Hello,
it's the first time I'm setting up WPA enterprise. The router will be both an access point and RADIUS server. I didn't find any guide on how to set this up, but only guides on how to set them in separate devices. I think that, with both client and server in the same machine, secure protocols like EAP-TLS and EAP-PEAP, present in these guides, are pointless. But I just wanted to confirm this. Is there any advantage using them? Any possible attack that can be avoided?
And there's any guide dedicated to set both in the same device?
Thank you.
I agree they would be pointless, as your own router would have to be compromised already for the attacker to try to intercept them.
If there is no guide in the wiki, I am not aware of any other guide.
Most guides, targeting the already small percentage of users going this route in the first place, probably assume integrating with an already existing windows domain and its RADIUS implementation. The other major user of IEEE8021X is the enterprise sector (universities, large corporations), which tend to use commercial devices and/ or extremely sophisticated campus wide installation (or even global ones, thinking about EDUroam).