Zero touch ePMP install with WPA2 Pre-shared Key

Is it possible to onboard (to an onsite cnMaestro) an ePMP device without installer intervention (so called zero touch) when it connects via an AP (also an ePMP) that requires a WPA2 Pre-shared Key?

I can get this to work when the SM installer "Add"s the target AP as a preferred AP and supplies the Key. Even though the factory default SM makes a temporary connection to the AP, its DHCP request never makes it to the server. Only after supplying the WPA2 Key does the DHCP request get forwarded to the AP net. I was hoping the DHCP request would be honoured and then when the DHCP server was satisfied it was a vailid request, send an offer. Option 66 is enabled by default and so the target config could then include the AP credentials. Even in the circumstance when the key is supplied, the SM never requests option 66 and the server (a Mikrotik) never supplies it. Option 42 is included in the offer but it looks like the SM ignores that and instead it is the AP (which has Zero touch enabled) that engineers the connection between the SM and our onsite cnMaestro. Once connected and displayed (which takes a frustrating age), updating the SM config using a template and variables works brilliantly. With or without the key, despite option 66 being enabled by default, it doesn’t work. I’m not sure I need it to work but an explanation would be good. Option 66 problems aside, can I get a config onto the SM without the installer knowing the WPA2 key?

On the same Mikrotik DHCP server, option 66 works perfectly well for cnPilot routers.

According to Eddie Stephanou, our local Cambium support, the bottom line is “No”. If you use a Key, you must locally connect to the SM and supply it.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.