Wireless Access

 View Only
last person joined: 4 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Wpa3-enterprise not working

This thread has been viewed 47 times
  • 1.  Wpa3-enterprise not working

    Posted Jun 01, 2023 12:56 AM

    Hi members,

    I have turned on wpa3-enterprise with 128 bit (only two options in our controller, 128 and 256- didn't workl for 256 bits). Connected to the clearpass policies.

    Yes, end devices connect with this new SSID (wpa3-enterprise) but on the devices, when I checked it says wpa2-enterprise. I tried to forget and reconnect, disabled, reenabled SSID etc..but still the same.

    I have attached the screenshot as well.

    Please advise if you have come up/solved this case.

    wpa3-setting



  • 2.  RE: Wpa3-enterprise not working

    EMPLOYEE
    Posted Jun 01, 2023 04:49 AM

    Hi, as far as I remember the wizard sets Transition Mode by Default:

    With that you also have an WPA2-Enterprise SSID for Clients that are not WPA3 capable.

    Allowed by IEEE Standard.




  • 3.  RE: Wpa3-enterprise not working

    Posted Jun 02, 2023 12:38 AM

    Thank you very much for your reply.

    Found that by default, xSec is selected. Should we select wpa3-aes-ccm-128  ? 

    Opmode transition is selected.

    Please see the screenshot I have attached.

    bpex54asd9



  • 4.  RE: Wpa3-enterprise not working

    EMPLOYEE
    Posted Jun 02, 2023 03:10 AM

    Yes please, deselect xSec and select wpa3-aes-ccm-128.

    All WPA3 capable Clients should use WPA3 now and all WPA2 capable WPA2.

    From the documentation - https://www.arubanetworks.com/techdocs/ArubaOS_8.10.0_Web_Help/Content/arubaos-solutions/virtual-ap/wlan-ssid-prof.htm:

     xSec

    Encryption and tunneling of Layer-2 traffic between the controller and wired or wireless clients, or between controllers. To use xSec encryption, you must use a RADIUS authentication server. For clients, you must install the Funk Odyssey client software.

    Requires installation of the xSec license. For xSec between managed devices, you must install an xSec license in each managed device.




  • 5.  RE: Wpa3-enterprise not working

    Posted Jun 06, 2023 06:39 PM

    In our system, Aruba MM version 8.5.0.10, does allow to deselect xSec and there are no boxes to select for wpa3-aes-ccm-128.

    On clicking wpa3-aes-ccm-128,it could deselect xSec but gets an error

    Error: Invalid opmode combination. Valid combinations:
        static-wep dynamic-wep
        static-wep wpa-psk-tkip
        dynamic-wep wpa-tkip
        wpa-psk-tkip wpa-psk-aes
        wpa-psk-tkip wpa2-psk-tkip
        wpa-psk-tkip wpa2-psk-aes
        wpa-psk-aes wpa2-psk-tkip
        wpa-psk-aes wpa2-psk-aes
        wpa2-psk-aes wpa2-psk-tkip
        wpa-psk-tkip wpa-psk-aes wpa2-psk-tkip
        wpa-psk-tkip wpa-psk-aes wpa2-psk-aes
        wpa-psk-tkip wpa2-psk-aes wpa2-psk-tkip
        wpa-psk-aes wpa2-psk-aes wpa2-psk-tkip
        wpa-psk-tkip wpa-psk-aes wpa2-psk-aes wpa2-psk-tkip
        wpa-tkip wpa-aes
        wpa-tkip wpa2-tkip
        wpa-tkip wpa2-aes
        wpa-aes wpa2-tkip
        wpa-aes wpa2-aes
        wpa2-aes wpa2-tkip
        wpa-tkip wpa-aes wpa2-tkip
        wpa-tkip wpa2-aes wpa2-tkip
        wpa-tkip wpa-aes wpa2-aes
        wpa-aes wpa2-aes wpa2-tkip
        wpa-tkip wpa-aes wpa2-aes wpa2-tkip

    Could be the hardware limitation ?  Please let me know your experience.




  • 6.  RE: Wpa3-enterprise not working

    MVP
    Posted Jun 07, 2023 08:02 AM

    ArubaOS 8.5.x support ended at the end of 2021. most customers have moved to the AOS 8.10.x LSR (Long Term Supported Release).

    There have been many bug & security fixes since AOS 8.5.10. Like most here, I would recommend you consider upgrading the OS. I doubt WPA3 is supported in that ArubaOS version. 

    Our experience is that having an Aruba support contract is well worth the cost.

    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------



  • 7.  RE: Wpa3-enterprise not working

    Posted Jun 07, 2023 08:19 AM

    We had to upgrade from 8.7 to 8.10 in order for the options to be available to enable WPA3 testing to commence. So if you're 8.5 I'd suggest, as bosborne, that you upgrade.



    ------------------------------
    Nathan
    ------------------------------