Hi. I’m developing Hotspot 2.0 wireless service with hAP ac (RB962UiGS-5HacT2HnT).
The RouterOS version is 6.38.5 (stable), and I’m testing with iPhone 6S (iOS 10.3.1).
The radius server is freeradius 3.0.10 and authentication is PEAP-MS-CHAPv2.
I could connect hAP ac with iOS that installed my hotspot2.0 .mobileconfig profile. It works with Cisco Meraki Hotspot 2.0.
But hAP ac disconnect the wireless connection after 10-30 minitue.
I found when hAP disconnect the client, its reached 100% CPU usage.
When I got this situation, I can reboot hAP ac from CLI, and set interworking-profile again, the connection back.
Otherwize the client can not reconnect without set interworking-profile again.
I din’t have any problem without Hotspot 2.0 function, I mean if I didn’t set the interworking-profile to wireless interface and connect with just 802.1x PEAP-MS-CHARv2, it is stable.
Here is my current settings;
[admin@MikroTik] > /interface wireless set 1 interworking-profile=pirosap
[admin@MikroTik] > /interface wireless print
Flags: X - disabled, R - running
0 X (snipped)1 name=“wlan2” mtu=1500 l2mtu=1600 mac-address=6C:3B:6B:xx:xx:xx arp=enabled interface-type=Atheros AR9888 mode=ap-bridge
ssid=“MikroTik-HS20” frequency=auto band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee scan-list=default
wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no
bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0
hide-ssid=no security-profile=1X compression=no[admin@MikroTik] > /interface wireless security-profiles print
Flags: * - default
0 * name=“default” (snipped)1 name=“1X” mode=dynamic-keys authentication-types=wpa2-eap unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key=“”
wpa2-pre-shared-key=“” supplicant-identity=“MikroTik” eap-methods=passthrough tls-mode=no-certificates tls-certificate=none
mschapv2-username=“” mschapv2-password=“” static-algo-0=none static-key-0=“” static-algo-1=none static-key-1=“”
static-algo-2=none static-key-2=“” static-algo-3=none static-key-3=“” static-transmit-key=key-0 static-sta-private-algo=none
static-sta-private-key=“” radius-mac-authentication=no radius-mac-accounting=no radius-eap-accounting=no interim-update=0s
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username radius-mac-caching=disabled group-key-update=5m
management-protection=disabled management-protection-key=“”[admin@MikroTik] > /interface wireless interworking-profiles print
0 name=“pirosap” network-type=wildcard internet=yes asra=no esr=no uesa=no venue=unspecified hessid=00:00:00:00:00:00 hotspot20=yes
hotspot20-dgaf=yes roaming-ois=“” venue-names=“” authentication-types=“” ipv4-availability=not-available
ipv6-availability=not-available realms=“” 3gpp=“” domain-names=ngh.pirosap.tech operator-names=NGH testbed by pirosap.tech
wan-status=reserved wan-symmetric=no wan-at-capacity=no wan-downlink=0 wan-uplink=0 wan-downlink-load=0 wan-uplink-load=0
wan-measurement-duration=0 connection-capabilities=“” operational-classes=“”[admin@MikroTik] > /radius print
Flags: X - disabledSERVICE CALLED-ID DOMAIN ADDRESS SECRET
0 wireless 172.31.0.x xxxxxxxx
[admin@MikroTik] > /system resource monitor
cpu-used: 1%
cpu-used-per-cpu: 1%
free-memory: 104728KiB
The client can connect as below;
########## client disconnected but SSH is still have responce ###
[admin@MikroTik] /system> /system resource monitor
cpu-used: 100%
cpu-used-per-cpu: 100%
free-memory: 102264KiB
Any idea?
I can send my support.rif to support team if it help.