Recently, I upgraded Mirouter 4a gigabit to Mirouter ax3000t and installed 24.10.0-rc7 on it. On 4a gigabit, I always used 802.11ac with wpa2-psk+ccmp and there were no problems.
On the ax3000t, I noticed that wpa2-psk has new features such as ccmp-256, cgmp, and cgmp-256. I have a fairly large fleet of wireless clients, mostly operating in 802.11ac, but there are also several that support 802.11ax, Which type of encryption should I choose so that my devices connect without problems. Or it's better to stay on the old one, wpa2-psk+ccmp.
I also noticed that when I select wpa 3-say, it is no longer possible to choose the type of encryption.
wpa3 does not support tkip at all, which is required by wifi-g devices from 20 years ago at latest.
if you want stronger than ccmp encryptions you must use WPA3-EAP, ie radius server with users and passwords. You can sneak those ciphers into config, they will be beaconed, but no client will use them without also forcing them to non-standard cipher.
Probably make new setup for wpa3 while keeping this around for incompatible clients.
You can make one ssid for old equipment with:
And another ssid with wpa3 sae for new equipment
3 Likes
@OP and try - if possible - to connect ALL your clients to the wpa3 SSID and if all can successfully do it then you can remove the wpa2 entry in your wifi config.
1 Like
Hi ! Considering anyway the previous indications from other members are the best way to go for now also in my opinion, I cannot help myself to express the wish to see the new "RSNE/RSNXE override" hostapd options implemented. I would be really nice to have an AP that "seems" WPA2, but supporting WPA3 + GCMP cipher as an override for compatible clients. Also, added cherry on the cake for combination with the new and easier configuration of sae passwords + playing well with Fast Transition would really be cool for mitigating old clients presence in the network and associating new ones with newer encryption.
All my devices have successfully connected to wpa3-sae. and for the most part, there are no problems. The most recent wifi6-enabled devices show 700/700 Mbps for download and return, respectively. However, one of my triples, on the contrary, demonstrates speed degradation in 802.11ax mode, compared to ac, and regardless of the choice of the wpa2 or wpa3 encryption type. Only when I turn on 802.11ac on the router instead of ax, it's about ~500/500megabit on the problematic device, and in ax mode ~20-70download and 500-700 upload. oneplus 9rt device with lineageos firmware, wifi6 support is announced.