Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2810
Views
0
Helpful
7
Replies

8.10.105 and WPA3

timgrantham
Level 1
Level 1

‎11-07-2019 01:42 AM - edited ‎07-05-2021 11:15 AM

Is anybody else using the MobilityExpress 8.10.105 with WPA3 enabled?

 

I'm getting an annoying thing happen where clients are booted every 24 hours and take an age to reconnect, which when you have AppleTVs streaming can be annoying as they drop and then report incorrect password for ages when trying to connect back...same happens with other devices on connecting via WPA3..

 

WPA2 is fine - if I disable WPA3 then the devices will remain connected and not drop.

 

I understand that this is an initial release, and could have "caveats" in the build OS, I'm currently testing at home as my client is wanting to go WPA3 ASAP due to security concerns and the nature of their business, so I'm the guinea pig...

 

This is more of a case to find out if anybody else is experiencing this, or am I the only one??

4 people had this problem
Labels:
0 Helpful
7 Replies 7

AlexW22
Level 1
Level 1

‎06-29-2021 02:23 PM

I guess I am experiencing something similar. When I enable WPA3 on MobilityExpress 8.10.151 my apple devices (iPhone/iPad) don't connect to the AP at all. Because of this I also ended up using WPA2. Is there any additional config required to set up WPA3? I am using an 3800 AP.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to AlexW22

‎06-29-2021 06:12 PM

Here is a matrix that will show what is supported

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/feature-matrix/ap-feature-matrix.html#_Toc64463741
-Scott
*** Please rate helpful posts ***
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to AlexW22

‎06-30-2021 08:18 AM

Yes, PMF needs to be set to enabled. Then you also need to select the right combination of supported key exchanges. 

Did you make a pure WPA3 ssid or a mixed one? I would start with a pure WPA3 one to test. 

0 Helpful

jordan72
Level 1
Level 1
In response to patoberli

‎06-30-2021 10:25 AM - edited ‎06-30-2021 11:44 AM

I have the same problem. AIR-AP2802I-E-K9 / 8.10.151.0 with a WPA3 Personal only SSID. All clients can connect, but not the iphones.

How can I enable PMF ?

I also see this in the logs:

ASSOC_REQMESSAGE_RECEIVED
ASSOC_REQINVALID_RSN_IE
PEM_EVENT_MSGIP_ACQUIRED_AND_AUTH_NOT_REQ_OR_STATIC_DYNAMIC_WEP_SUPPORTED
ASSOC_REQCLIENT_MOVED_TO_ASSOCIATED_STATE
AUTH_DOT1XWLAN_REQUIRES_802_1X_AUTH
EAPOL_KEYUNABLE_TO_ALLOW_USER
MISC_ROAM_EVENTS 
EAPOL_KEYUNABLE_TO_ALLOW_USER
MISC_ROAM_EVENTS 
AUTH_RESNOT_FROM_RELAY
EAPOL_KEYRETRANSMITTING_EAPOL_KEY
MISC_ROAM_EVENTS 
EAPOL_KEYIDENTITY_PACKET_RECEIVED

Regards

Volker

0 Helpful

AlexW22
Level 1
Level 1
In response to patoberli

‎06-30-2021 01:49 PM

Would you please elaborate on PMF? What is it and can it be set in Mobility Express? I was turning off WPA2 functionality for the SSID. So the answer your question its a pure WPA3 SSID. To my knowledge you can only create a WPA2 network through the Mobility Express gui and later edit it to turn off WPA2 and enable WPA3 Personal. But I was using one enabled at a time. On WPA2 everything works as expected. On WPA3 iPhones don't connect.

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to AlexW22

‎07-01-2021 01:08 AM

I suggest having a read here: https://mrncciew.com/2020/08/17/wpa3-enterprise/

 

0 Helpful

AlexW22
Level 1
Level 1
In response to patoberli

‎07-01-2021 01:10 PM

I have checked the PMF (802.11w) status on the controller AP through the CLI with:

config wlan security pmf required <wlan-id>

OUTPUT:
Already in requested state.

So it appears that Mobility Express Controller sets this automatically in the background when toggling on the WPA3 function

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card