 |
|
You are here: Support Web>GuidesHowtos>WPA3
WPA3
WPA3, released in June 2018, is the successor to WPA2, adding new capabilities to enhanced Wi-Fi protection in public, personal, and enterprise networks. This guide describes how to deploy it on H&D Wireless Connectivity products.Support
This table sums up the current product and driver version support for WPA3:| Product | Driver |
WPA3-Personal (SAE) | WPA3-Enterprise (Suite B) |
|---|---|---|---|
| SPB620 | PCIe-UART | Yes | Yes |
| SPB228 | PCIe-UART | Yes | Yes |
| SPB228 | PCIe-UART-32 | No | No |
| SPB228 | PCIe-USB | Yes | Yes |
| SPB228 | SDIO-SDIO | Yes | Yes |
| SPB229 | SDIO-SDIO | Yes | No |
| SPB209A | SDIO-SDIO | Yes | No |
| SPB620 | SDIO-UART | Yes | Yes |
| SPB611 | SDIO-UART | Yes | Yes |
| SPB228 | USB-USB | Yes | No |
Software requirements
Make sure to use a Linux kernel version no older than 3.8 and hostapd/wpa_supplicant version 2.7 and above. Note that WPA3 support is optional in hostapd/wpa_supplicant, you might need to recompile it manually if the version of your distribution does not offer WPA3 support. If you build them manually, you may need to activate the following flags. In both hostapd and wpa_supplicant .config:CONFIG_IEEE80211W=y and CONFIG_SAE=y.
Additionally, to support WPA3-Enterprise the following flags are needed for both hostapd and wpa_supplicant: CONFIG_SUITEB=y and CONFIG_SUITEB192=y
You will also need to load the module driver with the parameter host_mlme=1. For example:
insmod pcie8997.ko drv_mode=3 mfg_mode=0 fw_name=nxp/pcieuart8997_combo_v4.bin cal_data_cfg=none host_mlme=1 cfg80211_wext=0xF reg_alpha2=US cntry_txpwr=1
WPA3 SAE security
Client
Here is an example of the wpa_supplicant.conf configuration file to connect to a WPA3 capable access point:
ctrl_interface=/var/run/wpa_supplicant
sae_groups=19 20 21 25 26 # If parameter is not set, 19 is the default value.
network={
ssid="SoftAP-WPA3"
scan_ssid=1
key_mgmt=SAE
proto=RSN
pairwise=CCMP
group=CCMP
psk="1234567890"
ieee80211w=2
}
Access Point
Example hostapd.conf configuration file for SAE Mode:ctrl_interface=/var/run/hostapd interface=uap0 driver=nl80211 ssid=SoftAP-WPA3 hw_mode=a channel=36 beacon_int=100 dtim_period=1 wmm_enabled=1 ignore_broadcast_ssid=0 ieee80211n=1 rts_threshold=2347 fragm_threshold=2346 send_probe_response=1 ieee80211ac=1 vht_oper_chwidth=1 vht_oper_centr_freq_seg0_idx=42 vht_capab=[HTC-VHT][SOUNDING-DIMENSION-2][TX-STBC-2BY1][RX-STBC-1][SU-BEAMFORMEE][MAX-A-MPDU-LEN-EXP7][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][SHORT-GI-80][RXLDPC] ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][LDPC][RX-STBC1] #SAE auth_algs=1 wpa=2 wpa_pairwise=CCMP wpa_passphrase=1234567890 wpa_key_mgmt=SAE wpa_group_rekey=1800 rsn_pairwise=CCMP ieee80211w=2 sae_groups=19 20 21 25 26 # If parameter is not set, 19 is the default value. sae_require_mfp=1 sae_anti_clogging_threshold=10 # If parameter is not 9 set, 5 is the default value.
WPA3 Suite B security
Here is an example of the wpa_supplicant.conf configuration file to connect to a WPA3 Suite B capable access point:
ctrl_interface=/var/run/wpa_supplicant
update_config=1
interworking=1
gas_address3=1
sae_groups=19 20 21 25 26 # If parameter is not set, 19 is the default value.
network={
ssid="YourAP"
key_mgmt=WPA-EAP-SUITE-B-192
pairwise=GCMP-256
group=GCMP-256
group_mgmt=BIP-GMAC-256
eap=TLS
proto=RSN
identity="Client Certificate IDL"
password=""
ca_cert="ec2-ca.pem"
client_cert="ec2-ser.pem"
private_key="ec2-user.pem"
private_key_passwd="wifi"
openssl_ciphers="SUITEB192"
ieee80211w=2
}
- Evaluation boards
- HDA620
- HDA437
- HDA611
- HDA438
- HDA228-USB-SDIO
- HDA228-PCIe
- HDA432
- HDA229
- HDA209
- Resources
-
Guides & Howtos
-
FAQ
-
hd-wireless.com
Copyright © 2017-2026 H&D Wireless AB.