Opportunistic Wireless Encryption (OWE) Dual Guest networks

SOLVED
ClockN
Conversationalist

Opportunistic Wireless Encryption (OWE) Dual Guest networks

Recently implemented Opportunistic Wireless Encryption (OWE) on our Guest Wi-Fi configured with a Splash Page. When the Guest SSID was Open with No Encryption only one Guest SSID was shown. When Opportunistic Wireless Encryption (OWE) was enabled I now have two Guest SSIDs broadcasting their presence. One functions normally through the Splash Page with no lock symbol. The other Guest SSID shows up with a lock symbol and is requestion and EAP method. My question is how to make the SSID with the EAP Method disappear from the guests' devices? 


Model: MR45
Current version: MR 29.4.1

 

Thanks in advance for any insight to my question.

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

Clients have to support OWE to make use of it. I haven’t implemented OWE yet, but I’m wondering whether what you’re seeing is Meraki presenting you with both an OWE enabled SSID (the one with a lock), and an open SSID (the one without the lock). This would allow clients that don’t support OWE to still connect to your guest network. If this is the case, then to remove the the SSID with the ‘lock’, you’ll need to revert to using an Open SSID. I’m sure things will change when there is more support and adoption of WPA3/OWE.

View solution in original post

7 REPLIES 7
Bruce
Kind of a big deal

Clients have to support OWE to make use of it. I haven’t implemented OWE yet, but I’m wondering whether what you’re seeing is Meraki presenting you with both an OWE enabled SSID (the one with a lock), and an open SSID (the one without the lock). This would allow clients that don’t support OWE to still connect to your guest network. If this is the case, then to remove the the SSID with the ‘lock’, you’ll need to revert to using an Open SSID. I’m sure things will change when there is more support and adoption of WPA3/OWE.

KarstenI
Kind of a big deal
Kind of a big deal

I think the problem you are running into is based on that Meraki doesn't yet support transition mode with OWE. There you would see one SSID and the capable client would use OWE and the older client would use the standard open mode.

Unless that is implemented by Meraki I would either not use OWE or use two SSIDs with different names like "Guest" and "Guest-Secure".

But I am not sure what you mean with the EAP methods, This is typically related to an Enterprise WPA implementation and will always show up on the client devices.

burnz
Getting noticed

Please be aware that Apple devices currently don’t support owe..

UKDanJones
Building a reputation

macOS devices don't. iOS and iPadOS devices do. 

Please feel free to hit that kudos button
KarstenI
Kind of a big deal
Kind of a big deal

I am not sure when it started, but my M2 is just now connected to an OWE SSID:

KarstenI_0-1694468926738.png

 

Creyna10
New here

burnz
Getting noticed

Would be nice if meraki will support transition mode with OWE.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels