Since AP-upgrade to 2.2h yesterday, I see connectivity issues for some of my devices attached to SSID with WPA3 set to Required. My OnePlus 10 Pro (Android) continues to connect as a expected, while my Samsung S23 (Android) connects intermittently and a Dell Win11 PC does not connect at all. They all used to connect successfully and maintain stable connections before the upgrade. I tried all PMF (Off, On, Required) settings, as a fix was introduced there, together with WPA3=Required with the same behavior. Downgrading WPA3 to On (Optional) solves the issue and connectivity is ok again, though it is not preferred.
Same issue here. All devices on my WPA3 required network are down after last nights 2.2h update, which is why I checked the forums to see if anyone else had the same issue =)
Non-WPA3 networks are fine.
The update took down a decent chunk of our sites. I am surprised this was pushed into prod by Alta. I’m incredibly disappointed in them right now. Thank you for providing this fix, you are a godsend!
Yeah, I ran into this with the lab I have setup using WPA3 as well. I settled on PMF=On and WPA3=On and that seemed to settle things down. It was only an iPhone 15 that seemed to have a problem connecting. Everything else reconnected without a problem (including another iPhone 15!).
Of course, stuff likes this isn’t intended to happen, but I would think it would be beneficial at this point to start implementing either a beta channel or something like update rings to prevent all sites from receiving the update all at once. Just to further reduce the impact of glitches taking down a site.
Just my two cents on the matter. I wouldn’t expect either of those things immediately since I’m sure it would require some infrastructure work to implement either of those options properly.
Sorry for the troubles everyone! I can confirm that 99%+ of the APs and connected devices came right back up after the update, so this corner case did not show up on our radar.
We still consider WPA3 an experimental technology, which is why we are adding more knobs to able to configure related technologies like PMF, etc. It is not enabled by default, and even with the option available, it is not commonly enabled by end-users. We hope that the additional configuration options helps us understand how to better support WPA3.
Appreciate the reply, Jeff! Do you think it would be possible to make it more explicit in the controller that WPA3 is considered experimental as far as Alta Labs is concerned? Obviously, it’s tucked away under the advanced section and as you said, isn’t enabled by default, but it might help to even better set expectations.
@jmszuch Yes, good idea, we will consider it. It’s not just us that consider it experimental, though. There have been many compatibility issues, particularly with transition mode, that the standards bodies are still struggling with to this day.
Oh, of course, I didn’t mean to imply it was just Alta Labs that would take that stance. I’ve certainly run into issues utilizing WPA3 with other network vendors and client devices as well.
An update a few days later, on the fallback settings, PMF and WPA3 on (instead of required):
One iPhone 14-15 ish, is not fully stable even on WPA3=On & PMF=On. It did not auto-reconnect at first either.
I also had a connection drop for the Dell PC, but I managed to manually reconnect it.
Furthermore, when setting up the Xbox One S, which have been in a box for a while, I noticed very low results on the built-in network tester (some speedtest). Like 1/20 (30/20 vs. 550/550) of the speed test on other Android device connected to the same AP. I had the same setting, WPA3=On & PMF=On. Xbox One S does not support WPA3 and thus not PMF either. Strangely, when I turned off PMF (as well as WPA3) the speedtest results increased noticeably, now to 1/2 of nominal down (appr. 300) and 1/5 of nominal up (appr. 100). Better but something is still not right, as the XBox is WiFi 5 / .AC with a negotiated link speed around 500-900. But, that might be another issue, or maybe that is the throughput to expect?! I have cross-checked that the results are when connected to 5GHz. WiFi signal for the Xbox is appr. -60 as reported by the Alta UI. The Xbox itself reports 90-100 % signal strength, whatever that means.
Even more strange though, when I turned the settings on again (PMF=On & WPA3=On) they remained at the higher upload /download levels. At the higher levels I also occasionally see substantial amount of packet loss.
Don’t know why it didn’t work before, and don’t know what made it better (though not optimal yet) I’ll just have to monitor some more and see if it goes back to the painfully slow results. Maybe server side issues or something got locked up by the WPA3 & PMF setting and now got sorted by toggling the settings.
I think it’s safe to say that WPA3 is still in an experimental phase. I couldn’t get a MacBook Air M1 to connect, but everything else Apple I could. It’s fun to play with, but I wouldn’t enable it in a production network.
I have had two clients call me in the last two days reporting connectivity issues.
One of them was a house, and everything was connecting except for three iPhones (11, 14+, and 15). I was not on site for this one, so I didn’t see what was or wasn’t being broadcast. I disabled WPA3 and they were all able to immediately connect.
Today, I went to a church install I did. Their printers, phones were unable to connect, but the computers were ok. One was wired, and one was wireless. My phone was showing “AT&T Passpoint”, but not the church’s SSID. First step here was to disable XNET, but the church SSID was still missing. Disabled WPA3, and it came back and everyone was able to connect again.
I thought it was off that the SSID for XNET showed “AT&T Passpoint” instead of “XNET Passpoint”. I guess that’s by design. I just hadn’t noticed it before.
Anyhow. How long before I can re-enable WPA3? All of the APs in these two sites are (were already) running firmware version 2.2h
In general I still never recommend enabling WPA3. Too many client incompatibilities, and it doesn’t support multiple passwords, at all.
You can try setting PMF to optional, however, and that might bring back some of the clients that were connecting with WPA3 previous to 2.2h.
The AT&T Passpoint issue is most likely due to the Passpoint profile that is used on your particular device. Some profiles mandate that the ESSID on the profile be displayed to the user instead of the actual WiFi SSID. Some don’t. It just depends on the phone and which profiles are installed, but it will not impact the ability to connect - just what gets displayed to the user when they are connected.
In January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2.[15][16] Certification began in June 2018,[17] and WPA3 support has been mandatory for devices which bear the “Wi-Fi CERTIFIED™” logo since July 2020.
Wifi7 which Alta Labs say they will release Wifi 7 devices this year will require WPA3.
I’ll just have to monitor some more and see if it goes back to the painfully slow results. Maybe server side issues or something got locked up by the WPA3 & PMF setting and now got sorted by toggling the settings.