Menu
I've seen examples for ESP8266 chip Wifi clients logging onto a WPA2 personal network.
However, is it possible for an ESP8266 client to login to an enterprise network?
842
WPA2-Enterprise has been around since 2004 and is still considered the gold standard for wireless network security, delivering over-the-air encryption and a high level of security.
The main difference between these security modes is in the authentication stage. WPA2 Enterprise uses IEEE 802.1X, which offers enterprise-grade authentication. WPA2 Personal uses pre-shared keys (PSK) and is designed for home use. However, WPA2 Enterprise is specifically designed for use in organizations.
With AES encryption standards, data communication is highly secure. So it is not possible to crack if it is up to its standards. However, there may be vulnerable spots.
I have a board with an ESP8266 chip running Micropython firmware v1.8.7. My requirement is to use WebREPL via the University Wi-Fi, which uses WPA2 Enterprise EAP-MSCHAPv2 authentication.
My requirement is to use WebREPL via the University Wi-Fi, which uses WPA2 Enterprise EAP-MSCHAPv2 authentication. My Google-fu so far has informed me that Arduino users have been able to connect to WPA2 Enterprise EAP-TLS (certificate based authentication) ( link) but not (SSID, username, pwd) networks.
What do you mean with "username". The snippet only connects to the home WiFi network. That doesn't have a username. Leo.. If you are on a school campus or large corporate office, you may be running into WPA2 Enterprise. Google reveals other ESP8266 users are struggling with this.
As has been explained, the username and password requirement is related to an additional security layer which is provided in WPA2 Enterprise but not WPA2 Personal. WPA2 Enterprise integrates a number of additional user authentication protocols to to allow WiFi devices to authenticate into organisational networks.
Since Version 2.0 of the Espressif SDK, ESP8266 can be connected to both EAP and PEAP WPA2 Enterprise networks.
I quote a small guide from GitHub on how to implement the connection:
- Call
wifi_station_set_configto set the configuration of target AP.- Call
wifi_station_set_wpa2_enterprise_auth(1);to enable WPA2_Enterprise authentication.
- For EAP-TLS authentication, call
wifi_station_set_enterprise_cert_keyto set certificate and private key.wifi_station_set_enterprise_usernameis an optional choice, it can be called to set user name.- For EAP-TTLS or EAP-PEAP authentication, call
wifi_station_set_enterprise_usernameandwifi_station_set_enterprise_passwordto set user name and password.wifi_station_set_enterprise_ca_certis an optional choice, it can be called to set root certificate.- Call
wifi_station_connectto connect to target AP.- After being connected to an AP, or failing to connect to AP and on stopped retries, please call the corresponding
wifi_station_clear_enterprise_XXXAPIs to release the resources.
66
The feature was recently added and is not mature. It currently supports certificate (EAP-TLS) but not password (PEAP) authentication.
References:
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
