Wireless Access

Reply
MVP Expert

wpa3-connectivity - how to tell

I've just set up an AP group with 1 AP (303H) on it and a dedicated SSID on our dev ArubaOS 8.5 system and set up key management to be wpa3-enterprise.

Surprisingly enough my iPhone running iOS 12.3.1 connected to it so I'm assuming that if the client isn't capable of WPA3, it drops down to WPA2 ... but how do you tell?

 

The ArubaOS GUI doesn't seem to tell you.... or I'm looking in the wrong place ?

 

Would be good to know just before I start playing with wpa_supplicant 2.8 which does support SAE

 

Rgds

Alex

MVP Guru

Re: wpa3-connectivity - how to tell

Take a look at the AP BSS Table and AP Association and the Flags assigned to the BSSID and Client. Just a note a WPA3 SSID will be in transition mode (WPA3/WPA2) by default unless it is explicitly disabled. 

 

#show ap bss-table

Flags: K = 802.11K Enabled; W = 802.11W Enabled; 3 = WPA3 BSS; O = OWE Transition mode OWE BSS; o = OWE Transition mode Open BSS; M = WPA3-SAE mixed mode BSS
#show ap association

Flags: A: Active, B: Band Steerable, H: Hotspot(802.11u) client, K: 802.11K client, M: Mu beam formee, R: 802.11R client, W: WMM client, w: 802.11w client, V: 802.11v BSS trans capable, P: Punctured preamble, U: HE UL Mu-mimo, O: OWE client, S: SAE client, E: Enterprise client

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Guru Elite

Re: wpa3-connectivity - how to tell

The only difference between WPA2 and WPA3-Enterprise is mandatory MFP. What exactly are you trying to see?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: wpa3-connectivity - how to tell

Guess long and short of it is  if we have  WPA3-enterprise  instead of WPA2-Enterprise associated with a WLAN, what do we look at and where to see if a client connectred system is a WPA2 device or a WPA3 one.

 

Guru Elite

Re: wpa3-connectivity - how to tell

The only real way is to look for lowercase w flag, but that may not be 100% indicative of WPA3-E

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: wpa3-connectivity - how to tell

So are we down to a packet trace then ?

Guru Elite

Re: wpa3-connectivity - how to tell

I’m still not clear on what you’re trying to see and why.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Guru Elite

Re: wpa3-connectivity - how to tell

When you type "show ap association client-mac <mac of iphone>" what are the flags?  Is there an "S" flag to indicate that it is an SAE client?

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
MVP Expert

Re: wpa3-connectivity - how to tell

I’ll let you know as soon as I’ve set up a WPA3-Personal SSID , be Monday now
Rgds
A

Sent from my iPhone
Guru Elite

Re: wpa3-connectivity - how to tell

I will save you time.  Do you have a phone that actually supports WPA3?  If not, don't bother... :(


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: