Understanding WPA3 SSID

Zyxel_Judy
Zyxel_Judy Posts: 1,627  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
in SSID

Scenario:
Your network includes a variety of devices with different encryption capabilities, including WPA3. You're considering configuring the security method to WPA3 but are unsure if WPA2 devices will still be able to connect or whether let only devices with WPA3 capability to connect to the WPA3 SSID. This FAQ will help clarify this for you.

For sure, as of now, devices that have WPA2 capability can connect to an SSID using the WPA3 encryption method due to the transition mode.

If you want only devices with WPA3 capability to connect to the WPA3 SSID, you can achieve this by configuring each AP through CLI commands.

Configuration:

  1. Identify the specific SSID security profile. 

In this example, let's configure for SSID2_testing. Command:

Router > show wlan-ssid-profile all

2. Disable transition mode for the identified security profile.

Command:

Router> enable

Router# configure terminal

Router(config)# wlan-security-profile SECURITY2

Router(config-wlan-security SECURITY2)# no transition-mode

Router(config-wlan-security SECURITY2)# exit

Verification:

After disabling transition mode, a WPA3 non-supported device will not be able to connect to the SSID, confirming that only WPA3-supported devices can connect.

Note: At the time of this writing, there is no direct way to disable the transition mode from the local GUI configuration.

Judy

See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Tagged: