Not validating the EAP server identity is not really a valid configuration. You need to properly configure the supplicant with a trust anchor and subject name. ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> on behalf of Fishel Erps <[email protected]> Sent: Tuesday, September 22, 2020 1:10:19 PM To: [email protected] <[email protected]> Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
Tim, We use: EAP Method = PEAP Phase 2 = MSCHAPv2 CA Certificate = Unspecified Identity = [username] Password = [password] The credentials trigger the return of a filter-ID from the RADIUS server to the controller, which the controller then uses to put the user into a VLAN. Some android devices that are running version 11 no-longer have an option of “unspecified” under CA Certificate, and none of the other choices seem to work. __________________________________ __________________________________ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-241<tel:212-592-2416>6 E: [email protected]<mailto:[email protected]> _______________________________ Please excuse any typographical errors as this e-mail has been sent from my mobile device _______________________________ On Sep 22, 2020, at 12:04, Tim Cappalli <[email protected]<mailto:[email protected]>> wrote: Can you please provide some basic details? * What exactly is "broken"? * Which EAP method? * Which credential type? * How is/was the supplicant provisioned? * Are only new devices affected or just upgraded devices? ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> on behalf of Fishel Erps <[email protected]<mailto:[email protected]>> Sent: Tuesday, September 22, 2020 12:02 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: [WIRELESS-LAN] Android 11 and WPA-Enterprise Hi, v11 seems to have broken credential authentication for RADIUS and WPA2-Enterprise/802.1x. Has anyone found a workaround? __________________________________ __________________________________ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416<tel:212-592-2416> C: 347-539-6380<tel:347-539-6380> E: [email protected]<mailto:[email protected]> _______________________________ Please excuse any typographical errors as this e-mail has been sent from my mobile device _______________________________ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Cc1cc8384d36d4ea7a02608d85f1a63c9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363914240525482&sdata=XrUKKt1wvdKB9xFzuUH6vexOPHjdWN0kEs2hP%2BGG9ik%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Cc1cc8384d36d4ea7a02608d85f1a63c9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363914240535477&sdata=qUgKhY%2Bdb2sSPQAn1Qx%2BywuNQaBh7uWHyXXM8qfmeGM%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Cc1cc8384d36d4ea7a02608d85f1a63c9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363914240535477&sdata=qUgKhY%2Bdb2sSPQAn1Qx%2BywuNQaBh7uWHyXXM8qfmeGM%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
