Hi,
I experience problems with WDS and WPA2 enterprise.

There are two access points:
- AP4: the access point that provides access to the wired network, Openwrt (trunk r49390) with wpad - 2016-01-15-2, TP Link Archer C7, v2
- AP5: the device that should connect to AP4 (the station) and provides wired access to some clients, Openwrt (trunk r49390), with wpad - 2016-01-15-2

If I use a laptop to connect to AP4 directly, the laptop associates with AP4, obtains the correct VLAN from Packetfence, and there is connectivity.
If I use WPA *personal*, AP5 connects correctly to AP 4 via WDS.

However, WDS in combination with WPA *Enterprise* fails.

AP5 associates with AP4:
On AP4:
iw dev wlan1.20 station dump:
Station <AP5 mac address> (on wlan1.20)
        inactive time:  500 ms
        rx bytes:       7532
        rx packets:     35
        tx bytes:       4537
        tx packets:     18
        tx retries:     0
        tx failed:      0
        signal:         -25 [-30, -28, -33] dBm
        signal avg:     -25 [-29, -29, -32] dBm
        tx bitrate:     1.0 MBit/s
        rx bitrate:     104.0 MBit/s MCS 13
        expected throughput:    0.640Mbps
        authorized:     yes
        authenticated:  yes
        preamble:       short
        WMM/WME:        yes
        MFP:            no
        TDLS peer:      no
        connected time: 43 seconds


Also, wlan1.20 seems to be put in the right VLAN:
On AP4:
brctl show
br-vlan20               7fff.60e327e20688       no              eth1.20
                                                        wlan1.20

I have used Wireshark/tcpdump to examine the traffic of AP4 (the wireless interface), both on AP4 and AP5:

On AP5, I see that the radius dialog is done (EAP PEAP).
Then a DHCP request follows. which remains unanswered.

On AP4, I have also used tcpdump/wireshark
There, I see also the radius dialog on wlan1.
No DHCP request received though.

Wifi config on AP4:
config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option encryption 'wpa2+ccmp'
        option vlan_file '/etc/config/hostapd1.vlan'
        option vlan_tagged_interface 'eth1'
        option vlan_bridge 'br-vlan'
        option vlan_naming '0'
        option dynamic_vlan '2'
        option auth_port '1812'
        option auth_server '192.168.1.11'
        option auth_secret 'secret'
        option acct_port '1813'
        option acct_server '192.168.1.11'
        option acct_secret 'secret'
        option dae_port '3799'
        option dae_client '192.168.1.11'
        option dae_secret 'secret'
        option nasid 'of2'
        option ssid 'WJG'
        option wds '1'
       
Wifi config on AP5:
config wifi-iface
        option device 'radio0'
        option network 'lan'
        option mode 'sta'
        option ssid 'WJG'
        option encryption 'wpa2+ccmp'
        option eap_type 'peap'
        option identity 'myuser'
        option password 'mypassword'
        option auth 'EAP-MSCHAPV2'
        option wds '1'
        option ca_cert '/etc/config/ca.der'

       
My questions:
- Is it possible to have WDS and WPA Enteprise working together?
- What is the meaning of wlan1.sta1  (I have used tcpdump on this interface, no traffic though).
- Any idea how this can be solved?

Best,

-- JG