WPA3 support
WPA3 security modes can be selected when configuring SSIDs.
To configure WPA3 in the GUI:
- Go to WiFi & Switch Controller > SSID.
- Create a new SSID, or edit a current one.
- In the WiFi Settings section, set the Security Mode to a WPA3 option.
- Configure the remaining settings as needed.
- Click OK.
- Use a client with WPA3 to verify the connection.
To configure WPA3 in the CLI:
- WPA3 OWE:
- WPA3 OWE only.
Clients that support WPA3 can connect with this SSID.
config wireless-controller vap edit "80e_owe" set ssid "80e_owe" set security owe set pmf enable set schedule "always" next end
- WPA3 OWE TRANSITION.
Clients connect with normal OPEN or OWE depending on its capability: Clients that support WPA3 connect with OWS standard, and clients that cannot support WPA3 connect with Open SSID.
config wireless-controller vap edit "80e_open" set ssid "80e_open" set security open set owe-transition enableset owe-transition-ssid "wpa3_open" set schedule "always" next edit "wpa3_owe_tr" set ssid "wpa3_open" set broadcast-ssid disable set security owe set pmf enable set owe-transition enableset owe-transition-ssid "80e_open" set schedule "always" next end
- WPA3 OWE only.
- WPA3 SAE:
- WPA3 SAE.
Clients that support WPA3 can connect with this SSID.
config wireless-controller vap edit "80e_sae" set ssid "80e_sae" set security wpa3-sae set pmf enable set schedule "always" set sae-password 12345678 next end
- WPA3 SAE TRANSITION.
There are two passwords in the SSID. If passphrase is used, the client connects with WPA2 PSK. If sae-password is used, the client connects with WPA3 SAE.
config wireless-controller vap edit "80e_sae-tr" set ssid "80e_sae-transition" set security wpa3-sae-transition set pmf optional set passphrase 11111111 set schedule "always" set sae-password 22222222 next end
- WPA3 SAE.
- WPA3 Enterprise.
Select the
auth
type to use either RADIUS authentication or local user authentication.config wireless-controller vap edit "80e_wpa3" set ssid "80e_wpa3" set security wpa3-enterprise set pmf enable set auth radius set radius-server "wifi-radius" set schedule "always" next edit "80e_wpa3_user" set ssid "80e_wpa3_user" set security wpa3-enterprise set pmf enable set auth usergroup set usergroup "usergroup" set schedule "always" next end
- Use a client with WPA3 to verify the connection.