security wpa2-wpa3 psk-sae
Function
The security wpa2-wpa3 psk-sae command configures WPA2-WPA3 hybrid authentication and encryption.
The undo security command restores the default security policy.
By default, the security policy is open.
Parameters
| Parameter | Description | Value |
|---|---|---|
pass-phrase key-value |
Specifies the password for WPA2-WPA3 hybrid authentication. |
The value is of 8 to 63 ASCII characters in plain text, 64 hexadecimal characters in plain text, or 48 or 68 or 88 or 108 characters in cipher text. The question mark (?) is supported, which you can enter by pressing Ctrl+T. A password cannot contain the space and double quotation mark (") at the same time. When the password contains a space, add the double quotation mark (") to the beginning and end of the string when entering the password. For example, if the password is abc123 ABC, enter "abc123 ABC". NOTE:
For security purposes, you are advised to configure a password that contains at least two of the following: digits, lowercase letters, uppercase letters, and special characters. |
aes |
Configures AES encryption. |
- |
Usage Guidelines
Usage Scenario
WPA2 is still widely used. To allow STAs that do not support WPA3 to access the WPA3 network, the device supports the WPA3-SAE transition mode, that is, WPA2-WPA3 hybrid authentication.
Only WPA3 of the personal edition supports hybrid authentication. WPA3 of the enterprise edition does not support hybrid authentication. In addition, WPA3 can be used together only with WPA2, and only AES encryption is supported.
- WPA2-WPA3 hybrid authentication automatically enables the PMF function in optional mode. That is, configuring the pmf { optional | mandatory } command does not take effect in WPA2-WPA3 hybrid authentication scenarios.
- If the security profile is bound to another profile, running this command may interrupt services.