Configuring WPA3 security modes on FortiWiFi units operating in client mode
When the local radio of a FortiWiFi 8xF/6xF/40F model is operating in client mode, it can connect with third-party SSIDs with a WPA3-SAE or OWE security mode. You can configure the security mode from the GUI (see FortiWiFi unit as a wireless client) or from the CLI under config wifi-networks
.
config wifi-networks edit < ID > set wifi-security [open | wpa-personal | wpa3-sae | owe] next end
To configure WPA3 security mode SSID on a FortiWiFi running in client mode - CLI:
-
Change the wireless mode to client. See Configuring a FortiWiFi unit as a wireless client.
Note: You must remove any AP WiFi configurations such as SSIDs, DHCP servers, policies, and software switch members before you can change the mode to Wireless Client. Once you select Wireless Client, the FortiWiFi unit will reboot.
-
Create a wireless network by connect to a third-party SSID and setting the security mode. In this example, the SSID is FOS_101F_WAP3_SAE and the security mode is WPA3 SAE.
config system interface edit "wifi" config wifi-networks edit 1 set wifi-ssid "FOS_101F_WAP3_SAE" set wifi-security wpa3-sae set wifi-passphrase * next end next end
To verify the connection status:
-
Verify the connection between the local radio and the third-party SSID with
diagnose wireless-controller wlsta cfg
.diagnose wireless-controller wlsta cfg STA intf name: wlan17 status: up ip: 3.1.1.2 mac: d4:76:a0:18:e0:8f auto connect: yes auto save: no ap band: any wifi network cnt: 1 1: FOS_101F_WPA3_SAE, 19, 1 connected: FOS_101F_WPA3_SAE