MikroTik

Community discussions
https://forum.mikrotik.com/

WPA2 EAP and "pre-auth" tag missing

https://forum.mikrotik.com/viewtopic.php?t=126662

Page 1 of 1

WPA2 EAP and "pre-auth" tag missing

Posted: Sat Oct 14, 2017 11:38 pm
by meristo
Hello, I'm new of Mikrotik product.

I have an hAP ac and 2 Asus Router that I use as Access point. I configurated my Mikrotik WiFi in this manner (with Radius Authentication):
Code: Select all
/interface wireless print detail 
Flags: X - disabled, R - running 
 0  R name="wlan1" mtu=1500 l2mtu=1600 mac-address=xx:xx:xx:xx:xx arp=enabled 
      interface-type=Atheros AR9300 mode=ap-bridge ssid="Bla" 
      frequency=2462 band=2ghz-b/g/n channel-width=20mhz scan-list=default 
      wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled 
      wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 
      default-client-tx-limit=0 hide-ssid=no security-profile=EAP-RADIUS 
      compression=no 

 1    name="wlan2" mtu=1500 l2mtu=1600 mac-address=xx:xx:xx:xx:xx arp=enabled 
      interface-type=Atheros AR9888 mode=ap-bridge ssid="Bla" 
      frequency=5200 band=5ghz-a/n/ac channel-width=20/40mhz-Ce 
      scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=EAP-RADIUS compression=no
My problem is that on Asus Routers I see in wifi properties of my phone (with Wifi Analyzer app) :
[WPA2-EAP-CCMP+TKIP-preauth][ESS]

on Mikrotik board I see:
[WPA2-EAP-CCMP+TKIP][ESS]

The difference is pre-auth tag that is missing on Mikrotik router. Can I add it?

Thanks

Re: WPA2 EAP and "pre-auth" tag missing

Posted: Sun Oct 15, 2017 6:25 pm
by Petri
Preauthentication has to do with roaming. When the client detects a new AP with the same SSID it will automatically authenticate with it just in case it will switch to using that AP. That makes the switch seamless, if it occurs. Of course this could lead to many unnecessary authentications as well, but that doesn't bother the user.
Probably the message you are seeing means that your phone was earlier connected to another AP and roamed with preauthenticated credentials to the Asus.

Re: WPA2 EAP and "pre-auth" tag missing

Posted: Mon Dec 18, 2017 8:33 pm
by Gau28
Hi Meristo,

May-be, can you help me on my post viewtopic.php?t=128785
I wish to connect a AP in station mode to an existing wifi with EAP. Is-it what you do on your side ?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/