CISCO Wi-Fi Protected Access 3 User Guide

Phihlelo e Sirelelitsoeng ea Wi-Fi 3
· Simultaneous Authentication of Equals, on page 1 · Opportunistic Wireless Encryption, on page 2 · Configuring SAE (WPA3+WPA2 Mixed Mode), on page 2 · Configuring WPA3 Enterprise (GUI), on page 3 · Configuring WPA3 Enterprise, on page 4 · Configuring the WPA3 OWE, on page 5 · Configuring WPA3 OWE Transition Mode (GUI), on page 6 · Configuring WPA3 OWE Transition Mode, on page 6 · Configuring WPA3 SAE (GUI), on page 8 · Configuring WPA3 SAE, on page 9 · Configuring Anti-Clogging and SAE Retransmission (GUI), on page 10 · Configuring Anti-Clogging and SAE Retransmission, on page 11 · Verifying WPA3 SAE and OWE, on page 12
Netefatso ea Nako e le 'Ngoe ea Ba lekanang
WPA3 is the latest version of Wi-Fi Protected Access (WPA), which is a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. WPA3 leverages Simultaneous Authentication of Equals (SAE) to provide stronger protections for users against password guessing attempts by third parties. SAE employs a discrete logarithm cryptography to perform an efficient exchange in a way that performs mutual authentication using a password that is probably resistant to an offline dictionary attack. An offline dictionary attack is where an adversary attempts to determine a network password by trying possible passwords without further network interaction. WPA3-Personal brings better protection to individual users by providing more robust password-based authentication making the brute-force dictionary attack much more difficult and time-consuming, while WPA3-Enterprise provides higher grade security protocols for sensitive data networks. When the client connects to the access point, they perform an SAE exchange. If successful, they will each create a cryptographically strong key, from which the session key will be derived. Basically a client and access point goes into phases of commit and then confirm. Once there is a commitment, the client and access point can then go into the confirm states each time there is a session key to be generated. The method uses forward secrecy, where an intruder could crack a single key, but not all of the other keys.
Wi-Fi Protected Access 3 1

Monyetla oa Wireless Encryption

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Monyetla oa Wireless Encryption
Opportunistic Wireless Encryption (OWE) is an extension to IEEE 802.11 that provides encryption of the wireless medium. The purpose of OWE based authentication is avoid open unsecured wireless connectivity between the AP’s and clients. The OWE uses the Diffie-Hellman algorithms based Cryptography to setup the wireless encryption. With OWE, the client and AP perform a Diffie-Hellman key exchange during the access procedure and use the resulting pairwise secret with the 4-way handshake. The use of OWE enhances wireless network security for deployments where Open or shared PSK based networks are deployed.

Configuring SAE (WPA3+WPA2 Mixed Mode)
Follow the procedure given below to configure WPA3+WPA2 mixed mode for SAE.

Tsamaiso

Mohato oa 1 Mohato oa 2 Mohato oa 3 Mohato oa 4 Mohato oa 5 Mohato oa 6

Taelo kapa Ketso e lokisa terminal ExampLe:
Sesebelisoa # lokisa terminal

Morero Kena mokhoeng oa tlhophiso ea lefats'e.

wlan wlan-name wlan-id SSID-name ExampLe:
Device(config)# wlan WPA3 1 WPA3

E kenya mokhoa o monyane oa tlhophiso ea WLAN.

ha ho tshireletso wpa akm dot1x
ExampLe:
Device(config-wlan)# no security wpa akm dot1x

E tima ts'ireletso ea AKM bakeng sa dot1x.

no security ft over-the-ds
ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft over-the-ds

E thibela phetoho e potlakileng holima mohloli oa data ho WLAN.

ha ho tshireletso ft ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft

E thibela phetoho e potlakileng ea 802.11r ho WLAN.

tshireletso wpa wpa2 ciphers aes

E lokisa WPA2 cipher.

