This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Compiler/CC3235S: How to config CC3235S enterprise WIFI?

Part Number: CC3235S
Other Parts Discussed in Thread: UNIFLASH,

Tool/software: TI C/C++ Compiler

I input WiFi password in simple link web, and connect to WiFi after confirm. But it can't connect to the enterprise WiFi. As shown in the figure, it is the setting reference of enterprise WiFi. CA file is not needed. Set EAP-PEAP0 with MSCHAP under the enterprise menu of the web page, and enter the user name and password. WiFi cannot be connected. The SDK version is 3.40.00.05.

1. If the server does not need CA files, need to set param to 1?

2. Need to add corresponding files in uniflash?

  • Hi,

    You should be able to connect to your EAP network with PEAP/MSCHAPv0 authentication on the CC3235.

    With my EAP network setup to allow for PEAP/MSCHAPv0, I was able to successfully connect on my cc3235s launchpad by modifying the network terminal slightly to select the correct EAP security settings.

    After importing the network_terminal example from the SDK, edit wlan_cmd.c so that the server authentication is disabled:

        /* Set device time and date before connection to ENT network, if needed */
        if(ConnectParams.secParamsEnt.User != NULL)
        {
            ret =
                sl_DeviceSet(SL_DEVICE_GENERAL, SL_DEVICE_GENERAL_DATE_TIME,
                             sizeof(SlDateTime_t),
                             (uint8_t *)(&ConnectParams.dateTime));
            ASSERT_AND_CLEAN_CONNECT(ret, DEVICE_ERROR, &ConnectParams);
    
            uint8_t param= 0;
            /* 1 meansdisablethe serverauthentication*/
            ret=sl_WlanSet(SL_WLAN_CFG_GENERAL_PARAM_ID,SL_WLAN_GENERAL_PARAM_DISABLE_ENT_SERVER_AUTH,1,&param);
            /* Connect to ENT AP */
            ret =
                sl_WlanConnect((const signed char *)(ConnectParams.ssid),
                               strlen(
                                   (const char *)(ConnectParams.ssid)), 0,
                               &(ConnectParams.secParams),
                               &(ConnectParams.secParamsEnt));
            ASSERT_AND_CLEAN_CONNECT(ret, WLAN_ERROR, &ConnectParams);
        }

    Then, modify cmd_parser.c so that the correct enterprise settings for PEAP/MSCHAPv0 will be selected:

    int32_t ParseConnectCmd(void *arg, ConnectCmd_t *ConnectParams)
    {
        char cmdStr[CMD_BUFFER_LEN + 1];
        char                 *token = NULL;
        char                 *ssid = NULL;
        char                 *password = NULL;
        char                 *security = NULL;
        char                 *ip = NULL;
        char                 *gw = NULL;
        char                 *dns = NULL;
        char                 *entUserName = NULL;
        uint8_t help = FALSE;
    
        strncpy(cmdStr, (char*) arg, CMD_BUFFER_LEN);
        cmdStr[CMD_BUFFER_LEN] = '\0';
        token = strtok(cmdStr, space_str);
    
        if(token == NULL)
        {
            help = TRUE;
        }
    
        ConnectParams->ip = NULL;
        ConnectParams->dns = NULL;
        ConnectParams->gw = NULL;
    
        while(token)
        {
            if(!strcmp(token, help_optionStr))
            {
                help = 1;
            }
            else if(!strcmp(token, s_optionStr))
            {
                ssid = strtok(NULL, "\"");
            }
            else if(!strcmp(token, p_optionStr))
            {
                password = strtok(NULL, "\"");
            }
            else if(!strcmp(token, t_optionStr))
            {
                security = strtok(NULL, space_str);
            }
            else if(!strcmp(token, ip_optionStr))
            {
                ip = strtok(NULL, space_str);
            }
            else if(!strcmp(token, dns_optionStr))
            {
                dns = strtok(NULL, space_str);
            }
            else if(!strcmp(token, gw_optionStr))
            {
                gw = strtok(NULL, space_str);
            }
            else if(!strcmp(token, ent_optionStr))
            {
                entUserName = strtok(NULL,  "\" ");
            }
            else
            {
                SHOW_WARNING(-1, CMD_ERROR);
                help = TRUE;
                break;
            }
            token = strtok(NULL, space_str);
        }
    
        if(help)
        {
            printWlanConnectUsage(arg);
            return(-1);
        }
    
        if((ssid != NULL) && (strlen(ssid) <= SL_WLAN_SSID_MAX_LENGTH))
        {
            ConnectParams->ssid = (uint8_t *)calloc(sizeof(uint8_t),strlen(
                                                        ssid) + 1);
            strcpy((char *)ConnectParams->ssid, ssid);
        }
        else
        {
            UART_PRINT("\r\n[Cmd Parser] : Invalid SSID.\n\r");
            return(-1);
        }
    
