Manuals+

Account@Adapter+ Authentication Integration Setup Examples

This document outlines the configuration examples for integrating the Account@Adapter+ authentication appliance with Buffalo wireless access points (WAPM-2133TR, WAPM-AX8R, WAPM-1266R, WAPS-1266) using IEEE802.1X EAP-TLS and EAP-PEAP environments.

The setup examples assume that the basic Wi-Fi functionality of the Buffalo wireless access points has already been configured. This document focuses on the necessary settings for IEEE802.1X EAP-TLS and EAP-PEAP.

This document is based on the specifications of the latest version at the time of writing (Ver. 6.18.00). Please note that the displayed screens may vary slightly depending on your environment.

This document describes the operational procedures for the Account@Adapter+ authentication appliance and Buffalo wireless access points (WAPM-2133TR, WAPM-AX8R, WAPM-1266R, WAPS-1266) based on our verification. We do not guarantee operation in all environments.

Table of Contents

  1. Configuration
  2. Account@Adapter+ Configuration
  3. RADIUS Client Configuration
  4. Client Configuration for EAP-TLS Authentication
  5. Client Configuration for EAP-PEAP Authentication

1. Configuration

1-1 Configuration Diagram

The following environment will be configured:

1-2 Environment

1-2-1 Devices

Product NameManufacturerRoleVersion
Account@Adapter+HC NetworksRADIUS Server, DHCP Server, CA6.18.00
WAPM-2133TRBuffaloRADIUS Client1.27
WAPM-AX8RBuffaloRADIUS Client1.27
WAPM-1266RBuffaloRADIUS Client1.28
WAPS-1266BuffaloRADIUS Client1.27
ThinkPad X13 Yoga Gen 1Lenovo802.1X Client DeviceWindows 11 Pro 22H2
MacBook AirApple802.1X Client DevicemacOS Ventura 13.2.1
iPadApple802.1X Client Device16.3.1
Lenovo Tab K10Lenovo802.1X Client DeviceAndroid11

Note: The product and OS versions listed are based on the verification conducted at the time of this document's creation. Please select versions that address vulnerabilities when using the products and OS.

1-2-2 Authentication Methods

The following authentication methods were verified:

1-2-3 Network Settings

Product NameIP AddressRADIUS PortSecret Key
Account@Adapter+192.168.10.2/241812buffalo
WAPM-2133TR192.168.10.11/241812buffalo
WAPM-AX8R192.168.10.12/241812buffalo
WAPM-1266R192.168.10.13/241812buffalo
WAPS-1266192.168.10.14/241812buffalo
ThinkPad X13 Yoga Gen 1DHCP--
MacBook AirDHCP--
iPadDHCP--
Lenovo Tab K10DHCP--

2. Account@Adapter+ Configuration

The setup will proceed as follows:

  1. Access to Management Screen
  2. Network Settings
  3. CA Settings
  4. RADIUS Settings
  5. Account Registration
  6. DHCP Settings
  7. Certificate Issuance/Download

2-1 Access to Management Screen

To configure Account@Adapter+, access the management screen.

The initial IP address of Account@Adapter+ is 192.168.0.1/24. When performing settings, please set the IP address of the client device to the same segment.

Connect the client device and Account@Adapter+ LAN1 (left side) directly with a LAN cable.

Launch Microsoft Edge and access the following URL: http://192.168.0.1:8080/manager/

Enter the administrator ID and password to log in to the management screen.

2-2 Network Settings

Configure IP address settings.

Navigate to Management Tool [Environment Settings] - [Network Settings] - [Maintenance Menu].

After setting, click [Register] at the bottom of the screen.

Network Settings

Setting ItemSetting Value
IP Address192.168.10.2
Subnet Mask255.255.255.0
Default Gateway192.168.10.1

2-3 CA Settings

Open Management Tool [CA] - [CA Settings] and click [Settings] for CA.

After setting, click [Register] at the bottom of the screen. After clicking [Register], click [Reflect RADIUS Settings] at the top left of the screen.

Self-Signed Certificate Information Settings

Setting ItemSetting Value
Certificate AuthoritySelf-Signed Certificate
Name (cn)ca_buffalo
Country (c)Japan (JP)
State/Province (st)Tokyo
CRL Distribution PointDo not use
OCSP URIDo not use

2-4 RADIUS Settings

2-4-1 RADIUS Settings

Open Management Tool [RADIUS] - [RADIUS Settings].

