Information about WPA3 Security Enhancements for Access Points
Cipher Suites
Cipher suites are sets of encryption and integrity algorithms designed to protect radio communication on your wireless LANs. You must use a cipher suite when using Wi-Fi Protected Access (WPA), WPA2, WPA3, or Cisco Centralized Key Management (CCKM). Wired Equivalent Privacy, or WEP, is a form of wireless authentication used for associating to 802.11 wireless networks.
Wireless Encryption Methods for Data Protection
Encryption is used to protect data by using methods to obfuscate data to prevent unauthorized people from accessing it. The following encryption protocols are used in wireless authentication:
-
Temporal Key Integrity Protocol (TKIP): TKIP is the encryption method used by WPA and supports legacy WLAN equipment. TKIP addresses the original flaws associated with the 802.11 WEP encryption method. It makes use of WEP but encrypts the Layer 2 payload using TKIP and carries out a message integrity check (MIC) in encrypted packets to ensure that messages have not been altered.
-
Advanced Encryption Standard (AES): AES is a preferred method because of its strong encryption. AES uses Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP), which allows destination hosts to recognize if the encrypted and non-encrypted bits have been altered.
CCMP is the standard encryption protocol for use with Wi-Fi Protected Access 2 (WPA2) and is much more secure than the WEP protocol, and TKIP of WPA.
-
Galois/Counter Mode Protocol (GCMP): GCMP is more secure and efficient than CCMP.
Benefits of Using GCMP-Based Ciphers
-
Provides secure communication and data transmission.
-
Provides confidentiality and integrity protection.
-
Provides parallel processing and fast encryption.
CCMP-Based and GCMP-Based Ciphers in Cisco IOS XE 17.15.1
To improve the speed and security for extremely high throughput (EHT) devices, the CCMP-based ciphers and GCMP-based ciphers are enhanced, from Cisco IOS XE 17.15.1.
Security Enhancements in Cisco IOS XE 17.15.1
The following are the security enhancements developed in Cisco IOS XE 17.15.1:
Supported Platforms
-
Cisco Catalyst 9800-CL Wireless Controller for Cloud
-
Cisco Catalyst 9800-L Wireless Controller
-
Cisco Catalyst 9800-40 Wireless Controller
-
Cisco Catalyst 9800-80 Wireless Controller
-
Cisco Catalyst 9300 Series Switches
-
Cisco Embedded Wireless Controller on Catalyst Access Points
Supported Access Points
-
Cisco Aironet 2800 Series Access Points
-
Cisco Aironet 3800 Series Access Points
-
Cisco Aironet 4800 Series Access Points
-
Cisco Catalyst 9117 Series Access Points
-
Cisco Catalyst 9124AX Series Access Points
-
Cisco Catalyst 9130AX Series Access Points
-
Cisco Catalyst 9136 Series Access Points
-
Cisco Catalyst 9162 Series Access Points
-
Cisco Catalyst 9164 Series Access Points
-
Cisco Catalyst 9166 Series Access Points
-
Cisco Aironet 1560 Series Outdoor Access Points