Successfully using MP with WPA2, and it's a big security improvement
I have configured separate guest and main wifi passphrases:- MP x 2
- VLAN for guest network only (including pool, IP address for router, and DHCP server)
- Firewall filter denying access from guest VLAN to main LAN
- Security profile x 2, one with guest MP, other with main MP. Both use WPA2
- Config profile x 2, one with guest security profile, other with main
- extra wifi interface with guest config profile (existing master interface has main config profile)
I know PPSK doesn't support WPA3, but I was hoping they could co-exist. In other words, the security profile of the main (high trust) wifi uses a regular passphrase (not MP/PPSK) and WPA3. In effect, changing the above setup to:
- MP x 1
- Security profile x 2, one with guest MP, other with main security profile that has a regular passphrase (not MP) and WPA3
then as before. That way, the low-trust guest network has the "wild west" devices, but this is fine because they can't connect out to the main LAN, and the devices that connect to the main wifi use nice modern, WPA3 security. WPA3 would be on its own interface, config & security profiles without multi-passphrase.
But this doesn't work. The guests can still connect using their MP, but the main LAN wifi devices fail to authenticate (eg "incorrect password" on iOS - is an iPhone 11, which supports WPA3). Is this a limitation of PPSK, or Mikrotik's implementation?
I'm on latest testing release: 7.17rc3.
