Candela Technologies Logo
Network Testing and Emulation Solutions

Setting up WPA3

Goal: To set up LANforge wireless access points and clients with WPA3.

This example will cover WPA3-Personal, WPA3-Enterprise and OWE.
For an introduction or review of WPA3, see Hemant Chaskar's WLPC video.
 
  1. WPA3-Personal for a VAP and a STA client.
    1. Setup the VAP with SSID, WPA3 security and a PSK. screenshot
    2. Setup the VAP with 11w PMF option Required. screenshot
    3. Setup the STA with SSID, WPA3 security and a PSK. screenshot
    4. Setup the STA with 11w PMF option Required. screenshot
    5. A capture of the association. screenshot
  2. WPA3-Enterprise for a VAP and a STA client.
    1. Setup a RADIUS server for the VAP. This example uses a LANforge hostapd RADIUS server on the same system as the VAP.
    2. Setup the VAP with WPA3 security and no PSK on the standard configuration screen. screenshot
    3. Setup the VAP with 11w PMF option Required and select the checkbox for Advanced/802.1X which will also inform the VAP where its RADIUS server is located. In this example the LANforge hostapd RADIUS server is on the localhost. screenshot
    4. After enabling Advanced/802.1X, the VAP is automatically configured for both WPA-EAP-SUITE-B and WPA-EAP-SUITE-B-192 as shown in the back-end configuration for the VAP.
      cat /home/lanforge/wifi/hostapd_vap2.conf
      ...
      wpa_key_mgmt=WPA-EAP-SUITE-B WPA-EAP-SUITE-B-192
      ...
    5. Setup the STA with WPA3 security and no PSK on the standard configuration screen. screenshot
    6. Setup the STA with 11w PMF option Required and select the checkbox for Advanced/802.1X which allows choosing the Key Management scheme and EAP Method. Here the STA is setup to use WPA-EAP-SUITE-B with EAP-TTLS and a user identity and password that were configured with the RADIUS server setup. screenshot
    7. A capture of the association. screenshot
  3. WPA3 OWE - Opportunistic Wireless Encryption.
    1. Setup the VAP with WPA3 security and a PSK on the standard configuration, then select option 11w PMF option Required on the advanced configuration, then admin up the VAP. screenshot
    2. Copy the back-end config file for the VAP to a new filename and edit the wpa_key_mgmt from SAE to OWE.
      cd /home/lanforge/wifi
      cp hostapd_vap2.conf vap2-owe.conf
      vi vap2-owe.conf
      wpa_key_mgmt=OWE
    3. Modify the VAP and select Custom WPA Cfg on the Misc Configuration screen then type in the location of the new VAP config file. screenshot
    4. Setup the STA with WPA3 security and no PSK on the standard configuration screen. screenshot
    5. Setup the STA with 11w PMF option Required and select the checkbox for Advanced/802.1X which allows choosing the Key Management scheme. Here the STA will use OWE and a WPA PSK. screenshot
    6. A capture of the association. screenshot

Candela  Technologies, 2417 Main Street, Suite 201, Ferndale, WA 98248, USA
www.candelatech.com | sales@candelatech.com | +1.360.380.1618
Facebook | LinkedIn | Blog