Hello- Anyone here running EAP-TTLS with ePMP F300 gear? We’ve run this way since 2016, through multiple firmware iterations. Everything works as expected with N clients, regardless of AP. All AC clients have intermittent, repeatable issues, regardless of AP. Opened a support ticket a year ago…

Which radius and eap-ttls implication are you using. We demo’d a windows based system but had nothing but issues. Went back to freeradius3 on debian and cant say there is any eap-ttls issues. We do have the odd radio stop passing data here and there but it is not specific to a hardwarw generation a…

I’ll have to check specific releases, but IIRC, we’re running CentOS and Free RADIUS from about 5 years ago. Built the VM when we started moving to ePMP and that is its sole purpose.

The centos version of freeradius had issues (centos based iircc). My suggestion: If you are using an sql backend, spin up a debian 10 vm and test it.

For the archives… Late to the party here, but we found that the N-based devices (Force 100, ePMP1000, etc.) would complete radius requests if you ignored CHAP just fine. But if you don’t actually complete the CHAP challenge/handshake on AC-based devices, they go into an infinite loop and never con…

Never seen that on our N based devices…Definitely true for the AC based devices! Just tried it on the test network and it failed spectacularly! We use the MAC as the username so this is probably why we didnt see this before.

@khoff Are you saying that the F300 doesn’t connect at all or that it may intermittently get stuck in a loop? Our issue is that there is no failure on the RADIUS server. The F300 stays connected to the AP, it just stops passing traffic. We’ve tested on multiple firmware versions, multiple AP revi…

In the case I was describing, the F300 would connect enough to begin the TTLS handshake, but on the RADIUS server, you would see and endless loop of the same RADIUS requests. What you’re describing sounds like a bug we reported when using the F300 with RADIUS and VLANs on earlier versions of the fi…

Here are the scenarios we can break the radio in: straight bridged. bridged with separate mgmt and data vlans nat with a shared mgmt & data vlan We obviously haven’t tested every scenario. The commonality above is EAP-TTLS. If I switch to WPA2-PSK, problem goes away. We are not passing VLAN d…

In our case, it was bridged SMs, data/mgmt VLAN configured on the CPE (not by RADIUS VSA), and EAP-TTLS for auth. Switching to PSK resolved the issue in testing. Are you running 4.5.4 or newer on the SM? If not, start there. If it helps, you can reference our ticket 214959.

We can reproduce the issue all the way up to 4.6.2. Some of the top level Cambium techs get auto-generated email blasts from us when our test units drop. They’re well aware there is an issue. I was hoping someone else found a work around because “we’re working on it” as their monthly update is ge…

Anyone else using EAP-TTLS with ePMP?

Products ePMP

Simon_King (Simon King) February 28, 2022, 9:28am 23

This one, perhaps?