Hi Guys,
I set up a WPA3-eap connection between two WAP-AX (ROS 7.21.3)
If I use 5GHz interfaces all is fine. If I try to use 2GHz the connection not working as expected, howerver after a few try 10-20 depends it works.
5GHz
04:F4:1C:CC:0E:41@wifi2(Test-SSID): connected on 5200/ax/eC/I, signal -22
04:F4:1C:CC:0E:41@wifi2(Test-SSID): authorized, signal -22
Same Usermanager, same radius only the interface was switched from 5GHz to 2GHz with tunr on/turn off. in radius no Access-Reject
only in wireless are disconnected reason code 3
04:F4:1C:CC:0E:40@wifi1(Test-SSID): connected on 2437/n, signal -24
04:F4:1C:CC:0E:40@wifi1(Test-SSID): disconnected, reason code 3, signal -24
AP Config:
5GHz:
set [ find default-name=wifi2 ] channel.band=5ghz-ax .frequency=5200 .skip-dfs-channels=all .width=20/40mhz configuration.country=Hungary .hide-ssid=yes .mode=ap .ssid=Test-SSID disabled=no security.authentication-types=wpa3-eap .disable-pmkid=yes
.eap-methods=tls .management-encryption=cmac .management-protection=required
2GHz
set [ find default-name=wifi1 ] channel.band=2ghz-ax .frequency=2437 .width=20mhz configuration.country=Hungary .hide-ssid=yes .mode=ap .ssid=Test-SSID security.authentication-types=wpa3-eap .disable-pmkid=yes .eap-methods=tls .management-encryption=
cmac .management-protection=required
Clinet Config:
5Ghz
set [ find default-name=wifi2 ] channel.band=5ghz-ax .frequency=5200 .skip-dfs-channels=all .width=20/40mhz configuration.country=Hungary .mode=station-bridge .ssid=Test-SSID disabled=no security.authentication-types=wpa3-eap .eap-certificate-mode=
verify-certificate .eap-methods=tls .eap-tls-certificate=Test-Client1 .eap-username=Test-Client1@radius.Test .management-encryption=cmac .management-protection=required
2GHz
set [ find default-name=wifi1 ] channel.band=2ghz-ax .frequency=2437 .width=20mhz configuration.country=Hungary .mode=station-bridge .ssid=Test-SSID security.authentication-types=wpa3-eap .disable-pmkid=yes .eap-certificate-mode=verify-certificate
.eap-methods=tls .eap-tls-certificate=Test-Client1 .eap-username=Test-Client1@radius.Test .management-encryption=cmac .management-protection=required
The “long“ log:
@wifi1(Test-SSID): disconnected, reason code 3, signal -24
@wifi1(Test-SSID): connected on 2437/ax, signal -24
@wifi1(Test-SSID): disconnected, reason code 3, signal -24
@wifi1(Test-SSID): connected on 2437/ax, signal -24
@wifi1(Test-SSID): disconnected, reason code 3, signal -24
@wifi1(Test-SSID): connected on 2437/ax, signal -25
@wifi1(Test-SSID): disconnected, reason code 3, signal -25
@wifi1(Test-SSID): connected on 2437/ax, signal -25
@wifi1(Test-SSID): disconnected, reason code 3, signal -25
………..@wifi1(Test-SSID): connected on 2437/ax, signal -24
@wifi1(Test-SSID): disconnected, reason code 3, signal -24
@wifi1(Test-SSID): connected on 2437/ax, signal -25
@wifi1(Test-SSID): disconnected, reason code 3, signal -25
@wifi1(Test-SSID): connected on 2437/ax, signal -24
@wifi1(Test-SSID): disconnected, reason code 3, signal -24
@wifi1(Test-SSID): connected on 2437/ax, signal -25
@wifi1(Test-SSID): authorized, signal -25
On Radius side not reject, and as it operate like a charm on 5GHz I assume the issue is the Wifi not the Radius/Usermanager combo
I hope somebody have an idea ehat could be the problem