• State TI Thinks Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 455 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220S-LAUNCHXL: How to use the EAP method definition in swru455e

XiaozhongZhang
Expert 1925 points
Part Number: CC3220S-LAUNCHXL
Other Parts Discussed in Thread: CC3220S

how these EAP method in swru455e definition correspond to as we all known EAP-MD5, EAP-LEAP, EAP-TLS, EAP-TTLS, EAP-PEAP

• SL_WLAN_ENT_EAP_METHOD_TLS

• SL_WLAN_ENT_EAP_METHOD_TTLS_TLS

• SL_WLAN_ENT_EAP_METHOD_TTLS_MSCHAPv2

• SL_WLAN_ENT_EAP_METHOD_TTLS_PSK

• SL_WLAN_ENT_EAP_METHOD_PEAP0_TLS

• SL_WLAN_ENT_EAP_METHOD_PEAP0_MSCHAPv2

• SL_WLAN_ENT_EAP_METHOD_PEAP0_PSK

• SL_WLAN_ENT_EAP_METHOD_PEAP1_TLS

• SL_WLAN_ENT_EAP_METHOD_PEAP1_PSK

• SL_WLAN_ENT_EAP_METHOD_FAST_AUTH_PROVISIONING

• SL_WLAN_ENT_EAP_METHOD_FAST_UNAUTH_PROVISIONING

• SL_WLAN_ENT_EAP_METHOD_FAST_NO_PROVISIONING

  • 0
    TI__Guru 61956 points
    Hi XiaozhongZhang,

    EAP-MD5 - is not supported (it supposed to be obsolete).

    EAP-TLS - SL_WLAN_ENT_EAP_METHOD_TLS (TLS used to perform both server and client authentication)

    EAP-TTLS - Tunneled TLS (TTLS) only authenticates the server ("authenticator") before opening a secured channel in which the client gets authenticated. The TTLS only defines the first stage of opening the secured channel, so the complete method needs to include the protocol for the client authentication, e.g MSCHAP.
    So basically, all the "SL_WLAN_ENT_EAP_METHOD_TTLS_xxx" methods falls into this category.

    EAP-PEAP - in a similar way to the TTLS, PEAP only defines the secure TLS channel that is based on server authentication and requires the definition for the client authentication protocol. There are two versions of the protocol (0 and 1).
    This includes "SL_WLAN_ENT_EAP_METHOD_PEAP0_xxx" and "SL_WLAN_ENT_EAP_METHOD_PEAP1_xxx".

    EAP-LEAP was a method developed by Cisco. It is now obsolete and replaced by the newer Cisco's "FAST" (Flexible Authentication via Secure Tunneling) methods.

    Br,
    Kobi
  • 0 in reply to Kobi Leibovitch
    Expert 1925 points

    hi Kobi Leibovitch:

    I set up a freeradius server and successfully connect the AP with EAP-PEAP. But my CC3220S cannot connect it.

    my code is below, i have tried all peap related method, but all failed to connect. how to configure the CC3220S or is there some demo code?

    nv_data.SSID_len = 6;

    memcpy((nv_data.SSID),"RADIUS",6);
    nv_data.secParams.Type = SL_WLAN_SEC_TYPE_WPA_ENT;
    nv_data.secParams.KeyLen = 4;
    memcpy((nv_data.secParams.Key),"user1",4);
    nv_data.secParamsEnt.UserLen = 8;
    memcpy((nv_data.secParamsEnt.User),"Usuario1",8);
    nv_data.secParamsEnt.EapMethod = SL_WLAN_ENT_EAP_METHOD_PEAP0_MSCHAPv2;
    secParamsEnt = &(nv_data.secParamsEnt);

    sl_WlanConnect((const signed char *)(nv_data.SSID), nv_data.SSID_len, 0, &nv_data.secParams, secParamsEnt);

  • 0 in reply to XiaozhongZhang
    TI__Guru 61956 points

    Hi,

    Did you register the client’s ceredentials at the server?

    Do you handle the server certificate (ie install the right root CA certificate in the right place on the file system)?

    Also, your keylen is 4, while the value length (“user1”) is 5.

    Br,

    Kobi

  • 0 in reply to Kobi Leibovitch
    Expert 1925 points

    hi Kobi:

    Did you register the client’s ceredentials at the server? yes. I have register 4 client’s ceredentials as below:

    Usuario1 User-Password == "user1"
    Usuario2 User-Password == "user2"
    Usuario3 User-Password == "user3"
    Usuario4 User-Password == "user4"

    Do you handle the server certificate (ie install the right root CA certificate in the right place on the file system)?

    No, I only change the config files users.conf, but my Mobile and my PC can connect my AP.

     Also, your keylen is 4, while the value length (“user1”) is 5.

    Now I change it to 5, it also cannot connect my AP

  • 0 in reply to XiaozhongZhang
    TI__Guru 61956 points
    Hi XiaozhongZhang,

    Mobile devices and PCs have complete certificate store and don't need connection specific handling (for example: you can connect to any https server with providing the certificate for the connection).

    But the simplelink wi-fi has limited resources and need that you install the specific certificates that you use for your connections (install for enterprise = saving the certificates in the file system as reserved files: "/sys/cert/ca.der" etc).
    The certificate catalog that we use contains just the digests of the valid certificates but not the certificates themselves.

    Please follow the exact enterprise connection instructions in swru455e.

    Br,
    Kobi