-
-
petecarlson
just joined
- Posts: 5
- Joined:
WPA2 802.1X on mikrotik
I am trying to set up WPA2 (Enterprise) on a Mikrotik AP and am a little confused. I have done this before with wili and other access points but can not figure out how to do it with MK. I have the Radius server set up and working with other access points (wili) running wpa2 enterprise. Is this even possible on MK? Is it just not possible from the qui tool? I know this post is a little light on info so I will update it when I am back at work but I was hoping for a kick in the right direction.
Re: WPA2 802.1X on mikrotik
Yes, of course it is possible for access-point.
1) you need to enable radius client, radius menu is used for that. Add address shared-secret and service wireless.
2) Use interface wireless security-profiles to setup WPA enterprise, like this
'interface wireless security-profiles set default authentication-types=dynamic-keys authentication-types=wpa2-eap eap-methods=passtrough'.
Look for security profiles settings in Winbox to find out these menus.
1) you need to enable radius client, radius menu is used for that. Add address shared-secret and service wireless.
2) Use interface wireless security-profiles to setup WPA enterprise, like this
'interface wireless security-profiles set default authentication-types=dynamic-keys authentication-types=wpa2-eap eap-methods=passtrough'.
Look for security profiles settings in Winbox to find out these menus.
Re: WPA2 802.1X on mikrotik
I'm also having some problems with 802.1x.
I'm running RouterOS on a PC and i have a RADIUS server (with user manager) on the same machine.
The wireless connection is not secure but all users have to identify them selves on my hotspot (also running on the same PC).
Now I want to secure the network using 802.1x so each user has it's own authentication and encryption. Is this scenaro possible?
I realy need help with this.
- Which service should i put? Wireles, login?!?!
- Security profile ->RADIUS (MAC authentication, MAC accounting, EAP accounting?!?!)
I'm running RouterOS on a PC and i have a RADIUS server (with user manager) on the same machine.
The wireless connection is not secure but all users have to identify them selves on my hotspot (also running on the same PC).
Now I want to secure the network using 802.1x so each user has it's own authentication and encryption. Is this scenaro possible?
I realy need help with this.
- Which service should i put? Wireles, login?!?!
- Security profile ->RADIUS (MAC authentication, MAC accounting, EAP accounting?!?!)
Re: WPA2 802.1X on mikrotik
1) For RADIUS client configuration, you need to put wireless.
2) For EAP you need to put at least,
interface wireless security-profiles set default authentication-types=dynamic-keys authentication-types=wpa2-eap eap-methods=passtrough'.
MAC-authentication you need to put, when you need client's MAC-address authentication over RADIUS.
MAC-accounting is used, when accounting for MAC-authenticated clients is required.
EAP-accounting, when accounting is necessary for EAP sessions.
2) For EAP you need to put at least,
interface wireless security-profiles set default authentication-types=dynamic-keys authentication-types=wpa2-eap eap-methods=passtrough'.
MAC-authentication you need to put, when you need client's MAC-address authentication over RADIUS.
MAC-accounting is used, when accounting for MAC-authenticated clients is required.
EAP-accounting, when accounting is necessary for EAP sessions.
Re: WPA2 802.1X on mikrotik
Hm... It`s posible to autenticate diferent port traffic?
for ex.
On the user side: Antenna -- Switch -- PC
|------VOIP
PC autenticates by given user name and VOIP device autenticates by MAC address.
for ex.
On the user side: Antenna -- Switch -- PC
|------VOIP
PC autenticates by given user name and VOIP device autenticates by MAC address.
Re: WPA2 802.1X on mikrotik
You will need to use HotSpot for this,
http://www.mikrotik.com/testdocs/ros/3. ... otspot.php
user is authenticated by login/password form on HTTP page,
VOIP device is authenticated by MAC-address, as soon as it is connected to the network.
http://www.mikrotik.com/testdocs/ros/3. ... otspot.php
user is authenticated by login/password form on HTTP page,
VOIP device is authenticated by MAC-address, as soon as it is connected to the network.
Who is online
Users browsing this forum: No registered users and 13 guests