Is it WPA3 Enterprise?

Paul74 · June 9, 2025, 7:28pm

In Wireless section of Luci I've create an access point using WPA3 EAP. I've configured Free Radius to use EAP-TLS. Its working. I'm using OpenWrt 21.02-SNAPSHOT.

From /etc/config/wireless:

config wifi-iface 'guest5g'
	option device 'radio0'
	option mode 'ap'
	option ifname 'wlan1-1'
	option guest '1'
	option wds '1'
	option macfilter 'allow'
	option wpa_disable_eapol_key_retries '1'
	option ssid 'MYAP'
	option network 'lan'
	option encryption 'wpa3+ccmp'
	option auth_server '127.0.0.1'
	option auth_secret 'MYSECRET'
	option macaddr '00:00:00:00:00:00'

macOS says I'm connected to WPA3 Enterprise. In the Luci Wireless Overview it says the AP is Encryption: WPA2 802.1X (CCMP). When I edit the AP it says WPA3-EAP Strong Security. The cipher is Force CCMP (AES). Debian says its WPA2 Enterprise.

Why am I seeing different versions being reported? Have I misconfigured something?

Can you please let me know how I can check the configuration is secure?

bruce · June 10, 2025, 2:49am

Your configuration appears to be set up correctly for WPA3-EAP, but the discrepancies in reported security protocols are likely due to transition mode behavior and reporting inconsistencies between different systems.

By research some information (not sure if it is accurate), I found that WPA3-CCMP has forward compatibility, not only WPA3 but also WPA2. So the Debian may connect using WPA2.

Paul74 · June 10, 2025, 12:15pm

Thanks @bruce . I was wondering if it was client specific. It would make sense.