11-07-2019 01:42 AM - edited 07-05-2021 11:15 AM
Is anybody else using the MobilityExpress 8.10.105 with WPA3 enabled?
I'm getting an annoying thing happen where clients are booted every 24 hours and take an age to reconnect, which when you have AppleTVs streaming can be annoying as they drop and then report incorrect password for ages when trying to connect back...same happens with other devices on connecting via WPA3..
WPA2 is fine - if I disable WPA3 then the devices will remain connected and not drop.
I understand that this is an initial release, and could have "caveats" in the build OS, I'm currently testing at home as my client is wanting to go WPA3 ASAP due to security concerns and the nature of their business, so I'm the guinea pig...
This is more of a case to find out if anybody else is experiencing this, or am I the only one??
06-29-2021 02:23 PM
I guess I am experiencing something similar. When I enable WPA3 on MobilityExpress 8.10.151 my apple devices (iPhone/iPad) don't connect to the AP at all. Because of this I also ended up using WPA2. Is there any additional config required to set up WPA3? I am using an 3800 AP.
06-29-2021 06:12 PM
06-30-2021 08:18 AM
Yes, PMF needs to be set to enabled. Then you also need to select the right combination of supported key exchanges.
Did you make a pure WPA3 ssid or a mixed one? I would start with a pure WPA3 one to test.
06-30-2021 10:25 AM - edited 06-30-2021 11:44 AM
I have the same problem. AIR-AP2802I-E-K9 / 8.10.151.0 with a WPA3 Personal only SSID. All clients can connect, but not the iphones.
How can I enable PMF ?
I also see this in the logs:
ASSOC_REQ | MESSAGE_RECEIVED |
ASSOC_REQ | INVALID_RSN_IE |
PEM_EVENT_MSG | IP_ACQUIRED_AND_AUTH_NOT_REQ_OR_STATIC_DYNAMIC_WEP_SUPPORTED |
ASSOC_REQ | CLIENT_MOVED_TO_ASSOCIATED_STATE |
AUTH_DOT1X | WLAN_REQUIRES_802_1X_AUTH |
EAPOL_KEY | UNABLE_TO_ALLOW_USER |
MISC_ROAM_EVENTS | |
EAPOL_KEY | UNABLE_TO_ALLOW_USER |
MISC_ROAM_EVENTS | |
AUTH_RES | NOT_FROM_RELAY |
EAPOL_KEY | RETRANSMITTING_EAPOL_KEY |
MISC_ROAM_EVENTS | |
EAPOL_KEY | IDENTITY_PACKET_RECEIVED |
Regards
Volker
06-30-2021 01:49 PM
Would you please elaborate on PMF? What is it and can it be set in Mobility Express? I was turning off WPA2 functionality for the SSID. So the answer your question its a pure WPA3 SSID. To my knowledge you can only create a WPA2 network through the Mobility Express gui and later edit it to turn off WPA2 and enable WPA3 Personal. But I was using one enabled at a time. On WPA2 everything works as expected. On WPA3 iPhones don't connect.
07-01-2021 01:08 AM
I suggest having a read here: https://mrncciew.com/2020/08/17/wpa3-enterprise/
07-01-2021 01:10 PM
I have checked the PMF (802.11w) status on the controller AP through the CLI with:
config wlan security pmf required <wlan-id> OUTPUT: Already in requested state.
So it appears that Mobility Express Controller sets this automatically in the background when toggling on the WPA3 function
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: