Digital Podcast

CTS 320: WPA3-Enterprise Part 2


Join Now to Share


Clear To Send: Wireless Network Engineering show

Summary: <br> <br> https://youtu.be/oEj-q2LpsWk<br> <br> <br> <br> <br> Wi-Fi Alliance defines three modes of operations for WPA3-Enterprise:<br> <br> <br> <br> <br> * WPA3-Enterprise only<br> <br> <br> <br> * WPA3-Enterprise transition mode<br> <br> <br> <br> * WPA3-Enterprise 192-bit mode<br> <br> <br> <br> <br> This Episode is sponsored by WiFi Scanner<br> <br> <br> <br> <a href="https://www.cleartosend.net/wp-content/uploads/2023/08/Untitled-3.png"></a><br> <br> <br> Download your trial today at <a href="https://wifiscanner.com/">WiFiScanner.com</a><br> <br> <br> <br> Specifications<br> <br> <br> <br> WPA3-Enterprise Only<br> <br> <br> <br> Here are the important specifications:<br> <br> <br> <br> <br> * An AP and STA shall enable at least AKM suite 00-0F-AC:5 (IEEE 802.1X with SHA-256)<br> <br> <br> <br> * An AP and STA shall not allow AKM suite 00-0F-AC:1 (IEEE 802.1X with SHA-1)<br> <br> <br> <br> * An AP and STA would support &amp; use MFP<br> <br> <br> <br> * a STA shall not enable WEP and TKIP<br> <br> <br> <br> <br> WPA3-Enterprise Transition<br> <br> <br> <br> Here are the important specifications:<br> <br> <br> <br> <br> * An AP and STA shall enable at least AKM suite 00-0F-AC:5 (IEEE 802.1X with SHA-256) and 00-0F-AC:1 (IEEE 802.1X with SHA-1)<br> <br> <br> <br> * An AP and STA must support MFP<br> <br> <br> <br> <br> WPA3-Enterprise 192-bit<br> <br> <br> <br> Here are the important specifications:<br> <br> <br> <br> <br> * PMF must be required by both the AP and STA<br> <br> <br> <br> * Limited set of EAP cipher suites are allowed:<br> <br> * TLS ECDHE ECDSA with AES 256 GCM SHA384<br> <br> <br> <br> * TLS ECDHE RSA with AES 256 GCM SHA384<br> <br> <br> <br> * TLS DHE RSA with AES 256 GCM SHA384<br> <br> <br> <br> <br> <br> <br> Beacon Frames<br> <br> <br> <br> WPA3-Enterprise Only<br> <br> <br> <br> <a href="https://www.cleartosend.net/wp-content/uploads/2023/08/Screen-Shot-2023-07-21-at-9.10.34-AM.png"></a><br> <br> <br> WPA3-Enterprise Transition<br> <br> <br> <br> <a href="https://www.cleartosend.net/wp-content/uploads/2023/08/Screen-Shot-2023-07-21-at-9.14.12-AM.png"></a><br> <br> <br> Comparison between WPA3-Enterprise and WPA3-Enterprise Transition mode:<br> <br> <br> <br> <a href="https://www.cleartosend.net/wp-content/uploads/2023/08/Screen-Shot-2023-07-21-at-9.12.56-AM.png"></a><br> <br> <br> Resources<br> <br> <br> <br> <br> * Wi-Fi Alliance WPA3 Specifications → <a href="https://www.wi-fi.org/system/files/WPA3%20Specification%20v3.1.pdf" target="_blank" rel="noreferrer noopener">https://www.wi-fi.org/system/files/WPA3%20Specification%20v3.1.pdf</a><br> <br> <br> <br> * WPA3 Enterprise by Rasika (mrncciew) → <a href="https://mrncciew.com/2020/08/17/wpa3-enterprise/">https://mrncciew.com/2020/08/17/wpa3-enterprise/</a><br> <br> <br> <br> * Configure JumpStart for Mist → <a href="https://www.mist.com/documentation/jumpcloud-for-radius/">https://www.mist.com/documentation/jumpcloud-for-radius/</a><br> <br>