Accessing 802.1X networks in OS X Lion and Mountain Lion
Learn about accessing 802.1X networks in OS X Lion and Mountain Lion.
In OS X Lion and Mountain Lion, network access using 802.1X authentication is performed by the currently logged-in user. The 802.1X authentication session runs as the user, and will interact with the user to prompt for missing information, such as certificate trust and name and password.
On a Wi-Fi network that requires 802.1X, use the Wi-Fi menu (or Wi-Fi section of Network preferences in Settings) to select a network with a visible SSID. Or, use Join Other Network to connect to a network with a hidden SSID or one that isn't visible in the current list.
When selecting a visible network, the appropriate settings should be automatically chosen, and you should be prompted for your authentication information. When attempting to join a network with a hidden SSID, you will need to know the exact SSID and the proper security option.
On an Ethernet network that requires 802.1X, the authentication process is started immediately after connecting the Ethernet cable to the network. You will be prompted to enter your authentication information. To disable this feature, use the 802.1X tab in Network preferences for the Ethernet interface and uncheck "Enable automatic connection".
This process can be used to join networks with the following EAPOL authentication types:
PEAP
TTLS (see note 1)
LEAP
EAP-FAST (see note 2)
TLS
Notes
TTLS will use MSCHAPv2 as the inner authentication method.
EAP-FAST will only work if the server has a certificate and it either allows access without a PAC or does authenticated PAC provisioning.
Learn more
To access networks that cannot be joined with the above method, or to use a Login Window mode profile or a System mode profile, you will need to contact your network administrator for a .mobileconfig file that contains the correct network configuration information. A .mobileconfig can be created by using the Profile Manager service provided in OS X Server.