Correct settings for WPA3 Enterprise transition mode?
Robert Senger
robert.senger at lists.microscopium.de
Wed May 24 16:19:27 PDT 2023
Hi all,
I wonder, what exactly WPA3 Enterprise transition mode is and how it is
expected to behave and to be be configured on the AP.
As far as I understood, WPA3 Enterprise transition mode should allow
WPA3 Enterprise capable client machines to connect using WPA3
Enterprise, and also allow not WPA3 capable client machines to connect
using WPA2 Enterprise.
But I can't get this to work.
Equipment:
Access Point: Debian 11, hostapd 2.10
Client 1: Windows 11, WPA3 compatible
Client 2: Windows 10, not WPA3 compatible (hardware limitation, no PMF)
Client 3: Debian 11, not WPA3 compatible (hardware linitation, no PMF)
Configuration:
ieee8021x=1
ieee80211w=1
wpa_key_mgmt=WPA-EAP-SUITE-B-192 WPA-EAP-SHA256
rsn_pairwise=GCMP-256 CCMP
group_mgmt_cipher=BIP-GMAC-256
This allows only the Windows 11 machine to connect. Not WPA3 compatible
machines cannot connect. Changing to default group_mgmt_cipher=AES-
128_CMAC (or removing the option from config), allows the Windows 10
and Debian machines to connect using WPA2 Enterprise. But then, the
Windows 11 machine can't connect anymore.
What am I doing wrong? And, what is the exact difference between "WPA3
Enterprise only", "WPA3 Enterprise transition" and "WPA3 Enterprise
192-bit"? I am a bit confused about that...
Thank you for help!
Robert
--
Robert Senger
More information about the Hostap
mailing list