I have recently installed some CW9166 6ghz access points.
Would like to enable WPA3 to enable 6ghz operation, however there is no option to enable WPA3 transition mode when you are using Enterprise 802.1x security on an SSID.
We have some devices with chipsets that dont seem to support WPA3, so when we move the SSID into native WPA3 mode these devices can no longer connect to it.
Would like to avoid having to create a separate SSID for these devices if possible as that starts getting a bit messy to push out and manage.
Is there any way around this problem or are there any plans for this config setting to be added within the dashboard?
Sadly, with the MR we can't use one SSID with WPA3 on 6GHz and WPA3 Transition on 2.4/5 GHz. You likely need a new WPA3-only SSID and migrate all capable devices into this SSID.
That's not just MR but everywhere. Since if you use transition mode that would mean you also support WPA2 association but that is not allowed in 6 GHz.
So yes you have to have a seperate SSID if you want to support anything below WPA3 and enable 6 GHz on it.
On Catalyst, it is possible in newer Firmware versions. If Transition mode is configured, it enables WPA3-Transition on 2.4 and 5, but WPA3-only on 6 GHz.
EDIT: I just looked; the same is valid for Mist. This makes me think it could be common outside of the Meraki world.
EDIT2: I still would prefer a separate SSID in most cases as I am not a friend of any transition mode.
Yeah, thats what i'd like from "Transition" mode! - WPA3 only just for 6ghz.
If catalyst supports it is this a setting that is likely to sneak into an MR firmware very soon?
I haven't tested it yet but I'd be surprised if clients that are capable of WPA2 couldn't do WPA3 enterprise as they're effectively the same thing...
have you tried setting a WPA3 enterprise SSID and connecting your devices?
There's only a difference in WPA2/3 when you use a PSK/passphrase - SAE is the difference.
I have tried converting existing SSID's over to WPA3.
Once i have done this devices with the Intel AC8265 chipset will no longer connect, and if you google this it appears that they dont support WPA3. Unfortunately there are multiple trolleys full of the same laptop model on site!.
All other devices seem fine (atleast once you go to MR 29.6.1 firmware!)
>I haven't tested it yet but I'd be surprised if clients that are capable of WPA2 couldn't do WPA3 enterprise as they're effectively the same thing
I've tried this and found it unworkable - too many driver bugs.