WPA/WPA2 entreprise with EAP-PEAP autentications
Wireless networks

5 posts   •   Page 1 of 1
marclobelle
just joined
 
Posts: 2
Joined: Tue Dec 20, 2011 12:40 pm

WPA/WPA2 entreprise with EAP-PEAP autentications

by marclobelle » Fri Mar 16, 2012 1:10 am

Hello,
For a project in Benin I plan to buy tens to hundreds of mikrotik access points and routers of different type but this selection of Mikrotik is submit to a hard condition: users must be autheticated using EAP-PEAP and a radius server before accessing to the network.
For the access points, this means WPA/WPA2 entreprise with EAP-PEAP (this uses 802.1x) and for routers, this means that in order to receive an address from the DHCP server they must also be authenticated by EAP-PEAP. Both for the AP as for the router requirements, there are products that support it, say cisco APs, Zcom APs, Huawei leayer 3 switches etc. (that's what I use now)

I would prefer using mikrotik devices everywhere to get the same OS and the same user interface everywhere and this way ease the life of the operators and getting more devices for the money available. But this is only possible if the above requirements are satisfied.

So, 2 questions: 1. Is this supported by routerOS
2. If yes, how can it be configured? is it possible with the last version of the web interface, must one use command line. Could you gie me a clear escription, complete enough to be also usable by the operators.

Thank you in advance and best regards

Marc

vik1988
Member Candidate
Member Candidate
 
Posts: 220
Joined: Sun Oct 25, 2009 3:18 pm
Location: India

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

by vik1988 » Fri Mar 16, 2012 7:57 am

Yes Mikrotik Supports EAP/Peap Authentication via Radius on Wireless.

And yes on DHCP too..
mt1.JPG
mt1.JPG (57.62 KiB) Viewed 4209 times
MT2.JPG
MT2.JPG (24.84 KiB) Viewed 4209 times
MT3.JPG
MT3.JPG (19.55 KiB) Viewed 4209 times
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta

marclobelle
just joined
 
Posts: 2
Joined: Tue Dec 20, 2011 12:40 pm

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

by marclobelle » Sun Mar 18, 2012 10:36 pm

I tried as explained for wireless. there are minor differences in the eap wireless screen: I had to select passthrough in eapmethods, not in TLS mode. In tlsmode, I tried nocertificate and dont verify certificate. In both instances several requests are sent, but all time out, there are also many resends but no reply.

Are there other parameters that I should set (called id, domain, realm, src address?

I can ping the radius server i use (81.92.236.228) and the shared secret is correctly used. This radius server is correctly used with cisco and Zcomax APs Coputers connect using EAP-PEAP and EAPTTLS using these non mikrotik APs. I tried with eap-peap from a windows xp notebook.

Do you see what could be wrong ?

Marc

vik1988
Member Candidate
Member Candidate
 
Posts: 220
Joined: Sun Oct 25, 2009 3:18 pm
Location: India

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

by vik1988 » Mon Mar 19, 2012 6:56 am

What is the mac-format you used as Username and password and what format is described in Radius Server does matters.

paste logs....
Vikas Kumar Gupta
If you Like my post then add KARMA
skype- kumarvikas_gupta

dtk001
just joined
 
Posts: 1
Joined: Fri Apr 25, 2014 12:02 pm

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

by dtk001 » Mon Aug 04, 2014 11:35 pm

Hello, I would like to know if MIkrotik is compatible with Microsoft windows server 2008 IAS or NPS ?

Can we authenticate the users via wireless againt AD using Microsoft radius server ?


Kindly confirm if you've already try it before.


Regards,

5 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Yahoo [Bot] and 13 guests

It is currently Thu Nov 27, 2014 12:20 pm