Category Archives: Networking

Unifi WPA Enterprise EAP-TLS and USG

Leave a reply

On the continued quest for more security on my home network, I wanted to implement WPA2-Enterprise on my home network. This post details how.

I have a USG (the “old” three port version); a Cloud Key (not relevant) and several AP from Unifi. The USG is running the RADIUS server.

The TL:DR; is as follows:

  • Create and generate certificates for your own Certificate Authority. This blog has details in this post: Create an SSL certificate chain and your own root certificate authority
  • Use your CA certificate, place it on the USG
  • Edit Freeradius’ eap.conf
  • Make it permanent by creating a post-config.d script
  • Generate client certificates for all devices that need to connect wirelessly
  • Link the CN from the client certificate to an entry in the RADIUS users

For details, read more, but be warned: this is a long read!

Continue reading

Multiple VLANs on Windows 10

Leave a reply

First, enable Hyper-V on your Windows 10 installation (Pro or Enterprise), by opening an elevated PowerShell:

 Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

This will require a restart.

After restarting, go into the start menu and start the Hyper-V-management utility. Again, do this “As Administrator” because it will require elevated privileges.

Then, assuming your switch port is correctly configured, note your native VLAN and your tagged VLAN. In my case, the tagged VLAN is 29.

In Hyper-V-manager, go to the Virtual Switch Manager.

Create a new virtual switch of type “External”. Give it an appropriate name and tag the correct VLAN (in my case, 29).

Now, in the network control panel, you should have three adapters: one for your physical network card (the one you always had), a Default Switch and your newly created switch.

By default, only the latter two will be configured to receive IP addresses. This is why you need to go into the properties of the physical adapter, and re-enable the IPv4 and IPv6 protocols, configuring them as you like (in my case through DHCP).

Also, feel free to disable and enable the Hyper-V network switches as you like. Especially if you are not using the virtual machine aspect of Hyper-V, I leave mine disabled most of the time, until such case I need to have native access to the other VLAN.