticate with the network.

When you download the profile from the web or open the attachment using Mail, the computer recognizes the .mobileconfig extension as a configuration profile and begins installing when you click Install.

During installation, you may be asked to enter any necessary information, such as passwords that weren’t specified in the profile, and other information as required. Enter any password necessary to use certificates included in the profile.

  1. Choose Apple menu > System Preferences, and then click Network.
  2. Select the network service you want to use, such as Ethernet or Wi-Fi, from the list.
  3. Click Connect. If you have installed multiple profiles, choose the one you want to use from the 802.1X pop-up menu, and then click Connect.


If you are connecting to an Ethernet network that uses 802.1X and want to connect automatically to the network when it’s detected, click Advanced, and then click 802.1X. Select “Enable automatic connection.”

Ask your network administrator or service provider if you need more information.

Jul 26, 2011 6:13 AM in response to seonykr

Really, I'm getting tired of this Lion thing that Apple calls the most advanced desktop in the world. First the versions and auto-save as discussed in another thread and now I can't connect to wireless networks on Lion. Why did the add 802.1x button disappear? The smart users have to became dumb because others can't set up a wireless network? If I could I would be installing some Linux flavour and leaving Apple. Snow Leopard was the last thing that connected me to Apple ecosystem.

Sep 13, 2011 6:43 AM in response to normnod

How do any of you, or does Apple, suggest that we acquire a profile when our system administrator does not support Lion yet?


I work at a school and foolishly upgraded to Lion before my school has done so. I already had a Snow Leopard profile on our network, and would be prompted to login when I was either wireless or plugged in with ethernet.


Lion isn't giving me that option and no one seems to be able to provide me with a profile to log in.


HELP!

Sep 13, 2011 3:27 PM in response to seonykr

I have the same problem. I can't connect to my university's wireless network neither to a wired network in dorm, both using 802.1x.


Both university and dorm does not provide any support for Lion and I dont't expect that to happen in near future.



How can I create a profile for wired network that uses PAP/TTLS? iPhone Configuration Utility doesn't seem too useful.

Sep 15, 2011 10:20 AM in response to zag0

If your school uses TTLS with PAP (LDAP backend) then yah, the auto connection with ethernet will not help you. That is because the default EAP type that is supported is TTLS MSCHAPv2 (which is a bit more secure that PAP --ya ya, I know it is not fool proof).


Anyway, all is not lost.


You have three choices on how to get an 802.1X profie that supports TTLS with PAP onto your Mac.

1. Download iPCU and create a .mobileconfig file

2. Buy Lion server and use Profile Manager

3. Create a .mobileconfig (xml file) from scratch


Options 2 and 3 are kind of a pain in the rear, so let's stick with option 1.


Please put on your learning hat now 😉


**Please note this example is for a wired OR wireless 802.1X connection that requires TTLS and PAP for Lion clients**


1. Download and install the iPCU http://support.apple.com/kb/DL851

2. Open the iPCU (the iPCU is install in Applications - Utilities)

3. In the right hand side click on Configuration Profiles.

4. Click on New. (upper left)

5. You will see a new profile with a bunch of payloads (general, passcode, restrictions, etc). Don't worry you do not need to fill most of these out.

6. Click on General and fill out a Profile Name, Identifier (they can be anything) the rest of the fields you can leave blank. I used spam and spam. 🙂

7. Now click on WiFi. Do be scared here. Lion can use WiFi profiles for Ethernet (it will just ignore the SSID field). Click configure.

7a. For SSID ..If your school has a wireless network that uses TTLS with PAP, fill in the SSID name (wireless network name) that your school uses. If your school does not use wireless, then just use an label (e.g. spam).

7b. Ignore the hidden network field (unless of course your school uses a hidden SSID and you want to use wireless for this connection).

7c. Security Type ..Again if this is for ethernet, just use WPA/WPA2 Enterprise. If this profile is going to be used for WiFi, then you need to find out what type of security your school uses. Most likely it will be WPA/WPA2 Enterprise (I hope).

7d. Once you choose WPA/WPA2 Enterprise you will see more options appear. Choose TTLS.

7e. Ignore EAP-FAST settings. Leave all boxes unchecked for EAP-FAST.

7f. For Inner Authenticaiton choose PAP.

8. You will see three tabs, one for protocol (that you already filled out), one for Authentication and one for Trust. You can ignore trust unless you have the certificate from the radius server already loaded on your client. Don't worry if you do not have the cert, the Mac will load it (with your permission) during the first authentication. Ignore the Authentication tab for now.

9. Now look at the top left of the tool and choose Export

9a. for Security, just choose none (don't worry about signing it)

9b. Hit Export.

10. You will get a Save As dialogue box. Give the profile a name (like spam 😉 or something) and choose where you would like to save the profile.

11. Now goto where you save your profile and double click it. System Prefs will launch and try to install the profile.

11a. Just hit continue and continue again.

11b. You will be prompted for "settings" which are the username and password. You can either just hit install (the eapol supplicant will ask you for your credentials during the authentication phase) or you can fill them out now. BE SURE TO INPUT THE CORRECT INFORMATION!!!!. If you insert a bad username or password into this field, it will get saved as a keychain entry (with bad info) and you will never be able to connect. The Mac will just silently fail authentication until you delete the keychain entry and do a fresh auth. Save yourself some trouble and leave the fields blank and just hit install.

11c. You will be prompted for your admin password to install the profile.

12. The profile should be installed now.

13. In system prefs, click show all then click network.

14. If you click on your Ethernet interface you should now have a nifty "connect" button now. Connect via Ethernet into the school's 802.1X protect network and hit connect.


At this point you should get prompted for your credentials and then prompted to accept the RADIUS server's certificate.


You should be good to go now.


Here endith the lesson. Hope it works for you guys. 😎

802.1x add profile ?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.