ISE - WPA3 question

tucchijonal · ‎08-26-2024

Hi All,

Hoping someone can answer few questions around enabling WPA3 on Meraki. I work for a large enterprise and we are looking to enable WPA3 for all our offices. We use Meraki APs at all our offices and currently WPA2 is enabled and users authenticate via Cisco ISE (certs). We use windows 2019 to deploy GPO to all user machines and I am told the endpoint 802.1x cert is part of the GPO. I have very limited experience with ISE therefore I am struggling to figure out what I need to get WPA3 working.

Questions:

What do I need to do at ISE end? Do I need to generate a new server cert and get it signed with CA?

What do I need to do at endpoint end? Do endpoints need to generate their own cert and get is signed with CA or is it something I need to provide from ISE end?

I spoke to our windows guy and he suggested that WPA3 option is not available under GPO. He also told me that the previous ISE/network engineer provided them the client cert for WPA2 (not sure how true is this?).

Enabling WPA3 is just few steps on the Meraki APs, however, I doubt it will work automagically without doing some changes at ISE and endpoint side?

Overall, I have no idea how this is supposed to work and appreciate any directions I can get.

VidMate

marce1000 · ‎08-26-2024

- You could also post this in : https://community.meraki.com/t5/Wireless/bd-p/wireless-lan

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rob Ingram · ‎08-26-2024

@tucchijonal The windows supplicant needs to be reconfigured to support WPA3 via the GPO.

There is nothing to change in ISE to select the WPA version. The Meraki AP is just going to send to a RADIUS packet to ISE to authenticate the user, so if you already have autentication via ISE with certificates you do not need to change this.