Understanding WPA3 SSID

Zyxel_Judy Posts: 1,100  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

Your network includes a variety of devices with different encryption capabilities, including WPA3. You're considering configuring the security method to WPA3 but are unsure if WPA2 devices will still be able to connect or whether let only devices with WPA3 capability to connect to the WPA3 SSID. This FAQ will help clarify this for you.

For sure, as of now, devices that have WPA2 capability can connect to an SSID using the WPA3 encryption method due to the transition mode.

If you want only devices with WPA3 capability to connect to the WPA3 SSID, you can achieve this by configuring each AP through CLI commands.


  1. Identify the specific SSID security profile. 

In this example, let's configure for SSID2_testing. Command:

Router > show wlan-ssid-profile all

2. Disable transition mode for the identified security profile.


Router> enable

Router# configure terminal

Router(config)# wlan-security-profile SECURITY2

Router(config-wlan-security SECURITY2)# no transition-mode

Router(config-wlan-security SECURITY2)# exit


After disabling transition mode, a WPA3 non-supported device will not be able to connect to the SSID, confirming that only WPA3-supported devices can connect.

Note: At the time of this writing, there is no direct way to disable the transition mode from the local GUI configuration.

Share yours now! https://bit.ly/4aO0BMF