ExampLe:

Hlokomela

Device(config-wlan)# security wpa wpa2 You can check whether cipher is configured

ciphers aes

using no security wpa wpa2 ciphers

aescommand. If cipher is not reset, configure

the cipher.

Wi-Fi Protected Access 3 2

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Configuring WPA3 Enterprise (GUI)

Mohato oa 7 Mohato oa 8
Mohato oa 9 Mohato oa 10 Mohato oa 11 Mohato oa 12

Taelo kapa Ketso

Morero

security wpa psk set-key ascii value preshared-key

Specifies a preshared key.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa psk set-key ascii 0 Cisco123

security wpa wpa3

E nolofalletsa tšehetso ea WPA3.

ExampLe:

Hlokomela

Device(config-wlan)# security wpa wpa3 If both WPA2 and WPA3 are supported (SAE and PSK together), it is optional to configure

PMF. However, you cannot disable PMF. For

WPA3, PMF is mandatory.

security wpa akm sae

E nolofalletsa tšehetso ea AKM SAE.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa akm sae

security wpa akm psk

Enables AKM PSK support.

ExampLe:
Device(config-wlan)# security wpa akm psk

ha ho shutdown ExampLe:
Sesebelisoa(config-wlan)# ha ho na shutdown

E nolofalletsa WLAN.

qetellong ExampLe:
Sesebelisoa(config-wlan)# end

E khutlela ho mokhoa o khethehileng oa EXEC.

Configuring WPA3 Enterprise (GUI)

Tsamaiso

Mohato oa 1 Mohato oa 2 Mohato oa 3 Mohato oa 4 Mohato oa 5

Wi-Fi Protected Access 3 3

Configuring WPA3 Enterprise

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Mohato oa 6 Mohato oa 7

Choose Security > AAA tab, choose the Authentication List from the Authentication List drop-down list. Click Apply to Device.

Configuring WPA3 Enterprise
Follow the procedure given below to configure WPA3 enterprise.

Tsamaiso

Mohato 1 Mohato 2 Mohato 3 Mohato 4 Mohato 5 Mohato 6 Mohato 7 Mohato 8

Taelo kapa Ketso e lokisa terminal ExampLe:
Sesebelisoa # lokisa terminal

Morero Kena mokhoeng oa tlhophiso ea lefats'e.

wlan wlan-name wlan-id SSID-name

E kenya mokhoa o monyane oa tlhophiso ea WLAN.

ExampLe:
Device(config)# wlan wl-dot1x 4 wl-dot1x

ha ho tshireletso wpa akm dot1x

E tima ts'ireletso ea AKM bakeng sa dot1x.

ExampLe:
Device(config-wlan)# no security wpa akm dot1x

no security wpa wpa2

Disables WPA2 security.

ExampLe:
Sesebelisoa(config-wlan)# ha ho tshireletso wpa wpa2

security wpa akm dot1x-sha256
ExampLe:
Device(config-wlan)# security wpa akm dot1x-sha256

Configures 802.1x support.

security wpa wpa3

E nolofalletsa tšehetso ea WPA3.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa wpa3

security dot1x authentication-list list-name
ExampLe:
Device(config-wlan)# security dot1x authentication-list ipv6_ircm_aaa_list

Configures security authentication list for dot1x security.

ha ho shutdown ExampLe:
Sesebelisoa(config-wlan)# ha ho na shutdown

E nolofalletsa WLAN.

Wi-Fi Protected Access 3 4

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Configuring the WPA3 OWE

Mohato oa 9

Qetello ea Taelo kapa Ketso ExampLe:
Sesebelisoa(config-wlan)# end

Morero
E khutlela ho mokhoa o khethehileng oa EXEC.
Note A WLAN configured with WPA3 enterprise (SUITEB192-1X) is not supported on C9115/C9120 APs.

Configuring the WPA3 OWE
Follow the procedure given below to configure WPA3 OWE.
Before you begin Configure PMF internally. The associated ciphers configuration can use the WPA2 ciphers.

