WPA3 Configuration on Mist

WPA3 Configuration on Mist
Photo by Chris Lawton on Unsplash

Wi-Fi Protected Access version 3 (more widely known as WPA3) is the successor of WPA2. It improves Wi-Fi security including covering some bugs from its predecessor.

One of the biggest updates includes the mandatory use of Protected Management Frame (PMF) which has been around for a long time but was always optional. Additionally, there are a few WPA3 modes available to use depending on your transition phase to WPA3.

The WPA3 modes:

  • WPA3-Personal
  • WPA3-Personal Transition
  • WPA3-Enterprise
  • WPA3-Enterprise Transition

In order to use WPA3, Mist access points must be running firmware version 0.8.x or newer. You may be able to configure WPA3 in the dashboard but the settings will not take effect until the required firmware is installed.

You may want to use WPA3 to improve the security posture of your Wi-Fi network.

Please note, your devices must support WPA3 to connect to the SSID, unless you are using a WPA3 transition mode.

How to configure WPA3-Personal

Navigate to Site > WLANs > Your SSID > Security

Click on More Options and select WPA-3/PSK with passphrase.

To configure transition mode you would select WPA-3/PSK (+WPA-2).

WPA3 WLAN configuration

How to configure WPA3 Enterprise

Navigate to Site > WLANs > Your SSID > Security

Click on More Options and select WPA-3/EAP (802.1X). You must then add at least one RADIUS server.

WPA3 Enterprise WLAN configuration

Validation

Using WiFi Explorer Pro 3, I perform a network scan of my test SSID, Test-Net. The security type detected is WPA3 (SAE).

WiFi Explorer Pro network scan

If we look at the RSN Information Element we can see additional details where Management Frame Protection (MFP) which is also known as PMF is required.

RSN Information Element details