ArubaOS 8.5.x support ended at the end of 2021. most customers have moved to the AOS 8.10.x LSR (Long Term Supported Release).
There have been many bug & security fixes since AOS 8.5.10. Like most here, I would recommend you consider upgrading the OS. I doubt WPA3 is supported in that ArubaOS version.
Our experience is that having an Aruba support contract is well worth the cost.
------------------------------
Bruce Osborne ACCP ACMP
Liberty University
The views expressed here are my personal views and not those of my employer
------------------------------
Original Message:
Sent: Jun 06, 2023 06:39 PM
From: binodranabhat
Subject: Wpa3-enterprise not working
In our system, Aruba MM version 8.5.0.10, does allow to deselect xSec and there are no boxes to select for wpa3-aes-ccm-128.
On clicking wpa3-aes-ccm-128,it could deselect xSec but gets an error
Error: Invalid opmode combination. Valid combinations:
static-wep dynamic-wep
static-wep wpa-psk-tkip
dynamic-wep wpa-tkip
wpa-psk-tkip wpa-psk-aes
wpa-psk-tkip wpa2-psk-tkip
wpa-psk-tkip wpa2-psk-aes
wpa-psk-aes wpa2-psk-tkip
wpa-psk-aes wpa2-psk-aes
wpa2-psk-aes wpa2-psk-tkip
wpa-psk-tkip wpa-psk-aes wpa2-psk-tkip
wpa-psk-tkip wpa-psk-aes wpa2-psk-aes
wpa-psk-tkip wpa2-psk-aes wpa2-psk-tkip
wpa-psk-aes wpa2-psk-aes wpa2-psk-tkip
wpa-psk-tkip wpa-psk-aes wpa2-psk-aes wpa2-psk-tkip
wpa-tkip wpa-aes
wpa-tkip wpa2-tkip
wpa-tkip wpa2-aes
wpa-aes wpa2-tkip
wpa-aes wpa2-aes
wpa2-aes wpa2-tkip
wpa-tkip wpa-aes wpa2-tkip
wpa-tkip wpa2-aes wpa2-tkip
wpa-tkip wpa-aes wpa2-aes
wpa-aes wpa2-aes wpa2-tkip
wpa-tkip wpa-aes wpa2-aes wpa2-tkip
Could be the hardware limitation ? Please let me know your experience.
Original Message:
Sent: Jun 02, 2023 03:09 AM
From: cordless
Subject: Wpa3-enterprise not working
Yes please, deselect xSec and select wpa3-aes-ccm-128.
All WPA3 capable Clients should use WPA3 now and all WPA2 capable WPA2.
From the documentation - https://www.arubanetworks.com/techdocs/ArubaOS_8.10.0_Web_Help/Content/arubaos-solutions/virtual-ap/wlan-ssid-prof.htm:
xSec
|
Encryption and tunneling of Layer-2 traffic between the controller and wired or wireless clients, or between controllers. To use xSec encryption, you must use a authentication server. For clients, you must install the Funk Odyssey client software.
Requires installation of the xSec license. For xSec between managed devices, you must install an xSec license in each managed device.
|
Original Message:
Sent: Jun 02, 2023 12:38 AM
From: binodranabhat
Subject: Wpa3-enterprise not working
Thank you very much for your reply.
Found that by default, xSec is selected. Should we select wpa3-aes-ccm-128 ?
Opmode transition is selected.
Please see the screenshot I have attached.
Original Message:
Sent: Jun 01, 2023 04:49 AM
From: cordless
Subject: Wpa3-enterprise not working
Hi, as far as I remember the wizard sets Transition Mode by Default:
With that you also have an WPA2-Enterprise SSID for Clients that are not WPA3 capable.
Allowed by IEEE Standard.
Original Message:
Sent: Jun 01, 2023 12:56 AM
From: binodranabhat
Subject: Wpa3-enterprise not working
Hi members,
I have turned on wpa3-enterprise with 128 bit (only two options in our controller, 128 and 256- didn't workl for 256 bits). Connected to the clearpass policies.
Yes, end devices connect with this new SSID (wpa3-enterprise) but on the devices, when I checked it says wpa2-enterprise. I tried to forget and reconnect, disabled, reenabled SSID etc..but still the same.
I have attached the screenshot as well.
Please advise if you have come up/solved this case.