WPA Enterprise with WPA3
We configured in nebula, an wifi SSID with autatication WPA Enterprise with WPA3 (autentication with My Radius server).. Everting is working fine (the radius server is an Windows Network Policy Server), but in clients in wireless settings window appear that the connection type is WPA2 (in MAC and Windows10 clients as well)
Best Answers
-
Hi @AdminSys
This behavior is due to the transition mode feature in WPA3, which is designed to accommodate client devices that do not fully support WPA3. When transition mode is enabled, it generates two virtual access points (VAPs): one using WPA3 and another using WPA2 Personal. This allows devices that support both WPA3 and WPA2 to connect seamlessly.
If you want to enforce only WPA3-supported devices to connect and not allow devices to connect using WPA2, you can disable the transition mode by using the following CLI command through Putty or Tera Term via SSH.
- Identify the specific SSID security profile. In this example, let's configure for SSID2_testing.
Command:
Router > show wlan-ssid-profile all - Disable transition mode for the identified security profile.
Command:
Router> enable
Router# configure terminal
Router(config)# wlan-security-profile SECURITY2
Router(config-wlan-security SECURITY2)# no transition-mode
Router(config-wlan-security SECURITY2)# exit - Verification: After disabling transition mode, a WPA3 non-supported device will not be able to connect to the SSID, confirming that only WPA3-supported devices can connect.
Kay
See how you've made an impact in Zyxel Community this year!
0 - Identify the specific SSID security profile. In this example, let's configure for SSID2_testing.
-
Hi @AdminSys
Currently, there is no direct way to disable the transition mode from the Nebula front-end configuration. The most efficient way to achieve this is by configuring it through the CLI command for each of your APs.
In response to your request, we have raised this feature to the idea section:
Please show your support by voting for it, the votes and comments will be part of our evaluation process.
Kay
See how you've made an impact in Zyxel Community this year!
0
All Replies
-
Hi @AdminSys
This behavior is due to the transition mode feature in WPA3, which is designed to accommodate client devices that do not fully support WPA3. When transition mode is enabled, it generates two virtual access points (VAPs): one using WPA3 and another using WPA2 Personal. This allows devices that support both WPA3 and WPA2 to connect seamlessly.
If you want to enforce only WPA3-supported devices to connect and not allow devices to connect using WPA2, you can disable the transition mode by using the following CLI command through Putty or Tera Term via SSH.
- Identify the specific SSID security profile. In this example, let's configure for SSID2_testing.
Command:
Router > show wlan-ssid-profile all - Disable transition mode for the identified security profile.
Command:
Router> enable
Router# configure terminal
Router(config)# wlan-security-profile SECURITY2
Router(config-wlan-security SECURITY2)# no transition-mode
Router(config-wlan-security SECURITY2)# exit - Verification: After disabling transition mode, a WPA3 non-supported device will not be able to connect to the SSID, confirming that only WPA3-supported devices can connect.
Kay
See how you've made an impact in Zyxel Community this year!
0 - Identify the specific SSID security profile. In this example, let's configure for SSID2_testing.
-
we have 5 AP -s are configured in nebula.. we need to login to all AP -s to set this?
0 -
Hi @AdminSys
Currently, there is no direct way to disable the transition mode from the Nebula front-end configuration. The most efficient way to achieve this is by configuring it through the CLI command for each of your APs.
In response to your request, we have raised this feature to the idea section:
Please show your support by voting for it, the votes and comments will be part of our evaluation process.
Kay
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight