...
- Be valid and signed by an authority, which is trusted by the device running User Manager
- Have the user name in the Common Subject Alt Name (CN) fieldSAN) field. For backward compatibility, you can also add it in the CN field. For more information please see: https://datatracker.ietf.org/doc/html/rfc5216#section-5.2
Finally, the WPA3 enterprise specification includes an extra secure mode, which provides 192-bit cryptographic security.
...
Code Block | ||||
---|---|---|---|---|
| ||||
# Configuring radius client
/radius
add address=10.0.0.10 secret="Use a secure password generator for this" service=wireless timeout=1s
/radius incoming
set accept=yes
# Adding a security profile and applying it to wireless interfaces
/interface/wireless/security-profile
add name=radius mode=dynamic-keys authentication-types=wpa2-eap
/interface/wireless
set [find] security-profile=radius |
...
Code Block | ||||
---|---|---|---|---|
| ||||
# Configuring radius client
/radius
add address=10.0.0.10 secret="Use a secure password generator for this too" service=wireless timeout=1s
/radius incoming
set accept=yes
# Configuring enabled authentication types. Can also be done via a security profile, but note that interface properties, if specified, override profile properties
/interface/wifiwave2 set [find] security.authentication-types=wpa2-eap,wpa3-eap |
...
When connecting to a network with EAP authentication, Android devices ask the user to specify a 'domain'. This refers to the expected top-level domain of the host name included in the RADIUS server's TLS certificate ( 'mikrotik.test' in our example).
...