Tsamaiso

Mohato oa 1 Mohato oa 2 Mohato oa 3 Mohato oa 4 Mohato oa 5 Mohato oa 6

Taelo kapa Ketso e lokisa terminal ExampLe:
Sesebelisoa # lokisa terminal
wlan wlan-name wlan-id SSID-name ExampLe:
Device(config)# wlan WPA3 1 WPA3
no security ft over-the-ds ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft over-the-ds
ha ho tshireletso ft ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft
no security wpa akm dot1x ExampLe:
Device(config-wlan)# no security wpa akm dot1x
ha ho na tshireletso wpa wpa2 ExampLe:
Sesebelisoa(config-wlan)# ha ho tshireletso wpa wpa2

Morero Kena mokhoeng oa tlhophiso ea lefats'e.
E kenya mokhoa o monyane oa tlhophiso ea WLAN.
Disables fast transition over the data source on the WLAN. Disables 802.11r fast transition on the WLAN.
E tima ts'ireletso ea AKM bakeng sa dot1x.
E tima ts'ireletso ea WPA2. PMF e holofetse hona joale.

Wi-Fi Protected Access 3 5

Configuring WPA3 OWE Transition Mode (GUI)

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Mohato oa 7 Mohato oa 8 Mohato oa 9 Mohato oa 10 Mohato oa 11

Taelo kapa Ketso

Morero

tshireletso wpa wpa2 ciphers aes

Enables WPA2 ciphers for AES.

ExampLe:

Hlokomela

Device(config-wlan)# security wpa wpa2 The ciphers for WPA2 and WPA3 are

ciphers aes

tloaelehileng.

security wpa wpa3

E nolofalletsa tšehetso ea WPA3.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa wpa3

security wpa akm owe

Enables WPA3 OWE support.

ExampLe:
Device(config-wlan)# security wpa akm owe

ha ho shutdown ExampLe:
Sesebelisoa(config-wlan)# ha ho na shutdown

E nolofalletsa WLAN.

qetellong ExampLe:
Sesebelisoa(config-wlan)# end

E khutlela ho mokhoa o khethehileng oa EXEC.

Configuring WPA3 OWE Transition Mode (GUI)

Tsamaiso

Mohato oa 1 Mohato oa 2 Mohato oa 3 Mohato oa 4 Mohato oa 5
Mohato oa 6 Mohato oa 7

Khetha Configuration > Tags & Profiles > WLANs. Click Add. In the General tab, enter the Profile Name, the SSID and the WLAN ID. Choose Security > Layer2 tab. Choose WPA2+WPA3 in Layer 2 Security Mode drop-down list. Uncheck the WPA2 Policy, 802.1x, Over the DS, FT + 802.1x and FT + PSKcheck boxes.Check the WPA3 Policy, AES and OWE check boxes. Enter the Transition Mode WLAN ID. Click Apply to Device.

Configuring WPA3 OWE Transition Mode
Follow the procedure given below to configure the WPA3 OWE transition mode.

Wi-Fi Protected Access 3 6

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Configuring WPA3 OWE Transition Mode

Tsamaiso

Note Policy validation is not done between open WLAN and OWE WLAN. The operator is expected to configure them appropriately.

Mohato 1 Mohato 2 Mohato 3 Mohato 4 Mohato 5 Mohato 6 Mohato 7 Mohato 8 Mohato 9

Taelo kapa Ketso e lokisa terminal ExampLe:
Sesebelisoa # lokisa terminal

Morero Kena mokhoeng oa tlhophiso ea lefats'e.

wlan wlan-name wlan-id SSID-name ExampLe:
Device(config)# wlan WPA3 1 WPA3

E kenya mokhoa o monyane oa tlhophiso ea WLAN.

ha ho tshireletso wpa akm dot1x
ExampLe:
Device(config-wlan)# no security wpa akm dot1x

