Inhaltsverzeichnis
How to connect Windows 10 with WPA3-Personal (SAE/PMF) to Stellar Wireless AP
Connecting with WPA3-Personal (SAE/PMF) wireless networks on Windows 10 is straight forward, given you run the Win10 May 2019 update (Build 1903) and a compatible Wireless card. On this page I'll document what needs to be done to get it to work.
Equipment & Access Point used:
- AWOS v3.0.6.23
- OmniVista 2500 v4.4R1 Build 39
- Microsoft Windows 10 (Build 1903, May 2019 Update)
- Intel Wireless-AC 9260 (Wi-Fi.org Certification) with 21.10.1.2 drivers (go to wireless card settings and trigger an update via online search)
If you'd like to know how to connect a Raspberry Pi Model 3 B+ via WPA3-Personal, you may want to review this article!
Connecting to SSID „ov44b39“ mandates MFP/PMF (as SAE-only), as you can tell from following Wifi Explorer screenshot.
PCAP Screenshot
Download of the PCAP (check e.g. #183): ch132_2019-06-06_15.35.14.pcap.zip
SSID Overview (get_wlan)
support@AP-1E:60:~$ ssudo wam_debug get_wlan
{
[
{
"srvname": "ov44b39-portal",
"ssid": "ov44b39-portal",
"hide": "no",
"ssid_enable": "enable",
"band": "all",
"seclevel": "psk",
"encryptype": "wpa3_psk_sae_aes",
"ifindex": "2g: ath02, 5g_1: ath12, 5g_2: ",
"passphrase": "******",
"prekey": "******",
"AAAprofile": "ov44b39-portal",
"macau_enable": "enable",
"bypass_enable": "disable",
"mac_eap_allow": "enable",
"macpassrole": "",
"classification_enable": "disable",
"defaultrole": "__ov44b39-portal",
"80211r_enable": "disable",
"okc_enable": "disable",
"l3_roaming": "disable",
"bcrotation_enable": "disable",
"bcrotation_inteval": 15,
"mesh": "disable",
"clientIsolation": "disable"
},
{
"srvname": "ov44b39",
"ssid": "ov44b39",
"hide": "no",
"ssid_enable": "enable",
"band": "all",
"seclevel": "psk",
"encryptype": "wpa3_sae_aes",
"ifindex": "2g: ath01, 5g_1: ath11, 5g_2: ",
"passphrase": "******",
"prekey": "******",
"AAAprofile": "",
"macau_enable": "disable",
"bypass_enable": "disable",
"mac_eap_allow": "enable",
"macpassrole": "",
"classification_enable": "disable",
"defaultrole": "__ov44b39",
"80211r_enable": "disable",
"okc_enable": "disable",
"l3_roaming": "disable",
"bcrotation_enable": "disable",
"bcrotation_inteval": 15,
"mesh": "disable",
"clientIsolation": "disable"
}
]
}
Client Overview (sta_list)
support@AP-1E:60:~$ ssudo wam_debug sta_list
{
"status": "Success!!!",
"wlanServiceData": [
{
"iface": "ath01",
"ssid": "ov44b39",
"freq": "2.4GHz",
"security": "Personal(WPA3_SAE_AES)",
"wlanService": "ov44b39"
},
{
"iface": "ath11",
"ssid": "ov44b39",
"freq": "5GHz",
"security": "Personal(WPA3_SAE_AES)",
"wlanService": "ov44b39",
"staData": [
{
"staMAC": "58:a0:23:25:b6:01",
"staIP": "192.168.12.116",
"staGlobalIPv6": "::",
"staLocalIPv6": "fe80::b1f4:1058:dc9d:c780",
"associationTime": 347,
"mappingType": 0,
"assignedVLAN": 12,
"assignedAR": "__ov44b39",
"assignedPL": "",
"macAuthResult": "",
"ARFromMACAuth": "",
"PLFromMACAuth": "",
"redirectURLFromMACAuth": "",
"ARFrom8021xAuth": "",
"PLFrom8021xAuth": "",
"redirectURLFrom8021xAuth": "",
"CPAuthResult": "FAILED",
"ARFromCPAuth": "",
"PLFromCPAuth": "",
"ARFromRoaming": "",
"PLFromRoaming": "",
"redirectURLFromRoaming": "",
"classificationMatched": "none"
}
]
},
{
"iface": "ath02",
"ssid": "ov44b39-portal",
"freq": "2.4GHz",
"security": "Personal(WPA3_PSK_SAE_AES)",
"wlanService": "ov44b39-portal"
},
{
"iface": "ath12",
"ssid": "ov44b39-portal",
"freq": "5GHz",
"security": "Personal(WPA3_PSK_SAE_AES)",
"wlanService": "ov44b39-portal"
}
]
}
Client Overview (wlanconfig ath11 list)
I still need to figure out a few things in this output.
support@AP-1E:60:~$ wlanconfig ath11 list ADDR AID CHAN TXRATE RXRATE RSSI MINRSSI MAXRSSI IDLE TXSEQ RXSEQ CAPS XCAPS ACAPS ERP STATE MAXRATE(DOT11) HTCAPS VHTCAPS ASSOCTIME IEs MODE PSMODE RXNSS TXNSS 58:a0:23:25:b6:01 1 132 130M 54M 39 36 48 0 0 65535 EPs EBQO 0 b 0 APM 1gTRs 00:06:50 RSN WME IEEE80211_MODE_11AC_VHT20 0 2 2 Minimum Tx Power : 0 Maximum Tx Power : 12 HT Capability : Yes VHT Capability : Yes MU capable : Yes SNR : 39 Operating band : 5GHz Current Operating class : 0 Supported Rates : 12 18 24 36 48 72 96 108
OmniVista: Client RSSI history
Settings on Windows 10 device
Microsoft/Intel driver for Intel 9260 wireless card
Click on „Treiber aktualisieren“ (Update driver) to let Windows 10 search for the most recent driver online. The driver that comes originally with Windows 10 for this card doesn't support WPA3 (2018 vs. 2019 driver). Validate that you run the same or a newer version: 21.10.1.2
Output for "netsh wlan show wirelesscapabilities"
Output for command „netsh wlan show wirelesscapabilities“ needs to contain support „SAE-Authentication: Yes/True“
Output for "netsh wlan show drivers"
Output for command „netsh wlan show drivers“ needs to contain support for „802.11w Management Frame Protection: Yes/True“
Win10: Adding a new WPA3-Personal wireless network
New option for „WPA3-Personal AES“
Win10: Details on WPA3-Personal wireless network
Please note that Windows 10 now also reports Wi-Fi 5 (802.11ac) or Wi-Fi 6 (802.11ax) respectively.
