nbctcp
(nbctcp)
February 10, 2019, 10:42am
1
Above example is in Mikrotik
QUESTIONS:
I need input on how to disable "WPA2 EAP" and enable TKIP in cnMaestro and E410
REASON
1. WPA2 EAP need to be disabled in order old iPad can connect successfully
2. TKIP need to be enabled for old Samsung Galaxy Tab can connect
tq
To enabled EAP, please follow the instructions HERE .
To enable TKIP, please enabled telnet or SSH to the radio, and enter these commands via the CLI:
E400-AP(config)# wireless wlan <ID> E400-AP(config-wlan-<ID>)# allow-tkip E400-AP(config-wlan-<ID>)# save
nbctcp
(nbctcp)
February 10, 2019, 11:41pm
3
1. do you mean EAP only enabled by choosing Enterprise Security?
in other word, its disabled if I am not using Enterprise Security?
2. your way using CLI to enable TKIP
Is that possible to enable TKIP using AP GUI or cnMaestro?
or maybe there is no checkbox to enable TKIP in GUI, that's why you use CLI
firefly
(firefly (inactive))
February 11, 2019, 10:29pm
5
@Eric Ozrelic wrote:
@nbctcp wrote:
1. do you mean EAP only enabled by choosing Enterprise Security?
in other word, its disabled if I am not using Enterprise Security?
Correct.
2. your way using CLI to enable TKIP
Is that possible to enable TKIP using AP GUI or cnMaestro?
or maybe there is no checkbox to enable TKIP in GUI, that's why you use CLI
You must use the CLI to enable TKIP... this option is not available in the GUI.
TKIP is not in the GUI as the Wi-Fi Alliance recommends vendors not support TKIP configuration on primary device interfaces due to it being a vulnerable protocol: https://www.wi-fi.org/file/technical-note-removal-of-tkip-from-wi-fi-devices
We have support for it, and it is exposed through the CLI for backward compatibility with older clients. This still provides two configuration options:
1. if the AP is used standalone, you can ssh to the AP and make this configuration change.
2. if you are using cnMaestro to manage the AP, you can use device overrides:
wireless wlan 1
allow-tkip
nbctcp
(nbctcp)
February 12, 2019, 4:52pm
6
I am following your steps, but "allow-tkip" didn't appear in my E410 config
What's wrong
tq
nbctcp
(nbctcp)
February 12, 2019, 10:24pm
7
FIXED
allow-tkip is conflict with 802.11w, so 802.11w State need to be disabled
1 Like
firefly
(firefly (inactive))
February 18, 2019, 11:34pm
8
thank you for noting that. We'll update the CLI help (or better, try to handle this internally within the AP so user does not have to tweak it)