E tima ts'ireletso ea AKM bakeng sa dot1x.

no security ft over-the-ds
ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft over-the-ds

E thibela phetoho e potlakileng holima mohloli oa data ho WLAN.

ha ho tshireletso ft ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft

E thibela phetoho e potlakileng ea 802.11r ho WLAN.

no security wpa wpa2
ExampLe:
Sesebelisoa(config-wlan)# ha ho tshireletso wpa wpa2

E tima ts'ireletso ea WPA2. PMF e holofetse hona joale.

tshireletso wpa wpa2 ciphers aes

Enables WPA2 ciphers for AES.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa wpa2 ciphers aes

security wpa wpa3

E nolofalletsa tšehetso ea WPA3.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa wpa3

security wpa akm owe ExampLe:

Enables WPA3 OWE support.

Wi-Fi Protected Access 3 7

Configuring WPA3 SAE (GUI)

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Mohato oa 10
Mohato oa 11 Mohato oa 12

Taelo kapa Ketso

Morero

Device(config-wlan)# security wpa akm owe

security wpa transition-mode-wlan-id wlan-id
ExampLe:
Device(config-wlan)# security wpa transition-mode-wlan-id 1

Configures the open or OWE transition mode WLAN ID.
Note Validation is not performed on the transition mode WLAN. The operator is expected to configure it correctly with OWE WLAN having open WLAN identifier and the opposite way.
You should configure OWE WLAN ID as transition mode WLAN in open WLAN. Similarly, open WLAN should be configured as transition mode WLAN in OWE WLAN configuration.

ha ho shutdown ExampLe:
Sesebelisoa(config-wlan)# ha ho na shutdown
qetellong ExampLe:
Sesebelisoa(config-wlan)# end

Enables the WLAN. Returns to the privileged EXEC mode.

Configuring WPA3 SAE (GUI)

Tsamaiso

Mohato oa 1 Mohato oa 2 Mohato oa 3 Mohato oa 4 Mohato oa 5
Mohato oa 6

Khetha Configuration > Tags & Profiles > WLANs. Click Add. In the General tab, enter the Profile Name, the SSID and the WLAN ID. Choose Security > Layer2 tab. Choose WPA2+WPA3 in Layer 2 Security Mode drop-down list. Uncheck the WPAPolicy, 802.1x, Over the DS, FT + 802.1x and FT + PSKcheck boxes.Check the WPA3 Policy, AES and PSK check boxes. Enter the Pre-Shared Key and choose the PSK Format from the PSK Format drop-down list and the PSK Type from the PSK Type drop-down list. Click Apply to Device.

Wi-Fi Protected Access 3 8

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Configuring WPA3 SAE

Configuring WPA3 SAE
Follow the procedure given below to configure WPA3 SAE.
Before you begin Configure PMF internally. The associated ciphers configuration can use the WPA2 ciphers. Fast Transition Adaptive is not supported for WPA3 SAE.

Tsamaiso

Mohato oa 1 Mohato oa 2 Mohato oa 3 Mohato oa 4 Mohato oa 5 Mohato oa 6 Mohato oa 7

Taelo kapa Ketso e lokisa terminal ExampLe:
Sesebelisoa # lokisa terminal

Morero Kena mokhoeng oa tlhophiso ea lefats'e.

wlan wlan-name wlan-id SSID-name ExampLe:
Device(config)# wlan WPA3 1 WPA3

E kenya mokhoa o monyane oa tlhophiso ea WLAN.

ha ho tshireletso wpa akm dot1x
ExampLe:
Device(config-wlan)# no security wpa akm dot1x

E tima ts'ireletso ea AKM bakeng sa dot1x.

no security ft over-the-ds
ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft over-the-ds

E thibela phetoho e potlakileng holima mohloli oa data ho WLAN.

ha ho tshireletso ft ExampLe:
Sesebelisoa(config-wlan)# ha ho na tshireletso ft

E thibela phetoho e potlakileng ea 802.11r ho WLAN.

no security wpa wpa2
ExampLe:
Sesebelisoa(config-wlan)# ha ho tshireletso wpa wpa2

E tima ts'ireletso ea WPA2. PMF e holofetse hona joale.

tshireletso wpa wpa2 ciphers aes

E lokisa WPA2 cipher.