After setting, click [Register] at the bottom of the screen. After clicking [Register], click [Reflect RADIUS Settings] at the top left of the screen.

RADIUS Settings

Setting ItemSetting Value
RADIUS Port Number1812
RADIUS AccountingUse
Connection StatusRecord
Authentication Server CertificateInternal Server Certificate
Internal Authentication AuthorityInternal Authentication Authority
IEEE 802.1X AuthenticationEAP-TLS/PEAP

2-4-2 RADIUS Client Registration

Open Management Tool [RADIUS] - [RADIUS Client].

Click [New Registration] at the top of the screen.

RADIUS Client Registration

Setting ItemSetting Value 1Setting Value 2Setting Value 3Setting Value 4
Client IDWAPM-2133TRWAPM-AX8RWAPM-1266RWAPS-1266
IP Address192.168.10.11192.168.10.12192.168.10.13192.168.10.14
Secret Keybuffalobuffalobuffalobuffalo

After setting, click [Register] at the bottom of the screen. After clicking [Register], click [Reflect RADIUS Settings] at the top left of the screen.

2-5 Account Registration

2-5-1 Certificate Account Registration for EAP-TLS Authentication

Open the [Certificates] tab in the desired directory of the certificate account creation.

Click [New Registration].

Certificate Account Registration

Setting ItemSetting Value
cncert01

After setting, click [Register] at the bottom of the screen.

2-5-2 User Account Registration for EAP-PEAP Authentication

Open the [User] tab in the desired directory of the certificate account creation.

Click [New Registration].

User Account Registration

Setting ItemSetting Value
User IDuser01
Passwordbuffalo
Account Expiration DateNo expiration

After setting, click [Register] at the bottom of the screen.

2-6 DHCP Settings

2-6-1 Server Group Settings

Open Management Tool [DHCP] - [Server Group].

Click [Server Group Registration].

Server Group Registration

Setting ItemSetting Value
Group Nameservergroup_buffalo
Primary Server Number01
Primary IP Address192.168.10.2
Primary Network Mask255.255.255.0[/24]

After setting, click [Register] at the bottom of the screen. After clicking [Register], click [Reflect DHCP Settings] at the top left of the screen.

2-6-2 Scope Settings

Open Management Tool [DHCP] - [Scope Settings] - [Scope Settings] tab.

Click [New Registration] at the top of the screen.

Scope Settings Registration

Setting ItemSetting Value
Group Nameservergroup buffalo
Scope Namescope_buffalo
Network Address192.168.10.0
Netmask255.255.255.0[/24]
Default Router192.168.10.1
Address Range 001Issuance
Address Range192.168.10.101
Address Range192.168.10.200

After setting, click [Register] at the bottom of the screen. After clicking [Register], click [Reflect DHCP Settings] at the top left of the screen.

2-7 Certificate Issuance/Download

2-7-1 Client Certificate Issuance/Download for EAP-TLS Authentication

Open the [Certificates] tab in the directory where the certificate account was created in 2-5-1.

Click [Issue] in the "Certificate 1" column.

Click [OK].

Click [DL Not Yet] in the "Certificate 1" column.

Enter any desired value in [Import Password] and click [Execute].

Confirm that the certificate file has been downloaded.

2-7-2 CA Certificate Download for EAP-PEAP Authentication

Open Management Tool [CA] - [CA Settings] and click [p12] for CA.

Confirm that the certificate file has been downloaded.

3. RADIUS Client Configuration

The setup will proceed as follows:

  1. Access to Management Screen
  2. IP Address Settings
  3. RADIUS Settings
  4. SSID Settings

3-1 Access to Management Screen

The Buffalo wireless access points WAPM-2133TR, WAPM-AX4R, WAPM-1266R, and WAPS-1266 can be configured using the same method. Therefore, this document uses WAPM-2133TR as a representative example for configuration.

To configure the wireless access point, access the management screen.

The initial IP address of the Buffalo wireless access point is automatically obtained via DHCP. If there is no DHCP server environment, the IP address will be 192.168.11.100/24. Therefore, when setting up, please set the IP address of the client device to the same segment.

Connect the client device and the wireless access point's LAN1 (left side) directly with a LAN cable.

Launch Microsoft Edge and access the following URL: 192.168.11.100

Enter the administrator ID and password to log in to the management screen.

