Versions Compared

Old Version 5

changes.mady.by.user Toms Filatovs

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (0testing)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add configuration lines to accept CoA messages from RADIUS server.

...

  1. Be valid and signed by an authority, which is trusted by the device running User Manager
  2. Have the user name in the Common Subject Alt Name (CN) fieldSAN) field. For backward compatibility, you can also add it in the CN field. For more information please see: https://datatracker.ietf.org/doc/html/rfc5216#section-5.2 

Finally, the WPA3 enterprise specification includes an extra secure mode, which provides 192-bit cryptographic security.

...

Code Block
languageros
titleCommands executed on ap1
# Configuring radius client
/radius
add address=10.0.0.10 secret="Use a secure password generator for this" service=wireless timeout=1s
/radius incoming
set accept=yes
# Adding a security profile and applying it to wireless interfaces
/interface/wireless/security-profile
add name=radius mode=dynamic-keys authentication-types=wpa2-eap
/interface/wireless
set [find] security-profile=radius

...

Code Block
languageros
titleCommands executed on ap2
# Configuring radius client
/radius
add address=10.0.0.10 secret="Use a secure password generator for this too" service=wireless timeout=1s
/radius incoming
set accept=yes
# Configuring enabled authentication types. Can also be done via a security profile, but note that interface properties, if specified, override profile properties
/interface/wifiwave2 set [find] security.authentication-types=wpa2-eap,wpa3-eap

...

When connecting to a network with EAP authentication, Android devices ask the user to specify a 'domain'. This refers to the expected top-level domain of the host name included in the RADIUS server's TLS certificate ( 'mikrotik.test' in our example).

...