How to Configure 802.1x Authentication

All devices have different configuration interfaces and options, so maintaining a universal step-by-step configuration guide is impractical. Please contact your device vendor for detailed step-by-step instructions.

Regardless of device type, the following parameters need to be set properly to use 802.1x on Mason’s networks. Some devices (Mac, iOS), will work with our network configuration without additional user configuration. If that’s the case, please skip to the Identity and Password section.

Step 1

Specify 802.1x as the authentication method

802.1x configuration parameters are generally tied to a physical interface for wired network access or a specific wireless network for wireless access. When configuring your interface or wireless network, look for keywords “802.1x,” “802.1x EAP,” or “WPA2 Enterprise with 802.1x” to access and set the appropriate configuration options.

Step 2

EAP method: PEAP

You will be asked to specify an “EAP method,” “outer authentication method,” “primary authentication method,” or “phase 1 authentication method.” To operate with Mason’s network authentication system, choose “Protected EAP” or “PEAP.”

Step 3

Inner authentication method: MSCHAPV2

You will also be asked to specify an “inner authentication method,” “secondary authentication method,” or “phase 2 authentication method.” To operate with Mason’s network authentication system, choose “MSCHAPV2” or “MSCHAP-V2.”

Step 4

Digital Certificates

Not all devices require this, but to verify Mason’s authentication system, you’ll need to trust its digital certificate by accepting and installing the un-verified certificate when presented. The certificate is presented by our authentication system, majestic.net.gmu.edu, and signed by InCommon.

Step 5

Identity and Password: NetID and Patriot Pass Password

The final critical pieces you need to authenticate are your identity or username and password. Some systems will also offer an anonymous identity. The anonymous identity must either match the identity or username exactly or be left empty. Your identity is your Patriot Pass username with the qualifier @mesa.gmu.edu. For example, the user with Patriot Pass username “gmason” should use "gmason@mesa.gmu.edu" as the identity. The password is your Patriot Pass Password.

The configuration and credentials are generally stored on your device, though some devices offer the option of requiring the password each time you connect to the network. Be sure to safeguard this information by using a login or unlock mechanism on your device. Patriot Pass Passwords expire every 180 days. When you change your password through the Patriot Pass process, you will also need to update your password on all of your devices. Some devices have an easy modify option while others require that you “forget” the configuration and start over. Please see your device vendor’s documentation for details.