ExampLe:

Hlokomela

Device(config-wlan)# security wpa wpa2 You can check whether cipher is configured

ciphers aes

using no security wpa wpa2 ciphers

aescommand. If cipher is not reset, configure

the cipher.

Wi-Fi Protected Access 3 9

Configuring Anti-Clogging and SAE Retransmission (GUI)

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Mohato oa 8 Mohato oa 9
Mohato oa 10 Mohato oa 11 Mohato oa 12

Taelo kapa Ketso

Morero

security wpa psk set-key ascii value preshared-key

Specifies a preshared key.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa psk set-key ascii 0 Cisco123

security wpa wpa3

E nolofalletsa tšehetso ea WPA3.

ExampLe:

Hlokomela

Device(config-wlan)# security wpa wpa3 If both WPA2 and WPA3 are supported (SAE and PSK together), it is optional to configure

PMF. However, you cannot disable PMF. For

WPA3, PMF is mandatory.

security wpa akm sae

E nolofalletsa tšehetso ea AKM SAE.

ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa akm sae

ha ho shutdown ExampLe:
Sesebelisoa(config-wlan)# ha ho na shutdown

E nolofalletsa WLAN.

qetellong ExampLe:
Sesebelisoa(config-wlan)# end

E khutlela ho mokhoa o khethehileng oa EXEC.

Configuring Anti-Clogging and SAE Retransmission (GUI)

Tsamaiso

Mohato 1 Mohato 2 Mohato 3 Mohato 4 Mohato 5 Mohato 6 Mohato 7 Mohato 8

Khetha Configuration > Tags & Profiles > WLANs. Click Add. In the General tab, enter the Profile Name, the SSID and the WLAN ID. Enable or disable Status and Broadcast SSID toggle buttons. From the Radio Policy drop-down list, choose a policy. Choose Security > Layer2 tab. Check the SAE check box. Enter the Anti Clogging Threshold, Max Retries and Retransmit Timeout. Click Apply to Device.

Wi-Fi Protected Access 3 10

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Configuring Anti-Clogging and SAE Retransmission

Configuring Anti-Clogging and SAE Retransmission
Follow the procedure given below to configure anti-clogging and SAE retransmission.

Tsamaiso

Note If the simultaneous SAE ongoing sessions are more than the configured anti-clogging threshold, then anti-clogging mechanism is triggered.
Before you begin Ensure that SAE WLAN configuration is in place, as the steps given below are incremental in nature, in addition to the SAE WLAN configuration.

Mohato oa 1 Mohato oa 2 Mohato oa 3 Mohato oa 4 Mohato oa 5
Mohato oa 6

Taelo kapa Ketso e lokisa terminal ExampLe:
Sesebelisoa # lokisa terminal

Morero Kena mokhoeng oa tlhophiso ea lefats'e.

wlan wlan-name wlan-id SSID-name ExampLe:
Device(config)# wlan WPA3 1 WPA3

E kenya mokhoa o monyane oa tlhophiso ea WLAN.

shutdown ExampLe:
Sesebelisoa(config-wlan)# ha ho na shutdown

Disables the WLAN.

security wpa akm sae
ExampLe:
Sesebelisoa(config-wlan)# tshireletso wpa akm sae

Enables simultaneous authentication of equals as a security protocol.

security wpa akm sae anti-clogging-threshold Configures threshold on the number of open

monyako

sessions to trigger the anti-clogging procedure

ExampLe:

for new sessions.

Device(config-wlan)# security wpa akm sae anti-clogging-threshold 2000

security wpa akm sae max-retries retry-limit Configures the maximum number of

ExampLe:

retransmissions.

