Community discussions

 
phase2auth
just joined
Topic Author
Posts: 3
Joined: Sat Jan 05, 2013 2:58 am

Problems connecting to EAP-TLS network

Sat Jan 05, 2013 3:08 am

Hello,

I have a RouterBoard 411AH with a R52Hn wireless NIC. I am having trouble getting it to connect to an Aruba AP. The RouterBoard is in station mode and we have successfully attached it to other networks.

We know it is attaching to the intended network, however, it times out while after receiving:
D8:C7:C8:FE:7E:F0@wlan1: EAP method 13 requested, proceed
Here is the current security-profile for this network:

RouterOS Security Profile
name="WLAN" mode=dynamic-keys authentication-types=wpa-eap,wpa2-eap unicast-ciphers=tkip,aes-ccm group-ciphers=tkip,aes-ccm 
     wpa-pre-shared-key="" wpa2-pre-shared-key="" supplicant-identity="002722988A71" eap-methods=eap-tls tls-mode=dont-verify-certificate 
     tls-certificate=cert1 static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" 
     static-algo-3=none static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" 
     radius-mac-authentication=yes radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XXXXXXXXXXXX 
     radius-mac-mode=as-username radius-mac-caching=disabled group-key-update=5m management-protection=disabled 
     management-protection-key="" 
Here is a wpa supplicant configuration we have used to connect to this network with other devices.

WPA Supplicant Configuration
network={
ssid="NETWORK"
priority=1
scan_ssid=1
key_mgmt=WPA-EAP IEEE8021X NONE
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
identity="002722AA3395"
password=
phase2="auth=MSCHAPV2"
ca_cert="/etc/persistent/cert/cacert.pem"
client_cert="/etc/persistent/cert/cert.pem"
private_key="/etc/persistent/cert/key.der"
private_key_passwd="PASSWORD"
}
Is this something we can implement in RouterOS?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6615
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Problems connecting to EAP-TLS network

Mon Jan 07, 2013 4:59 pm

Please enable 'wireless,debug' logs on station router and post them here (make sure you have correct time settings on both ends).
 
phase2auth
just joined
Topic Author
Posts: 3
Joined: Sat Jan 05, 2013 2:58 am

Re: Problems connecting to EAP-TLS network

Mon Jan 07, 2013 7:25 pm

Thanks for the reply.

wireless,debug is enabled, output below.
12:23:12 wireless,debug wlan1: no network that satisfies connect-list, by default choose with strongest signal
12:23:12 wireless,info D8:C7:C8:FE:7E:F0@wlan1 established connection on 2437, SSID WLAN
12:23:12 wireless,debug D8:C7:C8:FE:7E:F0@wlan1: EAP method 17 requested, deny
12:23:12 wireless,debug D8:C7:C8:FE:7E:F0@wlan1: EAP method 13 requested, proceed
12:23:24 wireless,debug D8:C7:C8:FE:7E:F0@wlan1: EAP failure - timeout
12:23:24 wireless,info D8:C7:C8:FE:7E:F0@wlan1: lost connection, 802.1x authentication failed
Times match on both ends.
 
phase2auth
just joined
Topic Author
Posts: 3
Joined: Sat Jan 05, 2013 2:58 am

Re: Problems connecting to EAP-TLS network

Mon Jan 07, 2013 9:34 pm

Test
 
fabiopires
just joined
Posts: 5
Joined: Tue Aug 06, 2013 4:33 pm

Re: Problems connecting to EAP-TLS network

Wed Aug 14, 2013 12:54 am

Did you solved the problem ?
 
User avatar
SiB
Member Candidate
Member Candidate
Posts: 169
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Problems connecting to EAP-TLS network

Sun Sep 16, 2018 3:07 am

I have problem with "802.1x authentication failed" and source of problem was expired certification who was re-created. We must at MS CA revoke cert and create a new request for cert, sign it and PC start work with 802.1x .
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL | WebChat: Tokonda
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software

Who is online

Users browsing this forum: No registered users and 11 guests