• State Not Answered
  • Replies 4 replies
  • Subscribers 86 subscribers
  • Views 213 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 355487
Options

WPA3 entreprise with EAP-TTLS-MSCHAPv2 is not working

MOHAMED Kallel

I am evaluating the board nrf3054-dk + nrf7002-ek

I build and run the sample project  net/samples/wifi/shell on my board

when I compiled the project, I added the following params to proj.conf in order to support wpa3 enterprise:

CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE=y
CONFIG_WIFI_NM_WPA_SUPPLICANT_WPA3=y



I have AP configured with WPA3 enterprise

I tried to connect my board nrf3054-DK + nrf7002-EK with the following command:

uart:~$ wifi connect -s "RYSE-SmartBridge-4B19" -k 14 -S 3 -w 2 -I "bob" -P "test"

- k 14 : EAP-TTLS-MSCHAPv2

but the connection fails.
what I am missing ?

Parents
  • 0

    Hi,

    It seems like you are trying to use EAP-TTLS which requires TLS and CA certificate. 

    In proj.conf, you need to also enable EAP and TTLS support. Try with the following:

    CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP=y

    CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP_TTLS=y

    CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP_MSCHAPV2=y

    In addition to this, you have to make sure Zephyr TLS and mbedTLS are enabled. You also have to get the CA certificate used by your WiFi or RADIUS server and add it to the firmware. Ensure that PMF isn't disabled. In the command that you are using, typically both outer identity and inner identity are needed. Using only one may also result in EAP failure. 

    Let me know if you have any further questions. 

  • 0 in reply to Samruddhi Jadhav

    thank you for your feedback

    I already tested the wifi shell program with WPA2 ent and it worked without adding the params you specified in your feedback

    CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP=y
CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP_TTLS=y
CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP_MSCHAPV2=y


    and it worked without adding certificates on the nrf device

    but when I tested the program with wpa3 then it fails.

    btw, I added these param in proj.conf but the compilation fails with the following info:


    attempt to assign the value 'y' to the undefined symbol
WIFI_NM_WPA_SUPPLICANT_EAP
WIFI_NM_WPA_SUPPLICANT_EAP_TTLS


    and also my command already contains the MFP enabled as you can see in my command: -w 2
    and by default theccommad ignore the cert check(default behaviour)


Reply
  • 0 in reply to Samruddhi Jadhav

    thank you for your feedback

    I already tested the wifi shell program with WPA2 ent and it worked without adding the params you specified in your feedback

    CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP=y
CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP_TTLS=y
CONFIG_WIFI_NM_WPA_SUPPLIANT_EAP_MSCHAPV2=y


    and it worked without adding certificates on the nrf device

    but when I tested the program with wpa3 then it fails.

    btw, I added these param in proj.conf but the compilation fails with the following info:


    attempt to assign the value 'y' to the undefined symbol
WIFI_NM_WPA_SUPPLICANT_EAP
WIFI_NM_WPA_SUPPLICANT_EAP_TTLS


    and also my command already contains the MFP enabled as you can see in my command: -w 2
    and by default theccommad ignore the cert check(default behaviour)


Children
No Data
Related
Terms of service