Device(config-wlan)# security wpa akm sae max-retries 10

Wi-Fi Protected Access 3 11

Verifying WPA3 SAE and OWE

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Mohato oa 7 Mohato oa 8 Mohato oa 9

Command or Action security wpa akm sae retransmit-timeout retransmit-timeout-limit ExampLe:
Device(config-wlan)# security wpa akm sae retransmit-timeout 500
ha ho shutdown ExampLe:
Sesebelisoa(config-wlan)# ha ho na shutdown
qetellong ExampLe:
Sesebelisoa(config-wlan)# end

Purpose Configures SAE message retransmission timeout value.
E nolofalletsa WLAN.
E khutlela ho mokhoa o khethehileng oa EXEC.

Verifying WPA3 SAE and OWE

Ho view the system level statistics for the client that has undergone successful SAE authentication, SAE authentication failures, SAE ongoing sessions, SAE commit and confirm message exchanges, use the following show command:
Sesebelisoa # se bonts'a lintlha tsa bareki ba lipalo-palo tse se nang mohala

Kakaretso ea Palo ea Bareki : 0

client global statistics:

———————————————————————————–

Total association requests received

Total association attempts

Total FT/LocalAuth requests

Total association failures

Total association response accepts

Total association response rejects

Total association response errors

Total association failures due to blacklist

Total association drops due to multicast mac

Total association drops due to throttling

Total association drops due to unknown bssid

Total association drops due to parse failure

Total association drops due to other reasons

Total association requests wired clients

Total association drops wired clients

Total association success wired clients

Total peer association requests wired clients : 0

Total peer association drops wired clients

Total peer association success wired clients

Total 11r ft authentication requests received : 0

Total 11r ft authentication response success

Total 11r ft authentication response failure

Total 11r ft action requests received

Total 11r ft action response success

Total 11r ft action response failure

Total AID allocation failures

Total AID free failures

Wi-Fi Protected Access 3 12

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Verifying WPA3 SAE and OWE

Total roam attempts

Total CCKM roam attempts

Total 11r roam attempts

Total 11i fast roam attempts

Total 11i slow roam attempts

Total other roam type attempts

Total roam failures in dot11

Total WPA3 SAE attempts

Total WPA3 SAE successful authentications

Total WPA3 SAE authentication failures

Total incomplete protocol failures

Total WPA3 SAE commit messages received

Total WPA3 SAE commit messages rejected

Total unsupported group rejections

Total WPA3 SAE commit messages sent

Total WPA3 SAE confirm messages received

Total WPA3 SAE confirm messages rejected

Total WPA3 SAE confirm messgae field mismatch : 0

Total WPA3 SAE confirm message invalid length : 0

Total WPA3 SAE confirm messages sent

Total WPA3 SAE Open Sessions

Total SAE Message drops due to throttling

Total Flexconnect local-auth roam attempts

Total AP 11i fast roam attempts

Total 11i slow roam attempts

Total client state starts

Total client state associated

Total client state l2auth success

Total client state l2auth failures

Total blacklisted clients on dot1xauth failure : 0

Total client state mab attempts

Total client state mab failed

Total client state ip learn attempts

Total client state ip learn failed

Total client state l3 auth attempts

Total client state l3 auth failed

Total client state session push attempts

Total client state session push failed

Total client state run

Total client deleted

Ho view the WLAN summary details, use the following command.
Device# show wlan summary

Number of WLANs: 3

ID Profile Lebitso

SSID

Status Security

———————————————————————————————————————————————————————————-

1 wlan-demo

ssid-demo

DOWN [WPA3][SAE][AES]

3 CR1_SSID_mab-ext-radius [WPA2][802.1x][AES]

CR1_SSID_mab-ext-radius

TLASE

109 guest-wlan1 [WPA2][802.1x][AES],[Web Auth]

docssid

TLASE

Wi-Fi Protected Access 3 13

Verifying WPA3 SAE and OWE

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Ho view the WLAN properties (WPA2 and WPA3 mode) based on the WLAN ID, use the following command.
Sesebelisoa # se bonts'a wlan id 1

