What's new

Mobile clients unable to connect to Guest SSID on MikroTik

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

pergolj

New Around Here
Hi there, I am both new to this forum and a newbie in the MicroTik world. We just rolled out a MikroTik wireless network for a client with 2 WLC's and 12 Ap's. The devices are fairly old ones. They contain 2 SSIDS, one for local LAN access that uses Radius authentication, and the other for Guest with internet access only that uses a security passphrase set on the WLC only for authentication.

Currently, laptops are able to connect to the SSID's, however, it seems that no mobile devices at all are able to connect. On Guest, it asks for a username and password (although I believe I only configured it to use a passphrase) and on the LAN one, radius does not work at all.

Is there some special settings I need for the mobile devices? I am using WebFig. Also, why would the Guest be asking for a username?

Please help!

Thanks,

Jim
 
With MicroTik - make very sure you are updated on all their Firmware and Software, that includes WindBox management - they've taken a big beating lately in the security arena...

With Two SSID's and the WLC, each SSID should be assigned a VLAN, and each should have appropriate security and policy treatment according to your org's needs...

@System Error Message - he's kind of our MicroTik guru/smart guy - I'm sure he might have some additional insight that is MicroTik specific...
 
sfx2000, thanks for your reply. Each SSID does have it's own vlan. The laptops can connect to both SSID's but the mobile devices can't connect to either. Not sure I can get the firmware any higher than it currently is as the client has no support contract with MikroTik. :-( Anyway, I've been at this 2 days now and just can't seem to figure out what's wrong. Any help would be appreciated! Also, I reached out to @System Error Messgae, thanks!

Jim
 
sfx2000, thanks for your reply. Each SSID does have it's own vlan. The laptops can connect to both SSID's but the mobile devices can't connect to either. Not sure I can get the firmware any higher than it currently is as the client has no support contract with MikroTik. :-( Anyway, I've been at this 2 days now and just can't seem to figure out what's wrong. Any help would be appreciated! Also, I reached out to @System Error Messgae, thanks!

Jim
could you show your wifi configuration? And do your mobiles connect without vlan?
 
Hi there. So, last night I created a new Guest SSID, security cfg, datapath, etc and set it as an additional slave on the provision and pushed it to the AP's. With the exception of the name, it was identical to the original Guest SSID. And it worked, no username required. So I deleted the original Guest cfgs and renamed the new one. I am waiting for test results from the client.

Not sure why the original did not work. As far as your question about mobiles connecting without a vlan, I am not sure I completely understand but we do have vlan 32 dedicated to Guest Wireless. There's no vlan defined on the phones, it just lives on the WLC/AP's. We also have vlan 16 for main WLAN (non guest).

Here's some config, please let me know if you would like to see more...

[jpergolizzi@usfrewlc01] /caps-man> configuration print
0 name="ENPHASE" mode=ap ssid="ENPHASE" security=ENPHASE security.authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap
security.eap-radius-accounting=no datapath=ENPHASE
1 name="EEGuest" mode=ap ssid="EEGuest" security=EEGuest security.passphrase="xxxxx" datapath=EEGuest

[jpergolizzi@usfrewlc01] > caps-man datapath print
0 name="ENPHASE" client-to-client-forwarding=yes local-forwarding=yes vlan-mode=use-tag vlan-id=16
1 name="EEGuest" local-forwarding=yes vlan-mode=use-tag vlan-id=32 interface-list=all

[jpergolizzi@usfrewlc01] > caps-man security print
0 name="ENPHASE" authentication-types=wpa2-eap encryption=aes-ccm eap-methods=passthrough
1 name="EEGuest" authentication-types=wpa2-psk encryption=aes-ccm passphrase="xxxxxx"

[jpergolizzi@usfrewlc01] > caps-man provisioning print
Flags: X - disabled
0 radio-mac=00:00:00:00:00:00 hw-supported-modes="" identity-regexp="" common-name-regexp="" ip-address-ranges="" action=create-dynamic-enabled
master-configuration=ENPHASE slave-configurations=EEGuest name-format=cap name-prefix=""

Thanks!

Jim
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top