• State TI Thinks Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 171 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF: Enterprise Security (WPA_ENT) with PEAP0_MSCHAPv2 is not working on CC3220SF

Ravindra Singh
Prodigy 10 points
Part Number: CC3220SF
Other Parts Discussed in Thread: UNIFLASH

Dear TI Team,

We are trying Enterprise Security with PEAP0_MSCHAPv2, but it is not working. Can someone look into this and provide support here ?

Set up details:

SSID = mysys_wifi
Key = 3210 
Enterprise user name = employee
Anonymous username is not known to us, so we leave that blank. In any case, we did not get an anonymous username
Extensible Auth protocol should be PEAP0_MSCHAPv2
 
//However, no connection is made when we send this command, an OK comes up, but nothing else.
AT+wlanconnect=mysys_wifi,,WPA_ENT,3210,employee,,PEAP0_MSCHAPv2
OK
 
If we run a scan, we get this result: wlanscan:


+wlanscan:mysys_wifi,0x7e:0x8a:0x20:0x8d:0xf4:0xb8,-53,1,wpa2,0,ccmp,802_1_x
+wlanscan:macsys-secure,0x78:0x8a:0x20:0x8d:0xf4:0xb8,-52,1,wpa2,0,ccmp,802_1_x
+wlanscan:TelenetWiFree,0x3a:0x43:0x3d:0x32:0xb1:0x10,-90,6,wpa_wpa2,0,ccmp,psk
+wlanscan:mysys_wifi,0x7e:0x8a:0x20:0x8d:0xf5:0x4d,-76,1,wpa2,0,ccmp,802_1_x
+wlanscan:mysys_wifi,0x7e:0x8a:0x20:0x8d:0xf6:0x33,-90,1,wpa2,0,ccmp,802_1_x
+wlanscan:Galaxy S228DEA,0x72:0x3d:0x16:0x27:0x29:0xcb,-90,6,wpa2,0,ccmp,psk
+wlanscan:macsys-secure,0x78:0x8a:0x20:0x8d:0xf6:0x33,-91,1,wpa2,0,ccmp,802_1_x
+wlanscan:macsys-secure,0x78:0x8a:0x20:0x8d:0xf5:0x4d,-75,1,wpa2,0,ccmp,802_1_x
+wlanscan:telenet-93791,0x38:0x43:0x7d:0x32:0xb1:0x10,-89,6,wpa2,0,ccmp,psk
 

Thanks &Regards,

Ravindra Singh

  • 0
    Guru 73205 points

    Hi Ravindra,

    Do you have uploaded CA file (/sys/cert/ca.der) inside filesystem? If not, upload this file or disable server authentication via DISABLE_ENT_SERVER_AUTH. You need to check at your RADIUS server whether TLS 1.0 is enabled.

    Jan

  • 0 in reply to Jan D
    Prodigy 10 points

    Ok i will check and let you know the feedback

  • 0 in reply to Jan D
    Prodigy 10 points

    Hello Jan D,

    I have following feedback:

    The TLS version used is TLS 1.2 and would not work with a certificate. 

    If we have to upload a certificate file, where do we get it?  Or do we need to set something for that?

    Can you please check and provide inputs.

    Thanks &Regards,

    Ravindra Singh

  • 0 in reply to Ravindra Singh
    TI__Guru 61406 points

    see chapter 4.2.6 in https://www.ti.com/lit/swru455.

    As Jan mentioned, the CC3220 only supports WPA_ENT connection with TLS 1.0 (so if the server requires TLS1.2 - the connection will fail).

  • 0 in reply to Kobi Leibovitch
    Guru 73205 points

    Hi,

    As Kobi said, you will not be able connect with WPA2-EAP when TLS 1.2 is supported by RADIUS server only. You need to enable TLS 1.0 at your RADIUS server. E.g. for FreeRADIUS TLS 1.0 can be enabled via EAP configuration file (/mods-enabled/eap) and option tls_min_version = "1.0".

    CA file you can get from administrator of your RADIUS server. File can be uploaded into filesystem (/sys/cert/ca.der) using Uniflash software of filesystem API. But if you want disable authentication against CA, you can do this using API DISABLE_ENT_SERVER_AUTH before EAP connection attempt.

    Jan