Correct settings for WPA3 Enterprise transition mode?
robert.senger at lists.microscopium.de
Wed May 24 16:19:27 PDT 2023
I wonder, what exactly WPA3 Enterprise transition mode is and how it is
expected to behave and to be be configured on the AP.
As far as I understood, WPA3 Enterprise transition mode should allow
WPA3 Enterprise capable client machines to connect using WPA3
Enterprise, and also allow not WPA3 capable client machines to connect
using WPA2 Enterprise.
But I can't get this to work.
Access Point: Debian 11, hostapd 2.10
Client 1: Windows 11, WPA3 compatible
Client 2: Windows 10, not WPA3 compatible (hardware limitation, no PMF)
Client 3: Debian 11, not WPA3 compatible (hardware linitation, no PMF)
This allows only the Windows 11 machine to connect. Not WPA3 compatible
machines cannot connect. Changing to default group_mgmt_cipher=AES-
128_CMAC (or removing the option from config), allows the Windows 10
and Debian machines to connect using WPA2 Enterprise. But then, the
Windows 11 machine can't connect anymore.
What am I doing wrong? And, what is the exact difference between "WPA3
Enterprise only", "WPA3 Enterprise transition" and "WPA3 Enterprise
192-bit"? I am a bit confused about that...
Thank you for help!
More information about the Hostap