Community discussions

MikroTik App
 
marclobelle
just joined
Topic Author
Posts: 3
Joined: Tue Dec 20, 2011 11:40 am

WPA/WPA2 entreprise with EAP-PEAP autentications

Fri Mar 16, 2012 12:10 am

Hello,
For a project in Benin I plan to buy tens to hundreds of mikrotik access points and routers of different type but this selection of Mikrotik is submit to a hard condition: users must be autheticated using EAP-PEAP and a radius server before accessing to the network.
For the access points, this means WPA/WPA2 entreprise with EAP-PEAP (this uses 802.1x) and for routers, this means that in order to receive an address from the DHCP server they must also be authenticated by EAP-PEAP. Both for the AP as for the router requirements, there are products that support it, say cisco APs, Zcom APs, Huawei leayer 3 switches etc. (that's what I use now)

I would prefer using mikrotik devices everywhere to get the same OS and the same user interface everywhere and this way ease the life of the operators and getting more devices for the money available. But this is only possible if the above requirements are satisfied.

So, 2 questions: 1. Is this supported by routerOS
2. If yes, how can it be configured? is it possible with the last version of the web interface, must one use command line. Could you gie me a clear escription, complete enough to be also usable by the operators.

Thank you in advance and best regards

Marc
 
vik1988
Member Candidate
Member Candidate
Posts: 235
Joined: Sun Oct 25, 2009 2:18 pm
Location: India

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

Fri Mar 16, 2012 6:57 am

Yes Mikrotik Supports EAP/Peap Authentication via Radius on Wireless.

And yes on DHCP too..
mt1.JPG
MT2.JPG
MT3.JPG
You do not have the required permissions to view the files attached to this post.
 
marclobelle
just joined
Topic Author
Posts: 3
Joined: Tue Dec 20, 2011 11:40 am

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

Sun Mar 18, 2012 9:36 pm

I tried as explained for wireless. there are minor differences in the eap wireless screen: I had to select passthrough in eapmethods, not in TLS mode. In tlsmode, I tried nocertificate and dont verify certificate. In both instances several requests are sent, but all time out, there are also many resends but no reply.

Are there other parameters that I should set (called id, domain, realm, src address?

I can ping the radius server i use (81.92.236.228) and the shared secret is correctly used. This radius server is correctly used with cisco and Zcomax APs Coputers connect using EAP-PEAP and EAPTTLS using these non mikrotik APs. I tried with eap-peap from a windows xp notebook.

Do you see what could be wrong ?

Marc
 
vik1988
Member Candidate
Member Candidate
Posts: 235
Joined: Sun Oct 25, 2009 2:18 pm
Location: India

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

Mon Mar 19, 2012 5:56 am

What is the mac-format you used as Username and password and what format is described in Radius Server does matters.

paste logs....
 
dtk001
just joined
Posts: 1
Joined: Fri Apr 25, 2014 12:02 pm

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

Mon Aug 04, 2014 11:35 pm

Hello, I would like to know if MIkrotik is compatible with Microsoft windows server 2008 IAS or NPS ?

Can we authenticate the users via wireless againt AD using Microsoft radius server ?


Kindly confirm if you've already try it before.


Regards,
 
YaroslavEremin
just joined
Posts: 2
Joined: Mon Nov 24, 2014 8:48 am

Re: WPA/WPA2 entreprise with EAP-PEAP autentications

Thu Apr 23, 2015 1:28 pm

Hello, I would like to know if MIkrotik is compatible with Microsoft windows server 2008 IAS or NPS ?

Can we authenticate the users via wireless againt AD using Microsoft radius server ?


Kindly confirm if you've already try it before.


Regards,
In that case Mikrotik just delegate all auth process to Radius (NPS)

/interface wireless security-profiles
add authentication-types=wpa2-eap mode=dynamic-keys name=\
itwonline-peap-ms-chap-v2 radius-mac-mode=as-username-and-password \
supplicant-identity=""

Read more hear https://plus.google.com/+%D0%AF%D1%80%D ... pp3pvuAZne

Who is online

Users browsing this forum: dj23, grusu, synchro and 22 guests