Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1256
Views
2
Helpful
4
Replies

Having wpa2+wpa3-personal nix mode

Go to solution
sandeepsingh3200
Level 1
Level 1

‎11-16-2023 05:51 AM

Hello,

I have a WLAN just for employees and devices that needs internet access only. No internal resources. This WLAN is like a guest WiFi but for employees only for their personal devices. I wanted to change it from WPA2-Personal to WPA2+WPA3-personal. Does anyone see any problem with running in mix mode?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to sandeepsingh3200

‎11-16-2023 02:52 PM

@sandeepsingh3200 wrote:
IOT devices

Make the choice.  It's it either WPA2 or WPA3.  Do not turn both on and "hope" the wireless client can choose correctly.  IoT (Internet of Trash) clients will not.  

The recommended best practice is to create a totally separate WPA3/6 Ghz SSID.  

View solution in original post

Go to solution
JPavonM
VIP
VIP

‎11-16-2023 10:30 PM - edited ‎11-16-2023 10:32 PM

One option could be to create the proper Guest SSID using WPA3, and then another one like Guest-legacy for those that do not support it, which could be more than few.  There is no way to control guest devices and get to know how many of them do not support WPA3... not all people swap personal devices every year and 3 years old devices could not support it due to the operating system or the hardware.

The best option would be to create the SSID with WPA3-Personal Transition mode with Transition Disable feature enabled, and then monitor how many guests do connect using WPA2. After that you can choose to move to WPA3 or not.

View solution in original post

4 Replies 4

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎11-16-2023 01:18 PM

Yes, guaranteed there will be problems if there are Windows machines.  

Please read this:  Cisco Secure Client 5.1.0.136 New Features

  • Network Access Manager added support for WPA3 802.11 CCMP128 encryption and Protected Management Frames (PMF). However, WPA3 will not work until Microsoft releases a fix that relates to Integrity Group Temporal Key generation. The fix is not available in a production environment, but we anticipate the fix in an upcoming Windows 11 release and Windows 10 22H2 update. While PMF can be used in WPA2, it is required for WPA3 Enterprise. If you have a WPA2 network with PMF required or optional, your connection to Secure Client 5.1.0.136 will fail until the Microsoft fix.

 

0 Helpful

Go to solution
sandeepsingh3200
Level 1
Level 1
In response to Leo Laohoo

‎11-16-2023 01:20 PM

These are personal mobile devices,iPhones,iPad,IOT devices

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to sandeepsingh3200

‎11-16-2023 02:52 PM

@sandeepsingh3200 wrote:
IOT devices

Make the choice.  It's it either WPA2 or WPA3.  Do not turn both on and "hope" the wireless client can choose correctly.  IoT (Internet of Trash) clients will not.  

The recommended best practice is to create a totally separate WPA3/6 Ghz SSID.  

Go to solution
JPavonM
VIP
VIP

‎11-16-2023 10:30 PM - edited ‎11-16-2023 10:32 PM

One option could be to create the proper Guest SSID using WPA3, and then another one like Guest-legacy for those that do not support it, which could be more than few.  There is no way to control guest devices and get to know how many of them do not support WPA3... not all people swap personal devices every year and 3 years old devices could not support it due to the operating system or the hardware.

The best option would be to create the SSID with WPA3-Personal Transition mode with Transition Disable feature enabled, and then monitor how many guests do connect using WPA2. After that you can choose to move to WPA3 or not.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card