Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
2
Helpful
6
Replies

C9800 WLAN layer 2 security mode

aflbakker
Level 1
Level 1

‎02-08-2024 03:05 AM

Hi Gents,

When configuring a 802.1x SSID on a C9800 in 17.9.3 you can select the Security -> Layer 2 - Layer 2 security mode.

You can choose from : 

WPA + WPA2 - and only check the WPA2 policy checkbox.

WPA2 + WPA3 - and only check the WPA2 policy checkbox.

I only want / have WPA2. So what is the difference in both options ? Or results it the same functionality ?

 

aflbakker_0-1707390078758.png

WPA2 + WPA3 :

 

aflbakker_1-1707390145259.png

 

 

6 Replies 6

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎02-08-2024 04:31 AM

Hi,

Info: WPA3 is the successor to WPA2, and WPA2 replaces WPA. WPA3 is the most advanced WiFi security standard among these three. WPA3 and WPA2 is not hackable theoretically, but WPA wireless security type is vulnerable. WPA3 includes more advanced encryption than WPA2 and WPA.

functionality wise it would be same if you select WPA2 in either ones. But if have very old clients which only supports only WPA then you need to use WPA+WPA2 otherwise i would recommend to use WPA2+WPA3.

 

Regards

Dont forget to rate helpful posts

 

aflbakker
Level 1
Level 1
In response to Sandeep Choudhary

‎02-08-2024 04:39 AM

Ok. that would make sense. Because we don't have WPA clients it is more future proof to configure WPA2 + WPA3 and only enable WPA2 then..

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to aflbakker

‎02-08-2024 04:47 AM

Yes then use WPA2+WPA3 option.

 

Regards

Dont forget to rate helpful posts

0 Helpful

MHM Cisco World
VIP
VIP
In response to aflbakker

‎02-08-2024 04:56 AM

We make SSID accpet wpa and wpa2  or wpa2 and wpa3

When the clinet connect it not select the security want to use so we use policy to detect if client capable of wpa2 or not.

If we select one policy then the detection use this policy only and fallback to other wpaX if there is no match if we select both then both policy will use to detect client capabilities.

That what I get from using wpaX policy in ssid.

MHM

0 Helpful

MHM Cisco World
VIP
VIP

‎02-08-2024 04:35 AM

great Q I have half answer but let me more check and I will update you 
MHM

0 Helpful

pieterh
VIP
VIP

‎02-08-2024 05:14 AM

it just means you cannot enable WPA3 together with WPA
when selecting wpa2+wpa3 , then selecting WPA policy box will result in an error

wpa2+wpa3 is an intermediate if possible enable wpa3 only (should be backwards compatible)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card