08-04-2023 10:59 AM - edited 08-04-2023 11:00 AM
Hardware:
WLC 9800-CL on Hyper-V - 17.9.3 Cuppertino
c9210i AP
I'm trying to setup an SSID with WPA3 Personal security only but I'm running into a weird issue with both Windows 10 and Windows 11 (My Pixel5 doesn't seem to care)
If I configure the SSID with WPA3, SAE, AES Windows complains that I'm using an older security standard and I can't even get connected to the WiFi.
If I add WPA2, PSK, AES the security warning goes away but I get a generic "cannot connect to wifi" message.
If I set the security to WPA2, PSK, AES only with no WPA3 option, the security warning is gone, and I can successfully connect.
Does anyone have any idea what's going on here?
08-04-2023 03:28 PM
I would check the driver version of those Windows machines ("netsh wlan show driver" in the command prompt). Then upgrade your intel driver to the latest.
What you have to configure is WPA3 Transition mode (WPA2 + WPA3) on the same SSID. Read below post for more details
https://mrncciew.com/2019/11/29/wpa3-sae-transition-mode/
HTH
Rasika
*** Pls rate all useful responses ***
08-04-2023 03:38 PM
Thanks but the drivers are already at the latest version and this is happening on 3 separate Windows machines with both Broadcom and Intel NICs.
My goal isn't to configure SAE transition with WPA2 + WPA3, I want SAE with WPA3 only.
08-05-2023 07:40 AM
If you're sure the drivers are 100% up to date https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html then presume Windows is also fully updated? WPA3 support in Windows 10 was only introduced from 2004 version.
See https://support.microsoft.com/en-us/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09#WindowsVersion=Windows_10
You can also use netsh wlan sh networks mode="bssid" to see what Windows is seeing. Note the list of SSIDs only gets populated when you browse the WiFi networks on the GUI so run that straight after trying to join when it's just been refreshed.
08-13-2023 05:32 PM - edited 08-13-2023 05:33 PM
This is happening in Windows 11 22H2 as well. When I show the wlans from netsh it's showing my network as static WEP open which makes no sense because I have it configured for WPA3 CCMP SAE+FT (also tried disabling fast transition). Any idea what's going on here?
I have a lot of experience with the 9800-40 in an enterprise environment, but I'm not 100% sure I'm setting up the WPA3-Personal security correctly or if I'm running into some type of bug.
08-14-2023 01:16 AM
And what does "show wireless client mac <mac> detail" show for the same client at the same time on the WLC?
Might be better to see the WLAN and policy profile config from CLI rather than screen-shots.
Also "show wlan summ" and "show wlan id <wlan id>"
09-16-2023 03:47 PM
I am running into an almost identical issue:
Windows 11 showing Open/WEP on the SSID. It does seem FT-related. After experimenting with a few knobs, it seems Win11 only would see it as WPA3 and connect if I also enabled SAE (No-FT).
So keep FT Enabled, but check SAE and FT-SAE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide