Hi,
I experience problems with WDS and WPA2 enterprise.
There are two access points:
- AP4: the access point that provides access to the wired network, Openwrt (trunk r49390) with wpad - 2016-01-15-2, TP Link Archer C7, v2
- AP5: the device that should connect to AP4 (the station) and provides wired access to some clients, Openwrt (trunk r49390), with wpad - 2016-01-15-2
If I use a laptop to connect to AP4 directly, the laptop associates with AP4, obtains the correct VLAN from Packetfence, and there is connectivity.
If I use WPA *personal*, AP5 connects correctly to AP 4 via WDS.
However, WDS in combination with WPA *Enterprise* fails.
AP5 associates with AP4:
On AP4:
iw dev wlan1.20 station dump:
Station <AP5 mac address> (on wlan1.20)
inactive time: 500 ms
rx bytes: 7532
rx packets: 35
tx bytes: 4537
tx packets: 18
tx retries: 0
tx failed: 0
signal: -25 [-30, -28, -33] dBm
signal avg: -25 [-29, -29, -32] dBm
tx bitrate: 1.0 MBit/s
rx bitrate: 104.0 MBit/s MCS 13
expected throughput: 0.640Mbps
authorized: yes
authenticated: yes
preamble: short
WMM/WME: yes
MFP: no
TDLS peer: no
connected time: 43 seconds
Also, wlan1.20 seems to be put in the right VLAN:
On AP4:
brctl show
br-vlan20 7fff.60e327e20688 no eth1.20
wlan1.20
I have used Wireshark/tcpdump to examine the traffic of AP4 (the wireless interface), both on AP4 and AP5:
On AP5, I see that the radius dialog is done (EAP PEAP).
Then a DHCP request follows. which remains unanswered.
On AP4, I have also used tcpdump/wireshark
There, I see also the radius dialog on wlan1.
No DHCP request received though.
Wifi config on AP4:
config wifi-iface
option device 'radio1'
option mode 'ap'
option encryption 'wpa2+ccmp'
option vlan_file '/etc/config/hostapd1.vlan'
option vlan_tagged_interface 'eth1'
option vlan_bridge 'br-vlan'
option vlan_naming '0'
option dynamic_vlan '2'
option auth_port '1812'
option auth_server '192.168.1.11'
option auth_secret 'secret'
option acct_port '1813'
option acct_server '192.168.1.11'
option acct_secret 'secret'
option dae_port '3799'
option dae_client '192.168.1.11'
option dae_secret 'secret'
option nasid 'of2'
option ssid 'WJG'
option wds '1'
Wifi config on AP5:
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'sta'
option ssid 'WJG'
option encryption 'wpa2+ccmp'
option eap_type 'peap'
option identity 'myuser'
option password 'mypassword'
option auth 'EAP-MSCHAPV2'
option wds '1'
option ca_cert '/etc/config/ca.der'
My questions:
- Is it possible to have WDS and WPA Enteprise working together?
- What is the meaning of wlan1.sta1 (I have used tcpdump on this interface, no traffic though).
- Any idea how this can be solved?
Best,
-- JG