Hi,
Is it possible to connect to wifi with wpa2 enterprise security?
I don’t find any example nor documents about this.
Regards
WiFi EAP support is only enabled in the full SDK, which requires signing an NDA to access.
@wyy thanks for the answer, can you send me the NDA, or the link related to the NDA?
1 Like
you can refer to this post for NDA information
1 Like
I would also be interested in this topic. Although I have almost successfully connected to my network. According to the Radius server log seemingly the module was able to connect. But the on the module side the output log shows the following.
————————————————
__eap_eapol_recvd_hdl(22,0)
94 C9 60 19 28 91 AC 84 C6 36 19 32 88 8E 02 00 00 04 03 09 00 04
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: sta recv deauth reason code(15) sta:ac:84:c6:36:19:32
wifi_indication():Disconnection indication received
————————————————
On Radius server side I get the following. This log is very similar to what I get when a windows machine is successfully connecting to my network.
————————————————
(9) eap_peap: Success
(9) eap: Sending EAP Success (code 3) ID 9 length 4
(9) eap: Freeing handler
(9) [eap] = ok
(9) } # authenticate = ok
(9) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(9) post-auth {
(9) update {
(9) No attributes updated
(9) } # update = noop
(9) [exec] = noop
(9) policy remove_reply_message_if_eap {
(9) if (&reply:EAP-Message && &reply:Reply-Message) {
(9) if (&reply:EAP-Message && &reply:Reply-Message) → FALSE
(9) else {
(9) [noop] = noop
(9) } # else = noop
(9) } # policy remove_reply_message_if_eap = noop
(9) } # post-auth = noop
(9) Login OK: [cflt/] (from client AP port 32 cli 94c960192891)
(9) Sent Access-Accept Id 2 from 192.168.0.126:1812 to 192.168.0.1:38542 length 0
(9) MS-MPPE-Recv-Key = 0xd74753270083f52d1fec8859cb1e57fb8b2b3262b9689464014ea9b0e996b46d
(9) MS-MPPE-Send-Key = 0xafda18dacf1663e67ddc22d07fad9800b5d196fa3ab0fbb42560277d09cefd5f
(9) EAP-Message = 0x03090004
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) User-Name = “cflt”
(9) Finished request
Waking up in 4.9 seconds.
(9) Cleaning up request packet ID 2 with timestamp +44
————————————————
If the connection depends on a special library to have, I would sign the NDA to get them.
I am also very interested in this. Does this same private SDK work for the RTL8720DN?
Yes, the NDA SDK applies to RTL 8720/8721/8722 DN/DM/DF
Has this changed at all? This post seems to suggest that WiFi EAP is now publicly available.
This has changed, the EAP feature and sample code has been added to the GitHub SDK.
1 Like
It’s really unfortunate that this important feature - which makes the BW16 applicable to many more use cases - was deliberately kept out of the public SDK for so long.
Personally, I gave up on the BW16 months ago because of this very issue. I even submitted a request to sign an NDA and access the private SDK, but I never heard anything back. While I’m glad to hear that EAP is finally public, I don’t quite get this whole public/private SDK thing 
Hi,
I’m trying to connect to my AP (configured as WPA2/Enterprise) but having troubles.
My router logs shows the following errors:
[ERROR]WPAValidateRSNIE : invalid AKM !!!
APBuildAssociation : invalid status code(43) !!!
And the logs from BW16 module:
==================== tls_start ====================
RTL8721D[Driver]: set ssid [ASUS5G]
RTL8721D[Driver]: rtw_restruct_sec_ie[4275]: no pmksa cached
RTL8721D[Driver]: start auth to 50:eb:f8:18:88:44
RTL8721D[Driver]: auth alg = 0
RTL8721D[Driver]:
OnAuthClient:algthm = 0, seq = 2, status = 0, sae_msg_len = 0
RTL8721D[Driver]: auth success, start assoc
RTL8721D[Driver]: assoc reject, status code: 43
dissconn reason code: 43
assoc stage, assoc reject (assoc rsp status > 0)
ERROR: connect to AP by tls failed
==================== tls_finish ====================
The module cannot connect to my router (model: ASUS RT-AX53U).
