Community discussions

MikroTik App
 
RicSan
just joined
Topic Author
Posts: 3
Joined: Tue Jul 05, 2022 9:47 am

Wifi Switching to closer AP with Windows -> no authentication

Tue Jul 05, 2022 10:48 am

Hi,
I'm using a Mikrotik CCR2004-16G-2S+ Router with 3 hAP ac^2.
They are configured via Capsman and are configured like this:

Security-Settings Wifi Mikrotik
Authentication Type: WPA2 EAP
Encryption: AES CCM
Group Encryption: aes ccm
Group Key Update: 00:05:00
Passphrare: none
DisablePMKID: checked
EAP Methods: EAP-TLS
EAP Radius Accounting: unchecked
TLS Mode: verify certificate
TLS Certificate: MYCERT

Everything works fine. I got certificates. I can join the network.

BUT

when I'm switching the AP by just walking around my laptop (Win 10) is not able to reconnect to a different AP.
This is working with an android phone with no problems.

The Win event manager shows:
1st attempt to connect to closer AP
Event-ID: 11010
Keywords: (1024),(512)
Encryption: AES-CCMP
FIPS-Mode: Disabled
BSS-Type: Infrastructure
Authentication: WPA2-Enterprise

2nd attempt to reconnect to closer AP
Event-ID: 12014
Keywords: (1024),(512)
BSS-Type: Infrastructure
EAP-Informationtype: 13, proiderID:0, providertype:0, authorID:0

Stops after some tries with
Event-ID: 11006
Reason: 802.1x-Authentication wasn't completed in the defined timespan
Error: 0x5B4


Mikrotik router log
mikrotik caps debug shows:
  • mac@AP4 connected, signal strength -44
->fully functional

after switching position:
  • mac@AP2 connected, signal strength -54
  • mac@AP2 disconnected, max key exchange retries, signal strength -43
  • mac@AP2 connected, signal strength -54
  • mac@AP2 disconnected, max key exchange retries, signal strength -43
  • mac@AP4 disconnected, group key timeout, signal strength -83

When I click to forget the network in Windows10 and reconnect, it works fine and connects.
Only switching to another AP is not.


Already tried
  • to connect to the network in Win10, with several different settings after manually adding the wifi network like
    • selecting only the wanted certificate
    • selecting a different username for the connection (username of the cerficiate)
    • selecting no authentication for new server
    • in 802.1X Settings which is showing after the advanced button I also tried some settings
  • to change the TLS settings in the registry, as described here, but that did not help, or wasn't the correct setting

Any ideas on how to solve this problem with AP change and RE-authentication?
Thanks in advance for any help with this, as I can not find the error.
 
RicSan
just joined
Topic Author
Posts: 3
Joined: Tue Jul 05, 2022 9:47 am

Re: Wifi Switching to closer AP with Windows -> no authentication

Fri Jul 08, 2022 8:36 pm

Additional informations

Going to another AP with better signal strength is working in the following conditions:
  • WPA2 PSK from windows device (win10pro)
  • WPA2 PSK from android device
  • WPA2 EAP from android device

It is not working with windows device (win10pro) on WPA2 EAP after moving to another closer AP, initial connection works.

Since it is working on android, can it be a windows setting?
Or is it a mikrotik setting allowing windows to reconnect properly?

Who is online

Users browsing this forum: Cloudtechiq [Bot], Kuitz and 23 guests