Wi-Fi Protected Access version 3 (more widely known as WPA3) is the successor of WPA2. It improves Wi-Fi security including covering some bugs from its predecessor.
One of the biggest updates includes the mandatory use of Protected Management Frame (PMF) which has been around for a long time but was always optional. Additionally, there are a few WPA3 modes available to use depending on your transition phase to WPA3.
The WPA3 modes:
- WPA3-Personal
- WPA3-Personal Transition
- WPA3-Enterprise
- WPA3-Enterprise Transition
In order to use WPA3, Mist access points must be running firmware version 0.8.x or newer. You may be able to configure WPA3 in the dashboard but the settings will not take effect until the required firmware is installed.
You may want to use WPA3 to improve the security posture of your Wi-Fi network.
Please note, your devices must support WPA3 to connect to the SSID, unless you are using a WPA3 transition mode.
How to configure WPA3-Personal
Navigate to Site > WLANs > Your SSID > Security
Click on More Options and select WPA-3/PSK with passphrase.
To configure transition mode you would select WPA-3/PSK (+WPA-2).

How to configure WPA3 Enterprise
Navigate to Site > WLANs > Your SSID > Security
Click on More Options and select WPA-3/EAP (802.1X). You must then add at least one RADIUS server.

Validation
Using WiFi Explorer Pro 3, I perform a network scan of my test SSID, Test-Net. The security type detected is WPA3 (SAE).

If we look at the RSN Information Element we can see additional details where Management Frame Protection (MFP) which is also known as PMF is required.

Leave a Reply