3-2 IP Address Settings

Configure IP address settings.

Navigate to Advanced Settings [LAN Settings] - [IP Address].

After the above settings, click [Register] at the bottom of the screen.

After changing the IP address, restart Microsoft Edge and access the following URL: 192.168.10.11

Network Settings

Setting ItemSetting Value
IP Address Acquisition MethodManual Settings
IP Address192.168.10.11
Subnet Mask255.255.255.0

3-3 RADIUS Settings

Open Advanced Settings [Network Settings] - [RADIUS Settings] tab.

Click [Settings] at the bottom of the above settings.

Scope Settings Registration

Setting ItemSetting Value
ServerExternal
Server Name192.168.10.2
Authentication Port1812
Shared Secretbuffalo

3-4 SSID Settings

Open SSID Settings. Click [New Creation] in the center of the screen.

Scope Settings Registration

Setting ItemSetting Value
Wi-FiEnabled
SSID2133TR
Usable Devices2.4GHz, 5GHz Low, 5GHz High (For devices other than WAPM-2133TR, 2.4GHz and 5GHz)
Wi-Fi AuthenticationWPA2 Enterprise
RADIUSUse RADIUS server settings in Network Settings

After setting, click [Save Changes] at the bottom of the screen.

4. Client Configuration for EAP-TLS Authentication

The EAP-TLS authentication procedure for the following OSs is described below:

  1. Windows 11 EAP-TLS Authentication
  2. macOS EAP-TLS Authentication
  3. iOS EAP-TLS Authentication
  4. Android EAP-TLS Authentication

Note: The following describes EAP-TLS authentication via the RADIUS client "WAPM-2133TR". The procedure is the same for other RADIUS clients (WAPM-AX8R/WAPM-1266R/WAPS-1266).

4-1 Windows 11 EAP-TLS Authentication

Preparation: Import the client certificate to your PC.

EAP-TLS Authentication Procedure:

  1. Click SSID "2133TR".
  2. Click [Connect].
  3. Click [Connect using certificate].
  4. Click [Connect].

4-2 macOS EAP-TLS Authentication

Preparation: Import the client certificate to your PC.

EAP-TLS Authentication Procedure:

  1. Click SSID "2133TR".
  2. Select [cert01] from the dropdown.
  3. Click [OK].
  4. Click [Continue].

4-3 iOS EAP-TLS Authentication

Preparation: Import the client certificate to your PC.

EAP-TLS Authentication Procedure:

  1. Click SSID "2133TR".
  2. Click [Mode] and select [EAP-TLS].
  3. Click [ID] and select [cert01].
  4. Click [Connect].
  5. Click [Trust].

4-4 Android EAP-TLS Authentication

Preparation: Import the client certificate to your PC.

EAP-TLS Authentication Procedure:

  1. Click SSID "2133TR".
  2. Enter/select the values described in the table for items ② to ⑦.
  3. Click [Connect].

Authentication Settings

Setting ItemSetting Value
EAP MethodTLS
CA Certificateca_buffalo
Online Certificate StatusDo not verify
Domainca_buffalo
User Certificate(Select client certificate)
IDcert01

5. Client Configuration for EAP-PEAP Authentication

The EAP-PEAP authentication procedure for the following OSs is described below:

  1. Windows 11 EAP-PEAP Authentication
  2. macOS EAP-PEAP Authentication
  3. iOS EAP-PEAP Authentication
  4. Android EAP-PEAP Authentication

Note: The following describes EAP-PEAP authentication via the RADIUS client "WAPM-2133TR". The procedure is the same for other RADIUS clients (WAPM-AX8R/WAPM-1266R/WAPS-1266).

5-1 Windows 11 EAP-PEAP Authentication

Preparation: Import the CA certificate to your PC.

EAP-PEAP Authentication Procedure:

  1. Click SSID "2133TR".
  2. Click [Connect].
  3. Enter Username:user01 Password:buffalo.
  4. Click [OK].
  5. Click [Connect].

5-2 macOS EAP-PEAP Authentication

Preparation: Import the CA certificate to your PC.

EAP-PEAP Authentication Procedure:

  1. Click SSID "2133TR".
  2. Enter Account Name:user01 Password:buffalo.
  3. Click [OK].
  4. Click [Continue].

5-3 iOS EAP-PEAP Authentication

Preparation: Import the CA certificate to your PC.

