1/21
Search
  • Ashok Kumar Burra

Configuring Nokia E72 or Symbian phones for WPA2 Enterprise EAP-PEAP-MSHAPv2 settings




We have explained few general points regarding the usage of WiFi WLAN corporate networks and the compatibility of various mobile devices by Nokia, Blackberry, Android, Apple in this article WiFi WLAN corporate network usage on Nokia, Blackberry, Android, Apple iOS devices.



In this article, let us learn how WPA2 – Enterprise EAP-PEAP-MSHAPv2 settings for Symbian 60 phones, particularly for one of the best devices from Nokia in E-series the Nokia E72, can be configured:



Here we explain the settings for one of the latest E-series phones of Nokia, the E72, while we assume that the settings are more or less similar for the other phones in this category. For all the settings explained in the table, and the description provided below, the table acts as a guide to find in various levels the information inside each option and sub-option, in particular for Nokia E72.



For the settings, go to ‘Control panel >> Settings >> Destinations >> Internet’



Check if your phone already has an internet access point (IAP i.e. connection settings profile) for a “ABC-4U” WLAN network. If IAP for this network already exists then select it to edit it further.


If your phone has multiple (duplicate) IAP entries for this network ( named “ABC-4U(1) etc.) try deleting all duplicates and have only one access point related a particular WLAN network within the “Internet” destinations.




If “ABC-4U” IAP doesn’t already exist you need to create new IAP for it. For that in the “Internet” destination view and select “Options >> New access point >> Yes”. Your phone will scan all available WLAN networks and then you can select “ABC-4U” from the list of available WLAN networks. If you are in the reach of WLAN WiFi signal, the new internet access point  for the network will be created automatically but default EAP settings inside the access point might not be set by ‘default’ for PEAP authentication, so you may check and if needed can edit those settings manually.



So, select the “ABC-4U” access point within the “Internet” destination to ‘Edit’ the same.


Connection Name*

ABC-4U (Sample name used)

Data bearer

Wireless LAN

WLAN Network Name*

ABC-4U

Network status

Public

WLAN network mode

Infrastructure

WLAN security mode

WPA/WPA2 (to be selected)

WEP (to be selected if WPA/WPA2 not applicable. This requires a preset shared network key. Activate this if your organization provides this information.)

802.1x (to be used if your enterprise insists on using this option).

WLAN security settings

WPA/WPA2

EAP

EAP plug-in settings

EAP-PEAP (activated or ‘enabled’)

All others like EAP-AKA, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-LEAP, EAP-FAST are ‘disabled’

EAP-PEAP settings:

(found in one tab)

Personal certificate: Not defined

Authority certificate: ABC-Group-CA

User name in use: User defined

User name: u010101234 (your username)

Realm in use: User defined

Realm: DOMABC

TLS privacy: Off

Allow PEAPv0: Yes

Allow PEAPv1: No

Allow PEAPv2: No

EAPs: (found in the other tab)

EAP-MSCHAPv2 (Enabled)

All others like EAP-AKA, EAP-SIM, EAP-TLS, EAP-GTC (Disabled)

Username: DOMABC\u010101234

Prompt Password: No

Password: ******* (your login password)

Cipher

Enable all like RSA, 3DES, SHA, etc.

WPA2 only mode

Off

Home page

None

Use access point

Automatically




As shown in the table above, ensure that the following settings are made:



WLAN network name: ABC-4U


WLAN network mode: Infrastructure


WLAN security mode: WPA/WPA2



The next step is to ensure that by selecting “WLAN Security settings”, the “WPA/WPA2” option is set to “EAP” (instead of Pre-shared key). Now go to “EAP plug-in settings” menu. First enable “EAP-PEAP” and then disable EAP-SIM and EAP-AKA methods. (Enable / disable can be done via “Options” menu while highlighting the particular EAP method).



Highlight the EAP-PEAP again and select it (or Options >> Edit) to enter EAP-PEAP specific settings.



On EAP-PEAP settings, define:



Personal certificate:  Not defined


Authority certificate:  “ABC-Group-CA”



Please note carefully that the correct “authority certificate” from list of pre-installed CA certificates is selected as PEAP authentication can’t succeed if incorrect Authority Certificate (for this particular network deployment) has been selected or it has been left as “Not defined”.



Please fill in also the other settings as shown in the table and as applicable in your case.



Then go to the next tab on the PEAP settings (named “EAPs”) by hitting right on the directional pad (or touching the arrows in case of touch phone). It is quite easy to miss that PEAP settings view has multiple tabs since the small left/right arrow on top of the screen is the only indication that there are more tabs with additional settings.



On “EAP’s” tab you will need select the actual inner authentication method for EAP-PEAP tunnel.  Enable “EAP-MSCHAPv2” and remember to disable EAP-SIM and EAP-AKA.  



Then edit the EAP-MSHAPv2 settings as indicated in the above table. Take care that username and password are entered correctly, including capitalization of letters.



Third “tab” on the PEAP settings is “Ciphers” but you don’t typically have to modify those, i.e. the ciphers that are enabled by default are typically sufficient.



Finally go “Back” multiple times in order to save the settings you made above.



Rest of the instructions below are more generic (not specific to this PEAP configuration issue), referring to prioritization of the connection methods (access points) and how/which access point will become active when application is looking for connection to internet.