Setting the 802.1X security level. WPA3 features the support of CNSA Suite B cryptography, which is an optional part of WPA3-Enterprise for high-security environments.
Note: Operating CNSA Suite B cryptography requires the use of certain cipher suites. Also enforced are a minimum key length of 3072 bits for the RSA and Diffie-Hellman key exchange, as well as 384 bits for the ECDSA and ECDHE key exchange. The session key type AES-GCMP128 is also enforced with "Suite B 128 bits".
Important: If these cipher suites are not supported by the WLAN clients or the remaining infrastructure (e.g. the RADIUS server), then no connection is possible!
- SNMP ID:
- 2.23.20.3.28
- Console path:
- Setup > Interfaces > WLAN > Encryption
- Possible values:
- Default
- Suite-B 128-bit
- Enabled "Suite B 128 bits". The following EAP cipher suites are enforced:
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- Suite-B 128-bit
- Enabled "Suite B 192 bits". The following EAP cipher suites are enforced:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- Default:
- Default