Hello,

I'm trying to configure a mikrotik device ( a mAP lite ) to connect to an Ubiquiti AP which uses 802.1x for AAA.
Is there a way to make the mAP lite act as a wireless client connecting to a 802.1x network ? What will be the configuration required in the Mikrotik device?
I would really appreciate any insights and info.

Best Regards,
Panagiotis Botos

Hmm I believe the latest firmware update may include something that helps........ ??

RouterOS version 6.45.1 has been released in public "stable" channel!
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;

I run this using EAP-TLS from a Mikrotik hAPac device as wireless client with WPA2-Enterprise configured on a UBNT wifi system. It is on 6.44.3; on the hAP, choose station mode, assign the SSID, and the security profile:
Don't forget to load a client cert with private key and the server root so TLS can complete. The UBNT system uses Freeradius on the backend as the AAA server for authentication in this case. I haven't tried it, but looks like you could do PEAP and TTLS as well.

Unfortunately, I can't make it work. No logs whatsoever in NPS ( Windows Server ).
Connecting with my phone to this user works like a charm though.

In the logs of the Mikrotik I can only see:

Failed to connect : authentication failed: unspecified (37)

It seems that it is not even connecting to the AP of ubnt.

I use WPA2 EAP, in authentication Type .
EAP Methods: PEAP
TLS Mode: don't verify certificate ( self signed certificate ).
Add MSCHAPv2 username and password ( credentials checked and are ok ).

I'm really confused on how to make this work.

Usually when I connect with my phone to the Ubnt AP, it asks for username and password, which in turn query NPS server and if creds are ok, it connects the client to the specific vlan.

In case you have any other info that can help me sort this out, I would really appreciate it.

Update:

After thorough checking I seemed to find a solution.
The Ubnt access point advertise both 2 and 5 G wireless SSIDs.

When connecting another mikrotik device ( which supports 5G connections ) it connected just fine.
The mAP lite unfortunately does not support 5G only 2.4G .

So, this is working... Every device I've tried connecting with 5G works as expected.
In order to further test my assumptions, I disabled 5G announcement on the Ubnt AP, so any device will try to connect using 2.4G .
The problem here is that some devices connect normally, and others do not connect at all ( this including a Windows 10 laptop ).

So I'm guessing this has to do with Ubnt and not Mikrotik.
Just information for anyone out there having the same issues.

Update2:

Talked with Ubiquiti support they informed me to disable :

AUTO-OPTIMIZE NETWORK .

Having done that now I can connect with my mikrotik using 2.4G also. Bump.

That's sweet, but for the cases where the UBNT network is not under control of the person who owns the MikroTik, is there any way to configure the MikroTik to "unoptimize" the connection enough to authenticate to the UBNT? I'm stuck in a situation where my smartphone and laptop can connect to the AP with no problem, but the MikroTik cannot. That's not something to brag about.