I do have fully configured WPA/WPA2 Enterprise network (with radius server and valid certificates)
which does work on my 3 computers. Now I’m trying to connect my IoT device (based on BW16) using the example code with modified fields (eap_ca_cert, eap_client_cert, eap_client_key) as suggested (https://github.com/ambiot/ambd_sdk/blob/dev/component/common/example/eap/example_eap.c) but so far without success.
I went through the steps described in the example many times to check it is all done. The code compiles without errors and runs on the device.
I’ve even tried to modify the SDK source as I noticed “suspicious” function usage:
connect_by_open_system(char *target_ssid)
where inside we have:
ret = wifi_connect(target_ssid,
RTW_SECURITY_OPEN,
NULL,
strlen(target_ssid),
0,
0,
NULL);
I have tried to change RTW_SECURITY_OPEN → RTW_SECURITY_WPA_WPA2_AES_ENTERPRISE
…but got another error saying this type is not supported.
I’m out of ideas what goes wrong.
Please help!
Do you have an example you could share @jrr? I’m trying to get started with the SDK as WPA2 enterprise isn’t in the arduino environment yet.
Thanks,
Josh
Which protocols are supported by the SDK, regarding the 802.1X Network standard?
In other words, which protocols of WPA, WPA2, WPA3 are supported by the SDK?
After many, many hours I finally managed to connect to a router based on OpenWRT firmware, using a certificate (for EAP-TLS method).
However, it only works when the “security type” on my WiFi network is set to:
“WPA Enterprise - medium security”.
It does NOT work when is set to : “WPA2 Enterprise - strong security” - the one I need to use.
I tried to dig in the router logs, changing its severity level etc, and the last error message I found says:
“Failed to initialize RSN state machine” which comes from “hostapd” process of the OpenWRT system. It does not tell me much.
Please help to make it work with WPA2 protocol (not the WPA only).
Hi,
I am working on bringup of enterprise security EPA-PEAP method on the RTL8721DM SOC board.
I am referring to the eap example shared in this sdk - ambd_sdk/component/common/example/eap/readme.txt at dev · ambiot/ambd_sdk · GitHub
But I am getting below errors:
==================== peap_start ====================
RTL8721D[Driver]: set ssid [Test_EAP]
RTL8721D[Driver]: rtw_set_wpa_ie[1160]: AuthKeyMgmt = 0x1
RTL8721D[Driver]: rtw_restruct_sec_ie[4293]: no pmksa cached
RTL8721D[Driver]: start auth to 00:08:2f:32:cd:76
RTL8721D[Driver]: auth alg = 0
RTL8721D[Driver]:
OnAuthClient:algthm = 0, seq = 2, status = 0, sae_msg_len = 0RTL8721D[Driver]: auth success, start assoc
RTL8721D[Driver]: association success(res=15)
wlan1: 1 DL RSVD page success! DLBcnCount:01, poll:00000001
[eap_recvd] _freertos_mutex_get_timeout(0x100266e0) failed, retry
device lock timeout: 2RTL8721D[Driver]: no beacon for a long time, disconnect or roaming
dissconn reason code: 65535
connected stage, loss beaconERROR: connect to AP by peap failed
==================== peap_finish ====================
Did you observed any of these errors. especially beow error:
[eap_recvd] _freertos_mutex_get_timeout(0x100266e0) failed, retry
device lock timeout: 2
In your case it looks like we it is able to connect to the RADIUS server. Can you please let me know the steps you followed and any source code.
Thanks,
Manoj
I am getting same message dissconn reason code: 43 from Cisco/Meraki MR-52 AP.
I have been looking into this and it seems the ameba SDK is not setting AKM section inside the RSN request:
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 16
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Auth Key Management (AKM) Suite Count: 0
Auth Key Management (AKM) List
RSN Capabilities: 0x0000
whereas an example where this works with another wifi client (ESP8266):
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 20
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Group Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
Group Cipher Suite type: AES (CCM) (4)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) WPA
Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) WPA
Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
Auth Key Management (AKM) type: WPA (1)
RSN Capabilities: 0x0000