The 802.11S mesh I set up also shows as "wpa2 -" on a scan from the web UI when not connected, but that changes to "open" when the mesh connects.
I'd guess the UI is using the output from iwinfo?
When the mesh link is up and running:
root@Router:~# iwinfo mesh0 scan
reports "Encryption: none"
root@Router:~# iwinfo phy0 scan
Encryption: WPA2 NONE (CCMP)
root@Router:~# iwinfo mesh0 info
An app on a mobile running android 8 reports the encryption as WPA2-EAP
Other devices show the mesh network as open.
These are the relevant settings I'm using.
config wifi-iface 'mesh0'
option disabled '0'
option device 'radio0'
option ifname 'mesh0'
option mode 'mesh'
option mesh_fwding '1'
option mesh_id 'My Mesh'
option encryption 'psk2+ccmp'
option sae_password 'MyPassword'
option key 'MyPassword'
option network 'lan'
config interface 'lan'
option ifname 'eth0.1 mesh0'
I also found that the generated wpa_supplicant-mesh0.conf uses the password from option key in the wireless file not from "option sae_password". If I omit "option key" in the wireless file, even though I set a password in "sae_password", sae_password" in wpa_supplicant is blank, so I don't think option sae_password in /etc/config/wireless is used.
Apart from encryption which I'm not sure if it is working right the mesh connection works fine and I also have an access point running on the same radio (phy0)
This is on a bt hub 5a running 18.06.1