EAP-PEAP Authentication Procedure:

  1. Click SSID "2133TR".
  2. Enter Username:user01 Password:buffalo.
  3. Click [Connect].
  4. Click [Trust].

5-4 Android EAP-PEAP Authentication

Preparation: Import the CA certificate to your PC.

EAP-PEAP Authentication Procedure:

  1. Click SSID "2133TR".
  2. Enter/select the values described in the table for items ② to ⑧.
  3. Click [Connect].

Authentication Settings

Setting ItemSetting Value
EAP MethodPEAP
Phase 2 AuthenticationMSCHAPV2
CA Certificateca_buffalo
Online Certificate StatusDo not verify
Domainca_buffalo
IDuser01
Passwordbuffalo

Contact Information

For inquiries, please contact:

HC Networks, Ltd.
Address: 1-22-16 Asakusabashi, Taito-ku, Tokyo 111-0053, Japan
Website: https://www.hcnet.co.jp/

Buffalo Inc.
Address: Akamon-dori Building, 3-30-20 Osu, Naka-ku, Nagoya, Aichi 460-8315, Japan
Website: https://www.buffalo.jp/

HC NET and its logo are registered trademarks of HC Networks, Ltd. Company and product names mentioned are trademarks or registered trademarks of their respective companies. Some product photos are for illustrative purposes only.

When exporting products, please confirm and complete the necessary procedures in accordance with foreign export-related laws and regulations, such as the Foreign Exchange and Foreign Trade Act and the US Export Administration Regulations. If you have any questions, please contact our sales representative.

PDF preview unavailable. Download the PDF instead.

setting examples hcnet buffalo 202305 Microsoft PowerPoint 2016 Microsoft PowerPoint 2016

Related Documents

Preview Buffalo Corporate Network Catalog 2025-08
Catalog of Buffalo's corporate network products, including Wi-Fi 6/6E routers, switches, and accessories, designed for business environments.
Preview FREESPOT導入キット FS-M1266 設定事例集
This document provides setup examples for the FREESPOT Introduction Kit FS-M1266, covering initial setup, internet connection, password changes, and specific configuration scenarios for various business environments. It details steps for small to medium-sized businesses, including restaurants and public facilities, with instructions on VLAN settings, ACL rules, and Wi-Fi configurations.
Preview 株式会社片貝製作所様 Wi-Fi導入事例:過酷な工場環境での業務効率化を実現
株式会社片貝製作所が、バッファローの防塵・耐環境性能Wi-Fiアクセスポイント「WAPM-1266WDPR」を導入し、過酷な工場環境を含む全社屋でWi-Fi利用を可能にし、業務効率を向上させた導入事例をご紹介します。
Preview Buffalo AirStation Pro WAPM-1266R Command Reference
This document provides a comprehensive command reference for the Buffalo AirStation Pro WAPM-1266R, detailing its command-line interface (CLI) syntax, usage, and parameters for network configuration and management.
Preview BUFFALO 法人向け 無線LANアクセスポイント WAPM-1266R 設定事例集
BUFFALO WAPM-1266R 無線LANアクセスポイントの設定事例を詳細に解説したガイド。バンドステアリング、WDS接続、マルチSSID、TagVLAN、DHCPサーバー機能、FREESPOT連携など、法人向けネットワーク構築の具体的な設定手順を提供します。
Preview オーエム産業株式会社 Wi-Fi導入事例:PHSからスマホへの内線通話切り替え
オーエム産業株式会社が、バッファローのWi-Fi 6アクセスポイント「WAPM-AX8R」などを導入し、PHSからスマホへの内線通話切り替えを実現。工場内の広範囲で安定した通信環境を構築し、業務効率を向上させた事例を紹介。
Preview Buffalo AirStation Pro WAPS-APG600H / WAPS-AG300H User's Manual
Comprehensive user's manual for Buffalo AirStation Pro wireless access points, models WAPS-APG600H and WAPS-AG300H, covering setup, configuration, features, and troubleshooting.
Preview Buffalo Air Station Pro WAPS-AX4 法人向けWi-Fi 6アクセスポイント
Buffalo Air Station Pro WAPS-AX4は、Wi-Fi 6(11ax)対応の法人向け無線LANアクセスポイントです。高速通信、最大128台同時接続、リモート管理機能などを備え、オフィスや店舗でのネットワーク環境を効率化します。