        if(ip)
        {
            ConnectParams->ip = calloc(sizeof(uint8_t),strlen(ip));
            strcpy((char *)ConnectParams->ip, ip);
        }
    
        if(gw)
        {
            ConnectParams->gw = calloc(sizeof(uint8_t),strlen(gw));
            strcpy((char *)ConnectParams->gw, gw);
        }
    
        if(dns)
        {
            ConnectParams->dns = calloc(sizeof(uint8_t),strlen(dns));
            strcpy((char *)ConnectParams->dns, dns);
        }
    
        if(!security)
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_OPEN;
        }
        else if(!strcmp(security, WPA_str))
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WPA_WPA2;
        }
        else if(!strcmp(security, WPA2_str))
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WPA_WPA2;
        }
        else if(!strcmp(security, WEP_str))
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WEP;
        }
        else if(!strcmp(security, WPS_str) && !password)
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WPS_PBC;
        }
        else if(!strcmp(security, WPS_str) && password)
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WPS_PIN;
        }
        else if(!strcmp(security, OPEN_str))
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_OPEN;
        }
        else if(!strcmp(security, WPA3_str))
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WPA3;
        }
        else if(!strcmp(security, WPA2_PLUS_str))
        {
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WPA2_PLUS;
        }
        else
        {
            UART_PRINT(
                "\r\n [Cmd Parser] : Parser expected security type "
                "parameter [OPEN, WEP, WPA, WPA2, WPA3, WPS].\n\r");
            return(-1);
        }
    
        if((password != NULL) && (strlen(password) <= PASSWD_LEN_MAX))
        {
            ConnectParams->secParams.KeyLen = strlen(password);
            ConnectParams->secParams.Key = (signed char *)calloc(
                sizeof(uint8_t), ConnectParams->secParams.KeyLen + 1);
            strncpy((char *)ConnectParams->secParams.Key, password,
                    ConnectParams->secParams.KeyLen);
        }
        else if(ConnectParams->secParams.Type != SL_WLAN_SEC_TYPE_OPEN)
        {
            UART_PRINT("\r\n[Cmd Parser] : Invalid Password.\n\r");
            return(-1);
        }
    
        if(entUserName)
        {
            ConnectParams->secParamsEnt.UserLen = strlen(entUserName);
            ConnectParams->secParamsEnt.User = calloc(
                sizeof(uint8_t), ConnectParams->secParamsEnt.UserLen);
            strcpy(ConnectParams->secParamsEnt.User, entUserName);
            ConnectParams->secParamsEnt.AnonUser = NULL;
            ConnectParams->secParamsEnt.EapMethod =
                    SL_WLAN_ENT_EAP_METHOD_PEAP0_MSCHAPv2;
            ConnectParams->secParams.Type = SL_WLAN_SEC_TYPE_WPA_ENT;
            ConnectParams->dateTime.tm_year = DEVICE_YEAR;
            ConnectParams->dateTime.tm_mon = DEVICE_MONTH;
            ConnectParams->dateTime.tm_day = DEVICE_DATE;
        }
    
        return(0);
    }
    

    Once you have rebuilt the network_terminal example, run it on your cc3235 and then execute the following command:

    wlanconnect -s "SSID" -t WEP -p "password" -ent "test"

    The above command assumes that the SSID is simply SSID and the enterprise username and password is test and password respectively. Replace the above options for the SSID, enterprise username and password that corresponds to your network, and it should connect. Do note that disabling server authentication has security implications, as it would allow an attacker to easily spoof your network simply by setting up another AP with an identical SSID and is not recommended.

    Let me know if that doesn't work for you, or if you have further questions on using the CC3235 with enterprise connections.

    Regards,

    MIchael


  • thank you for your reply. I made changes according to your code, the following picture is the information printed by the serial port. Regardless of whether the server authentication setting is 0 or 1, the result is the same. However, the feedback from the server is different. If set to 0, the result is: 

    Deauth from sta: 90:e2:02:1f:ab:41: AP 192.168.65.7-9c:8c:d8:23:3f:a1-9c:8c:d8:ca:33:fa Reason Response to EAP Challenge Failed

    Deauth from sta: 90:e2:02:1f:ab:41: AP 192.168.65.7-9c:8c:d8:23:3f:a1-9c:8c:d8:ca:33:fa Reason STA has left and is deauthenticated

    If set to 1, the result is: 

    Deauth from sta: 90:e2:02:1f:ab:41: AP 192.168.65.7-9c:8c:d8:23:3f:a1-9c:8c:d8:ca:33:fa Reason Unspecified Failure

  • The server authentication should be set to 0. The spec is wrong.

  • We have built a Mini PC AP environment, like the company's network configuration. And can connect to the enterprise network.

    However, the company's network is still can not be connected, presumably due to the addition of a controller that to kick out low-speed 2.4G devices.

    Now we can also use the profile of web page to configure the enterprise network. Thank you very much!