I've got 2 TP-Link Archer C7 v2's running OpenWrt.
1 is still running v19.07.8 and the other 1 has been reset and upgraded to v21.02.2
I'm using WPA2 Enterprise so I installed wpad instead of wpad-basic.
The Archer which is running v21.02.2 cannot connect to my Radius authentication server (which is running on a pfSense box). I have triple checked the settings and they should be alright!
Here is a part of the logs:
Fri Feb 25 19:27:03 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 11:7e:f3:1a:4f:a3
Fri Feb 25 19:27:03 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Feb 25 19:27:03 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 11:7e:f3:1a:4f:a3
Fri Feb 25 19:27:03 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Feb 25 19:27:21 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 11:7e:f3:1a:4f:a3
Fri Feb 25 19:27:21 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Feb 25 19:27:21 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 11:7e:f3:1a:4f:a3
Fri Feb 25 19:27:21 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Feb 25 19:27:22 2022 daemon.info hostapd: wlan0: STA 11:7e:f3:1a:4f:a3 IEEE 802.11: authenticated
Fri Feb 25 19:27:22 2022 daemon.info hostapd: wlan0: STA 11:7e:f3:1a:4f:a3 IEEE 802.11: associated (aid 1)
Fri Feb 25 19:27:22 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 11:7e:f3:1a:4f:a3
Fri Feb 25 19:27:22 2022 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Feb 25 19:27:48 2022 daemon.notice hostapd: wlan0: RADIUS No response from Authentication server 192.168.10.1:1812 - failover
Fri Feb 25 19:27:48 2022 daemon.info hostapd: wlan0: RADIUS Authentication server 192.168.10.1:1812
The other Archer which still runs v19.07.8 does not have any problems and can connect to the Radius auth server without problems.
Any one have a clue what's going on?
(Update)
I have changed the IP and Mac addresses for privacy reasons.
Sure it's 192.10.10.1? That's not within rfc1918 192.168.0.0/16 and I doubt that's your assigned public IP space...
can you reach your radius from every AP via ip? have you checked that each radius client can connect and authenticate?
Ok. But are you able to connect to the radius server from die 21.02 AP? I mean the radius client /authenticator not the wifi client.
The wifi client does not connect to the radius. Only the AP. Maybe the IP of the AP has changed and is not configured in the clients.conf of freeradius?
I just had setup freeradius server and aps as clients on 21.02 just fine a few days ago so I doubt that there is an issue just because you now run 21.02....
There's little point in redacting LAN IPs, it only makes sense for MAC addresses and WAN IPs. Better put 192.168.x.x if you'd still like to do it, instead of 192.10.10.1 or anything else that is not a valid private IPv4 range. As you noticed, it confuses people (which makes troubleshooting more difficult).
That aside, might be this is the issue at play? I assume you're using the .2 release no?
If so, check if rolling back to .1 'fixes' it. A fix just landed in the 21.02 branch but you'll need to compile yourself for the moment I think. Not sure if packages will get updated before another point release.
I can say for sure it didn't. Look at the 21.02.2 release tag, it's older than the RADIUS commit. Even if packages will be rebuilt (which happened at some point but I'm not sure they still do), I don't know if images will.
I can confirm: WPA2 Enterprise with Radius is not working under v21.02.2 , at least not for me.
I have tested a few scenarios and once downgraded to 21.02.1 the problem is gone, Radius is working great, no problems.
Though the package is at 40 as far as I can see:
wpad_2020-06-08-5a8b3662-40_mips_24kc.ipk
Updated last Sunday (yesterday) but I just checked and 21.0.2.2 is still having problems for me with Radius and WPA Enterprise EAP.
I updated with the file:
openwrt-21.02.2-ath79-generic-tplink_archer-c7-v2-squashfs-sysupgrade.bin
Yes. Like explained, the packages might see updates but the firmare images probably do not. You need to generate a custom image using the link in post #11. That will use the updated packages you include.
Installed 21.02.1, coming from stock/factory TP-Link firmware.
After that I did the sysupgrade through http://sysupgrade.openwrt.org/ and I'm now running 21.0.2.2 without the "WPA EAP/Enterprise bug".