Hi,
when I authenticate a standalone AP against RADIUS server, it runs smoothly with such a config:
/interface wireless security-profiles
set [ find default=yes ] group-ciphers=“” group-key-update=30m supplicant-identity=somenamehere unicast-ciphers=“”
add authentication-types=wpa2-eap group-ciphers=tkip,aes-ccm group-key-update=30m interim-update=2m management-protection-key=somepassword mode=dynamic-keys name=eduroam
radius-eap-accounting=yes radius-mac-format=XXXX:XXXX:XXXX radius-mac-mode=as-username-and-password supplicant-identity=somenamehere unicast-ciphers=tkip,aes-ccm
/radius
add address=someIPv4address secret=somepassword service=wireless
but it takes some nasty time when an AP is CAP of CAPsMAN-CM2 as of 6.34.2: a station “checks conditions” for maybe 10 seconds before authenticating successfully.
/caps-man datapath
add bridge=eduroam client-to-client-forwarding=no local-forwarding=no name=eduroam-managerforwarding
/caps-man security
add authentication-types=wpa2-eap eap-methods=passthrough eap-radius-accounting=yes encryption=aes-ccm group-encryption=aes-ccm name=eduroam-security passphrase=“there is no eap”
/caps-man configuration
add channel=auto-N2-20 country=“czech republic” datapath=eduroam-managerforwarding guard-interval=any mode=ap multicast-helper=default name=eduroam2g-cfg rx-chains=0,1 security=eduroam-security security.eap-radius-accounting=yes ssid=eduroam
tx-chains=0,1
/caps-man aaa
set mac-caching=1h mac-mode=as-username-and-password
/radius
add address=someIPv4address secret=somepassword service=wireless timeout=1s