MikroTik + EAP-TLS + Non-Channel 1 / Apple iOS issues
I know a few of you guys are using MikroTik offerings in the enterprise, so I hope to pick your brain(s). I have many, many RB433UAH's deployed worldwide as simple WAPs. I've been looking to move to 802.1x EAP-TLS via an external FreeRadius server. I have our HP Procurves using the FreeRadius server without issue. Infact, the only devices that seem to have issues are the MikroTik devices. For one, only channel 1 seems to work with 802.1x. If I change the channel to ANYTHING else, clients refuse to auth. Secondly, newer iOS devices (iOS 5 and newer, I believe) refuse to auth entirely. I have an older iPod touch that is on iOS4 that can authenticate on channel 1. Have any of you guys seen issues like this? Thanks. -- Thomas York
We had some issues with apple devices recently on a new MT using WPA2 and preshared key - might not be the same but... The preamble mode was important plus the auth types needed to drop any older auth options types as apple seems to only accept the latest versions We had iphones, macbook airs and some macs not connect These were the settings that made everything spring to life as best I recall ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any ht-rxchains=0,1 ht-txchains=0,1 preamble-mode=long proprietary-extensions=post-2.9.25 eap-methods=passthrough group-ciphers=aes-ccm unicast-ciphers=aes-ccm Cheers Duncan On 4/04/2013, at 2:55 AM, "Thomas York" <straterra@fuhell.com> wrote:
I know a few of you guys are using MikroTik offerings in the enterprise, so I hope to pick your brain(s). I have many, many RB433UAH's deployed worldwide as simple WAPs. I've been looking to move to 802.1x EAP-TLS via an external FreeRadius server. I have our HP Procurves using the FreeRadius server without issue. Infact, the only devices that seem to have issues are the MikroTik devices.
For one, only channel 1 seems to work with 802.1x. If I change the channel to ANYTHING else, clients refuse to auth. Secondly, newer iOS devices (iOS 5 and newer, I believe) refuse to auth entirely. I have an older iPod touch that is on iOS4 that can authenticate on channel 1.
Have any of you guys seen issues like this? Thanks.
-- Thomas York
participants (2)
-
Duncan Turnbull
-
Thomas York