Thank you for this. This does seem to be the appropriate answer.
Original Message:
Sent: May 04, 2023 11:24 PM
From: TRS-80
Subject: WPA2 on 6GHz
And here's their 6E advice which just refers to the above https://eduroam.org/eduroam-deployment-considerations-on-wi-fi-certified-6e/
Original Message:
Sent: May 04, 2023 11:19 PM
From: TRS-80
Subject: WPA2 on 6GHz
Eduroam has explained it well so I'll just quote them:
There is no explicit "mixed mode", nor is one required: a WPA3-Enterprise network is
identical to a WPA2-Enterprise network which has configured support for Protected
Management Frames (PMF). So long as PMFs are only configured as supported, rather than
required, older WPA2 devices can continue to connect to the network as if it were a normal
WPA2 network.
https://www.eduroam.org/wp-content/uploads/eduroam-advice-for-WiFi-Alliance-WPA3.pdf
Original Message:
Sent: May 04, 2023 04:59 PM
From: thecompnerd
Subject: WPA2 on 6GHz
Thanks for that command!
For a 6GHz connected client, that command outputs "/WPA3-AES-CCMP-128 Explicit Mode EAP-TEAP" for the specific client I'm testing.
The output from Windows shows that it's WPA2-Enterprise when connected and I triple-checked that the InTune policy for the workstation is set to WPA2 Enterprise. This makes no sense to me that it should be working if WPA3 is the only protocol that can be used to connect to 6GHz.
Original Message:
Sent: May 04, 2023 08:44 AM
From: cjoseph
Subject: WPA2 on 6GHz
Type "show dot1x supplicant-info list-all" to make sure those devices are truly using that encryption.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: May 04, 2023 08:38 AM
From: thecompnerd
Subject: WPA2 on 6GHz
You need a separate SSID that supports WPA3 or OWE to run 6Ghz. There is no "touchless" transition to 6ghz. Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast. Lastly, make sure your access point is being powered correctly (use IPM).
That was another suggestion the engineers at ATM23 gave us, at least as a test; basically process of elimination to figure out why clients weren't connecting at first. However, after getting back to the office this week, and all of a sudden we have clients connected to the 6GHz network on WPA2 and it makes no sense. So the main point of my question now is how can this even work?
Original Message:
Sent: May 04, 2023 06:18 AM
From: cjoseph
Subject: WPA2 on 6GHz
You need a separate SSID that supports WPA3 or OWE to run 6Ghz. There is no "touchless" transition to 6ghz. Make sure you see the 6ghz light on the access point or type "show AP bss-table" to make sure a 6ghz SSID is being broadcast. Lastly, make sure your access point is being powered correctly (use IPM).
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: May 03, 2023 05:47 PM
From: thecompnerd
Subject: WPA2 on 6GHz
We're struggling to get clients connected successfully connected to our AP-655s on 6GHz, despite seemingly having met all the requirements on the endpoint side (Win11, AX211 chipset, latest drivers). Surprisingly, all of a sudden a few devices started to work on 6Ghz using WPA2-Enterprise. From the workstation, netsh wlan show interface shows WPA2-Enterprise for the authentication method, as does the output from show auth-tracebuf on the controller. I thought that on 6GHz WPA3 with no backwards compatibility, aka transition mode, was the requirement? If so, it makes no sense that this device is able to connect on 6GHz.
Fruthermore, can anyone confirm that 3072+ bits is the required key size for client certs authenticating via EAP-TLS to WPA3-Enterprise networks?