Meraki

Community

WPA 3 and RADIUS server - cant set WPA 3 Transition Mode

AxL1971
A model citizen
‎Feb 26 2025 11:45 PM
‎Feb 26 2025 11:45 PM

WPA 3 and RADIUS server - cant set WPA 3 Transition Mode

Currently we have MR56 that authenticated with ISE RADIUS server and use WPA2

 

We are replacing the AP with CW9166I-MR that supports 6GHZ.

 

For 6Ghz we need to enable WPA3, however as we have some laptops that do not support 6Ghz we need to set the SSID to use WPA 3 Transition Mode

 

However when modifying the SSID configuration I do not see the option to use WPA 3 Transition Mode - only see these options

 

AxL1971_0-1740642272637.png

 

 

 

13 Replies 13
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Feb 27 2025 12:07 AM
‎Feb 27 2025 12:07 AM

What firmware version are you running?

If I remember correctly, you need MR31.x to get WPA3 Transition.

rhbirkelund_0-1740643640658.png

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
rwiesmann
Head in the Cloud
‎Feb 27 2025 12:20 AM
‎Feb 27 2025 12:20 AM

Interesting...looks the same for me as @AxL1971 mentioned it. No Tranistion Mode option on the drop down.

And I have MR 31.1.5.1 running on my AP's.

0 Kudos
In response to rhbirkelund
rwiesmann
Head in the Cloud
‎Feb 27 2025 12:43 AM
‎Feb 27 2025 12:43 AM

Solved it...switched to the new version of the Access Control Site...tada...transistion mode is available 

rwiesmann
Head in the Cloud
‎Feb 27 2025 12:12 AM
‎Feb 27 2025 12:12 AM

Did you check out the configuration guide to WPA 3?

https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/WPA3_Encryption_and_Configuratio...

 

hope this helps

AxL1971
A model citizen
‎Feb 27 2025 12:22 AM
‎Feb 27 2025 12:22 AM

we are running the MR 30.x  on the AP's

 

 

0 Kudos
In response to AxL1971
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Feb 27 2025 3:42 AM
‎Feb 27 2025 3:42 AM

Then you’ll need to upgrade to MR31.x in order to use WPA3 Enterprise Transition.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 27 2025 3:23 AM
‎Feb 27 2025 3:23 AM

Are you sure that you really need transition mode? If your PCs are not stone old, they likely support "pure" WPA3. With Enterprise Authentication, the difference is not that big to WPA2.

I would add a new Test-SSID with WPA3 and test your oldest devices to check this.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
AxL1971
A model citizen
‎Feb 27 2025 3:28 AM
‎Feb 27 2025 3:28 AM

The issue is the old laptops have the Intel AX201 chipset which does not support 6 Ghz and the newer laptop have the newer AX211 chipset which supports 6Ghz. This is  a 50/50 split of laptops

 

We use a single SSID for corpoate wireless, which uses ISE RADIUS for authentication. From my understanding in order to allow both laptops to connect we need WPA 3 transition mode enabled - so the newer laptops connect on the 6Ghz and older on the 5Ghz (we dont use 2.4 Ghz)

0 Kudos
In response to AxL1971
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 27 2025 3:47 AM
‎Feb 27 2025 3:47 AM

It's not really about the band. My advise is to use WPA3-Enterprise in both 5 and 6 GHz. With that you don't need Transition mode.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
cmr
Kind of a big deal
Kind of a big deal
‎Feb 27 2025 1:51 PM
‎Feb 27 2025 1:51 PM

Totally agree with @KarstenI above.  You can run WPA3 on bands other than 6GHz.  I would totally avoid transition mode, in my testing it was like sticking needles in your eyes, whereas pure WPA3 has some challenges, but does work and I have run it now for a few months.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
AxL1971
A model citizen
‎Feb 27 2025 3:46 AM
‎Feb 27 2025 3:46 AM

As stated above I need to upgrade the firmware to 31.x, which I plan to do by next month. 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
a month ago
a month ago

>WPA 3 Transition Mode

 

Let me try and pre-warn you.  WPA3 transition mode has poor compatibility with devices.  I have never had a network I have been able to leave it enabled because their is always some IoT or old device that it breaks.

 

If you really want to use WPA3, enable it on a new SSID, and move everything that can support it across.

Or you could enable it on the main SSID, and create a new SSID for legacy devices and move everything that breaks across.

In response to PhilipDAth
AxL1971
A model citizen
a month ago
a month ago

The only devices that will be connecting on the 6Ghz spectrum will be corporate laptops. Lenovo Thinkpad's that are at most 3 years old. Some will have the older AX201 chipset and some the newer AX211 chipset that supports 6Ghz. We only allow non corporate devices/IoT on the 2.4 Ghz.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.