Hi all!
We have SSID with WPA/WPA2 802.1x authentication (Cisco lightweight-based AP). As radius server, we use ISE.
In addition, we have some printers that do not support 802.1x authentication via wireless, so what we want is to have some device that will act as bridge between our corporate wireless and printers.
For tests, we bought RouterBoard mAP (Firmware 6.41).
I imported certificate for 802.1x on mAP, created security profile with EAP-TLS method and chose previously imported certificate.
On logs mAP get errors:
“lost connection, 802.1x authentification failed”
“failed to connect on 2462/20/gn, association failed: unspecifed(1)”
On radius logs for mAP endpoint ID:
“Unexpectedly received empty TLS message; treating as a rejection by the client”
I tried (for test) set up SSID with PSK and created another security profile for this SSID. Everything is working as expected - mAP translate traffic from printer (connected to mAP via wired) to corporate network. Therefore, other settings (bridge configuration, NAT rules, firewall rules etc.) is ok, only security profile was changed.
What I am doing wrong or eap-tls not support in station mode(as client for 802.1x) on Mikrotik AP?