WPA2-Enterprise using a UniFi access point and a Raspberry Pi

Recently I have replaced my home Wi-Fi router by a Ubiquiti network and the experience is really great so far. The UniFi ecosystem of Ubiquiti is a feature-rich wireless solution with an intuitive user interface for configuring and monitoring the wireless network. The products have regular firmware updates, and lots of documentation on the Internet.

My new setup also includes a Raspberry Pi 3 for the UniFi software controller. It manages all the Ubiquiti network devices and collects all the statistics in a MongoDB database. Another role of the Raspberry Pi 3 is to provide EAP authentication to the wireless clients with a FreeRADIUS server.

The following article describes how to setup EAP authentication using UniFi and a FreeRADIUS authentication server. I have examined two cases of authentication: PEAP/MS-CHAPv2 on Windows 10 and EAP-TLS on Android. And finally two extended features are given as application: how to dynamically assign a VLAN per user and how to set up 802.11r fast-roaming.

This document attempts to introduce some examples of EAP authentication mechanisms and their configuration using UniFi. I have tried to apply some topics that I have learnt during the CWSP studies but wanted to explore those principles again. I hope that you will find it useful, and please I would appreciate any feedback that helps reviewing this document.