WLAN Profile Lebitso

: wlan-demo

===============================================

Sekhetho

! ! ! Security
802.11 Authentication Static WEP Keys Wi-Fi Protected Access (WPA/WPA2/WPA3)
WPA (SSN IE) WPA2 (RSN IE) WPA3 (WPA3 IE)
AES Cipher CCMP256 Cipher GCMP128 Cipher GCMP256 Cipher Auth Key Management 802.1x PSK CCKM FT dot1x FT PSK Dot1x-SHA256 PSK-SHA256 SAE OWE SUITEB-1X SUITEB192-1X CCKM TSF Tolerance OSEN FT Support FT Reassociation Timeout FT Over-The-DS mode PMF Support PMF Association Comeback Timeout PMF SA Query Time Web Based Authentication Conditional Web Redirect Splash-Page Web Tsamaisa hape Webauth On-mac-filter Failure Webauth Authentication List Name Webauth Authorization List Name Webauth Parameter Map ! ! !

: Open System : Disabled : Enabled : Disabled : Disabled : Enabled : Enabled : Disabled : Disabled : Disabled
: Disabled : Disabled : Disabled : Disabled : Disabled : Disabled : Disabled : Enabled : Disabled : Disabled : Disabled : 1000 : Disabled : Adaptive : 20 : Enabled : Required :1 : 200 : Disabled : Disabled : Disabled : Disabled : Disabled : Disabled : Disabled

Ho view the correct AKM for the client that has undergone SAE authentication, use the following command.
Device# show wireless client mac-address <e0ca.94c9.6be0> detail
Client MAC Address : e0ca.94c9.6be0 ! ! ! Wireless LAN Name: WPA3
!

Wi-Fi Protected Access 3 14

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Verifying WPA3 SAE and OWE

! ! Policy Type : WPA3 Encryption Cipher : CCMP (AES) Authentication Key Management : SAE ! ! !
Ho view the correct AKM for the client that has undergone OWE authentication, use the following command.
Device# show wireless client mac-address <e0ca.94c9.6be0> detail

Client MAC Address : e0ca.94c9.6be0 ! ! ! Wireless LAN Name: WPA3

! ! ! Policy Type : WPA3 Encryption Cipher : CCMP (AES) Authentication Key Management : OWE ! ! !
Ho view the list of PMK cache stored locally, use the following command.
Device# show wireless pmk-cache

Number of PMK caches in total : 0

Mofuta

Seteishene

Entry Lifetime VLAN Override

IP Override

Audit-Session-Id

Username

——————————————————————————————————————————————

Wi-Fi Protected Access 3 15

Verifying WPA3 SAE and OWE

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Wi-Fi Protected Access 3 16

Litokomane / Lisebelisoa

CISCO Wi-Fi Protected Access 3 [pdf] Bukana ea Mosebelisi
Wi-Fi Protected Access 3, Protected Access 3, Access 3

Litšupiso

Bukana ea Mosebelisi

CISCO Wi-Fi Protected Access 3 User Guide

Phihlelo e Sirelelitsoeng ea Wi-Fi 3

Tlhahisoleseding ya Sehlahiswa

Litlhaloso:

Litaelo tsa Tšebeliso ea Sehlahisoa

Configuring SAE (WPA3+WPA2 Mixed Mode)

Configuring WPA3 Enterprise (GUI)

Configuring WPA3 Enterprise

Lipotso tse atisang ho botsoa (FAQ)

Q: What are the supported authentication protocols?

Q: Is PMF mandatory for WPA3?

Q: Can I configure both WPA2 and WPA3 together?

Litokomane / Lisebelisoa

Litšupiso

Tlohela maikutlo

Hlakola karabo