1. Best Practices for Zebra Enterprise Wi-Fi 7 Android Devices in Cisco WLAN Infrastructure
  2. Security Recommendations for Zebra Devices on Wi-Fi 7 Networks
  3. WPA3 Enterprise
  • Best Practices for Zebra Enterprise Wi-Fi 7 Android Devices in Cisco WLAN Infrastructure
WPA3 Enterprise

WPA3 Enterprise

WPA3-Enterprise security is based on WPA2-Enterprise with the additional requirement of using Protected Management Frames (PMF) for WPA3 connections. CCMP-128 and GCMP 256 cipher suites are used for data encryption, and the BIP (GMAC-256) cipher suite is used to protect Group Management frames. WPA3 Enterprise 192-bit mode is an optional mode of operation that provides enhanced security for enterprise networks and uses EAP-TLS (certificate-based authentication) and strong cryptographic algorithms. WPA3-Enterprise 192-bit Mode requires support of GCMP-256 for encryption and Signature hash algorithm ECDSA_SHA384 for key derivation.
Radius server and Certificate requirements for WPA3 192-bit mode:
  • WPA3 Enterprise 192-bit Mode requires a supported EAP server such as Cisco Identify Service Engine (ISE) and Aruba Clearpass Policy Manager (CPPM), which require 802.1X Authentication type as TLS EAP (EAP-TLS)
  • Supported 192-bit cipher suites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384; TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • The current certificate generation mechanisms (Windows 2019 CA) support RSA key sizes of 512, 1024, 2,048, 4,096, 8,192, and 16,384. The 192-bit Mode mandates the use of RSA certificates with a key size greater than or equal to 3,072 bits. Therefore, when generating the certs, be sure to use 4096-bit key-size certs.