09-08-2023 12:25 PM
I have some Honeywell ct40s that have android that needs protective management frame off.
My wlc-9800 has the PMF as:
Optional and off are not the same thing, correct? PMF is still ON correct?
==wlan config===
this article
mentions you need to enable WPA and AKM must be configured before removing PMF?
This is a live production SSID. are these WPA & AKM changes disruptive to add, or do they take effect after PMF is removed?
Thanks
09-08-2023 03:33 PM - edited 09-08-2023 03:35 PM
Optional and off are not the same thing, correct? PMF is still ON correct?
Yes, Optional mean you leave it on, but not enforcing client STA to support it.
With WPA3+WPA2 you have to leave it optional as you cannot turn it off.
In this SSID, if you do not require WPA3, then security can be changed to WPA+WPA2 (security wpa wpa2) & test it out.
Any changes to WLAN setting is disruptive and your WLAN client will momentarily disconnect & reconnect when you apply changes.
HTH
Rasika
*** Pls rate all useful responses ***
09-11-2023 07:41 AM - edited 09-11-2023 07:52 AM
So you can't enable WPA3 and turn off PMF.
Honeywell article offers two solutions. 1) enable WPA3, 2)Turn off PMF.
Seems to me its either 1 & 2 but not both.
Enabling Wpa3 worked "for a while" but now having issues. guess it's time to disable Wpa3 and "disable PMF".
WPA3 isn't required but was a "fix" suggested by honeywell.
09-11-2023 11:35 AM
"So you can't enable WPA3 and turn off PMF."
Correct, with WPA3, you have to enable PMF (can leave "Optional" in WPA3 + WAP2 transition SSIDs, which mean it is still ON and negotiated)
If WPA3 is not a requirement, then I would suggest change security to WPA+WPA2 and leave PMF disabled for this SSID
HTH
Rasika
*** Pls rate all useful responses ***
09-11-2023 07:59 AM
No you can't, check this whitepaper https://www.wi-fi.org/system/files/WPA3%20Specification%20v3.1.pdf and the official announce here https://www.wi-fi.org/discover-wi-fi/security
WPA3-Enterprise builds upon the foundation of WPA2-Enterprise with the additional requirement of using Protected Management Frames on all WPA3 connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide