Wireless Access

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

FAIK 6GHz required WPA3 (no backward compatible with WPA2 aka transition mode).
Not sure about your question about the minimum key size, don't ring a bell to me.
Did your run latest client drivers and ArubaOS software on your APs/controllers?

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

That was another suggestion the engineers at ATM23 gave us, at least as a test; basically process of elimination to figure out why clients weren't connecting at first.  However, after getting back to the office this week, and all of a sudden we have clients connected to the 6GHz network on WPA2 and it makes no sense.  So the main point of my question now is how can this even work?

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

Type "show dot1x supplicant-info list-all" to make sure those devices are truly using that encryption.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 04, 2023 08:38 AM
From: thecompnerd
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

That was another suggestion the engineers at ATM23 gave us, at least as a test; basically process of elimination to figure out why clients weren't connecting at first.  However, after getting back to the office this week, and all of a sudden we have clients connected to the 6GHz network on WPA2 and it makes no sense.  So the main point of my question now is how can this even work?

Original Message:
Sent: May 04, 2023 06:18 AM
From: cjoseph
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 03, 2023 05:47 PM
From: thecompnerd
Subject: WPA2 on 6GHz

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

Thanks for that command!

For a 6GHz connected client, that command outputs "/WPA3-AES-CCMP-128     Explicit Mode    EAP-TEAP" for the specific client I'm testing.

The output from Windows shows that it's WPA2-Enterprise when connected and I triple-checked that the InTune policy for the workstation is set to WPA2 Enterprise.  This makes no sense to me that it should be working if WPA3 is the only protocol that can be used to connect to 6GHz.

Original Message:
Sent: May 04, 2023 08:44 AM
From: cjoseph
Subject: WPA2 on 6GHz

Type "show dot1x supplicant-info list-all" to make sure those devices are truly using that encryption.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 04, 2023 08:38 AM
From: thecompnerd
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

That was another suggestion the engineers at ATM23 gave us, at least as a test; basically process of elimination to figure out why clients weren't connecting at first.  However, after getting back to the office this week, and all of a sudden we have clients connected to the 6GHz network on WPA2 and it makes no sense.  So the main point of my question now is how can this even work?

Original Message:
Sent: May 04, 2023 06:18 AM
From: cjoseph
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 03, 2023 05:47 PM
From: thecompnerd
Subject: WPA2 on 6GHz

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

Eduroam has explained it well so I'll just quote them:

https://www.eduroam.org/wp-content/uploads/eduroam-advice-for-WiFi-Alliance-WPA3.pdf

Thanks for that command!

For a 6GHz connected client, that command outputs "/WPA3-AES-CCMP-128     Explicit Mode    EAP-TEAP" for the specific client I'm testing.

The output from Windows shows that it's WPA2-Enterprise when connected and I triple-checked that the InTune policy for the workstation is set to WPA2 Enterprise.  This makes no sense to me that it should be working if WPA3 is the only protocol that can be used to connect to 6GHz.

Original Message:
Sent: May 04, 2023 08:44 AM
From: cjoseph
Subject: WPA2 on 6GHz

Type "show dot1x supplicant-info list-all" to make sure those devices are truly using that encryption.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 04, 2023 08:38 AM
From: thecompnerd
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

That was another suggestion the engineers at ATM23 gave us, at least as a test; basically process of elimination to figure out why clients weren't connecting at first.  However, after getting back to the office this week, and all of a sudden we have clients connected to the 6GHz network on WPA2 and it makes no sense.  So the main point of my question now is how can this even work?

Original Message:
Sent: May 04, 2023 06:18 AM
From: cjoseph
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 03, 2023 05:47 PM
From: thecompnerd
Subject: WPA2 on 6GHz

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

And here's their 6E advice which just refers to the above https://eduroam.org/eduroam-deployment-considerations-on-wi-fi-certified-6e/

Eduroam has explained it well so I'll just quote them:

https://www.eduroam.org/wp-content/uploads/eduroam-advice-for-WiFi-Alliance-WPA3.pdf

Thanks for that command!

For a 6GHz connected client, that command outputs "/WPA3-AES-CCMP-128     Explicit Mode    EAP-TEAP" for the specific client I'm testing.

The output from Windows shows that it's WPA2-Enterprise when connected and I triple-checked that the InTune policy for the workstation is set to WPA2 Enterprise.  This makes no sense to me that it should be working if WPA3 is the only protocol that can be used to connect to 6GHz.

Original Message:
Sent: May 04, 2023 08:44 AM
From: cjoseph
Subject: WPA2 on 6GHz

Type "show dot1x supplicant-info list-all" to make sure those devices are truly using that encryption.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 04, 2023 08:38 AM
From: thecompnerd
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

That was another suggestion the engineers at ATM23 gave us, at least as a test; basically process of elimination to figure out why clients weren't connecting at first.  However, after getting back to the office this week, and all of a sudden we have clients connected to the 6GHz network on WPA2 and it makes no sense.  So the main point of my question now is how can this even work?

Original Message:
Sent: May 04, 2023 06:18 AM
From: cjoseph
Subject: WPA2 on 6GHz

You need a separate SSID that supports WPA3 or OWE to run 6Ghz.  There is no "touchless" transition to 6ghz.  Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast.  Lastly, make sure your access point is being powered correctly (use IPM).

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: May 03, 2023 05:47 PM
From: thecompnerd
Subject: WPA2 on 6GHz

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?

We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers).  Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise.  From the workstation, netsh wlan show interface  shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller.  I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement?  If so, it makes no sense that this device is able to connect on 6GHz.

Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?