Networks
A Network in IronWifi is the fundamental configuration entity that represents a WiFi network deployment. It contains the RADIUS server settings (IP addresses, ports, and shared secret) that your access points use to authenticate users. Every IronWifi deployment starts with creating a Network.
How Networks Map to Infrastructure
Each Network in IronWifi corresponds to a set of RADIUS servers that your access points or WiFi controllers connect to. When a user tries to connect to your WiFi, the access point sends an authentication request to IronWifi's RADIUS servers using the credentials from your Network configuration.
A typical mapping:
- One Network = one set of RADIUS server settings
- One or more SSIDs on your access points can point to the same Network
- Multiple access points across locations can share the same Network
Creating a New Network
- Log in to the IronWifi Console
- Navigate to Networks
- Click Create Network
- Choose a Region closest to your access points for lowest latency
- The system generates your RADIUS server details
After creation, you will receive:
| Setting | Description |
|---|---|
| RADIUS Server IPs | Primary and secondary server addresses (use both for failover) |
| Authentication Port | Port for authentication requests |
| Accounting Port | Port for accounting/session tracking |
| Shared Secret | Secret key shared between your AP/controller and IronWifi |
Always configure both the primary and secondary RADIUS servers on your access points. If the primary becomes unreachable, your APs will fail over to the secondary automatically.
Key Network Settings
Region
Select the region closest to your access points to minimize authentication latency. Available regions include North America, Europe, and Asia-Pacific. Authentication requests travel from your AP to IronWifi's RADIUS servers, so geographic proximity matters for response time.
RADIUS Servers
Each Network provides two RADIUS server IPs for redundancy. Configure your access point or WiFi controller with:
- Primary RADIUS Server -- IP address, authentication port, accounting port, shared secret
- Secondary RADIUS Server -- same ports and shared secret, different IP address
See Configuration Guides for step-by-step instructions for your specific AP vendor (Cisco Meraki, Ubiquiti UniFi, Aruba, Ruckus, MikroTik, TP-Link, and more).
Shared Secret
The shared secret is a password shared between your access point and IronWifi's RADIUS servers. It encrypts the communication between them. Each Network has its own shared secret.
Keep your shared secret secure. Do not share it publicly or commit it to version control. If you suspect it has been compromised, regenerate it in the IronWifi Console.
How Networks Relate to Other Entities
Networks and Captive Portals
A Captive Portal is attached to a Network. When users connect to your WiFi and are redirected to a captive portal for authentication, the portal authenticates them against the Network's RADIUS infrastructure.
Networks and Users / Groups
Users and Groups are organization-wide -- they are not scoped to a single Network. A user can authenticate against any Network in your account. Groups control what happens after authentication (bandwidth limits, VLAN assignment, session timeouts).
Networks and Venues
Venues represent physical locations. You can associate access points with Venues for location-based reporting and management, independent of which Network they authenticate against.
Multi-Network Configurations
You may want multiple Networks when:
- Different regions -- create a Network in each region where you have access points to minimize latency
- Different SSIDs with different policies -- for example, one Network for WPA2-Enterprise employee access and another for captive portal guest access
- Separate deployments -- distinct WiFi deployments that should have independent RADIUS configurations
Each Network has its own RADIUS servers, ports, and shared secret. Access points are configured to point to a specific Network's RADIUS settings.
Best Practices
- Use both RADIUS servers -- always configure primary and secondary for failover
- Choose the right region -- select the region closest to your access points
- Secure your shared secret -- treat it like a password; rotate if compromised
- One Network per RADIUS policy -- if you need different RADIUS settings for different SSIDs, create separate Networks
- Label clearly -- give Networks descriptive names that reflect their purpose (e.g., "HQ Guest WiFi", "Europe Employee Network")
Troubleshooting
Access Point Cannot Reach RADIUS Server
- Verify the RADIUS server IPs, ports, and shared secret match exactly between the IronWifi Console and your AP configuration
- Ensure your firewall allows outbound UDP traffic on the authentication and accounting ports to IronWifi's RADIUS IPs
- Test connectivity from your AP's network to the RADIUS server IPs
Authentication Requests Timing Out
- Check that you selected the correct region for your Network
- Verify network connectivity between your AP and the internet
- Try the secondary RADIUS server to rule out a primary server issue
- See Troubleshooting Guide and Solving Access-Reject Issues
Related Topics
- Quick Start Guide -- set up your first Network
- Configuration Guides -- AP-specific RADIUS setup
- Groups & Policies -- control access after authentication
- Captive Portals -- guest WiFi authentication
- RADIUS Caching & Failover -- advanced RADIUS configuration
- Service Monitor -- monitor authentication activity