![]() ![]() All my testing so far has only been done with regular WPA3-Enterprise. * As a quick aside, eduroam recommends that sites do NOT enable WPA3-Enterprise 192-bit. That is where the whole issue lies with eduroam and Wifi 6e. In eduroam, there still may be clients that don’t support PMF. This makes supporting eduroam easier but doesn’t solve the problem. Simply put, if a WPA2-Enterprise client is attempting to connect to a WPA3-Enterprise network and they are capable of successfully negotiating the use of PMF, the client now becomes a WPA3-Enterprise certified client… With this, the only difference between WPA2-Enterprise and WPA3-Enterprise is mandating the use of PMF” (CWSP-206 pg. That statement, concerning WPA2 Enterprise clients, can get confusing. WPA3-Enterprise states that all WPA3 connections SHALL negotiate PMF. “In the new WPA3-Enterprise certification, Protected Management Frames are added to WPA2-Enterprise. The Certified Wireless Security Professional: CWSP-206 Study and Reference Guide talks about WPA3-Enterprise vs WPA2-Enterprise in Chapter 10. Clients that do not support WPA3 often do not support PMF and it can cause them to avoid connecting to a network on the 2.4/5Ghz bands. For WPA2-Enterprise, 802.11w or PMF is optional, WPA3-Enterprise* requires it. That isn’t an option with eduroam, where clients are often personal and come from other universities and organizations.Īlthough not the only difference, the biggest difference between WPA2-Enterprise and WPA3-Enterprise is the requirement of Protected Management Frames 802.11w support. Many clients do not support transition mode. Industry feedback from various sources suggest that the best solution is to rip the bandaid off and move everything to WPA3, avoiding the transition mode. U6 Enterprise APs that support everything needed to start testing eduroam and 6Ghz. I finally got my hands on some more prosumer grade. What do we do when we can’t control the clients joining our network? Usually the answer is to create a different SSID, but that isn’t allowed with eduroam either. Some clients do not support WPA3-Enterprise. When enabled on an SSID, it requires WPA3/OWE across all the configured bands, 2.4/5/6Ghz while, some non Wifi 6e clients do not support WPA3 on the 2.4/5Ghz bands. ![]() Wifi 6e requires WPA3, WPA3-Enterprise, or OWE. Here’s the problem that arises with eduroam and Wifi 6e: WPA2-Enterprise vs WPA3-Enterprise. One of the main focuses of the discussion was how to deploy eduroam in the 6Ghz band. ![]() Those in attendance at WLPC Prague had a special “Birds of a Feather” discussion to talk about eduroam. Prior to the conference, a few members of the Higher Ed community in various European countries and from the United States got into a discussion on Twitter about eduroam and 6Ghz. In October 2022, I attended WirelessLAN Professionals Conference WLPC in Prague, Czech Republic. Eduroam + 6Ghz + WPA3-Enterprise (Part 2) ![]()
0 Comments
Leave a Reply. |