ManualsPro Cisco CISCO Embedded Wireless Controller Catalyst Access Points User Guide

CISCO Embedded Wireless Controller Catalyst Access Points User Guide

June 15, 2024
Cisco

Embedded Wireless Controller Catalyst Access Points
User Guide

Embedded Wireless Controller Catalyst Access Points

Support for Hash-to-Element for Password Element in SAE Authentication

  • Hash-to-Element (H2E), on page 1
  • YANG (RPC model), on page 1
  • Configuring WPA3 SAE H2E, on page 2
  • Verifying WPA3 SAE H2E Support in WLAN, on page 4

Hash-to-Element (H2E)

Hash-to-Element (H2E) is a new SAE Password Element (PWE) method. In this method, the secret PWE used in the SAE protocol is generated from a password.
When a STA that supports H2E initiates SAE with an AP, it checks whether AP supports H2E. If yes, the AP uses the H2E to derive the PWE by using a newly defined Status Code value in the SAE Commit message.
If STA uses Hunting-and-Pecking, the entire SAE exchange remains unchanged.
While using the H2E, the PWE derivation is divided into the following components:

  • Derivation of a secret intermediary element PT from the password. This can be performed offline when the password is initially configured on the device for each supported group.
  • Derivation of the PWE from the stored PT. This depends on the negotiated group and MAC addresses of peers. This is performed in real-time during the SAE exchange.

Note

  • The H2E method also incorporates protection against the Group Downgrade man-in-the-middle attacks. During the SAE exchange, the peers exchange lists of rejected groups banded into the PMK derivation. Each peer compares the  received list with the list of groups supported, any discrepancy detects a downgrade attack and terminates the authentication.

YANG (RPC model)

To create an RPC for SAE Password Element (PWE) mode, use the following RPC model:
Note

The delete operation performs one action at a time due to the current infra limitation. That is, in YANG module, the delete operation on multiple nodes are not supported.

Configuring WPA3 SAE H2E

Procedure Command or Action Purpose
Step 1 configure terminal

Example:
Device# configure terminal| Enters global configuration mode.
Step 2| wan wan-name waned SSID-name Example:
Device(config)# wan WPA3 1 WPA3| Enters the WLAN configuration sub-mode.
Step 3| no security wpa akm dot1x
Example:
Device(config-wlan)# no security wpaakm dot1x| Disables security AKM for dot1x.
Step 4| no security ft over-the-ds Example:
Device(config-wlan)# no security ft over-the-ds| Disables fast transition over the data source on the WLAN.
Step 5| no security ft Example:
Device(config-wlan)# no security ft| Disables 802.11r fast transition on the WLAN.
Step 6| no security wpa wpa2 Example:
Device(config-wlan)# no security wpa wpa2| Disables WPA2 security. PMF is disabled now.
Step 7| security wpa wpa2 ciphers aes
Example:
Device(config-wlan)# security wpa wpa2 ciphers aes| Configures WPA2 cipher.
Note You can check whether cipher is configured using no security  wpa wpa2 ciphers aes command. If cipher is not reset, configure the
cipher.
Step 8| security wpa psk set-key ascii value preshared-key Example:
Device(config-wlan)# security wpa psk set-key ascii 0 Cisco123| Specifies a presaged key.
Step 9| security wpa wpa3 Example:
Device(config-wlan)# security wpa wpa3| Enables WPA3 support.
Step 10| security wpa akm sae Example:
Device(config-wlan)# security wpa akm sae| Enables AKM SAE support.
Step 11| security wpa akm sae pwe {h2e | hnp | both-h2e-hnp}
Example:
Device(config-wlan)# security wpa akm sae pwe| Enables AKM SAE PWE support.
PWE supports the following options:
• h2e—Hash-to-Element only; disables Hnp.
• hnp—Hunting and Pecking only; disables H2E.
• Both-h2e-hnp—Both Hash-to-Element and Hunting and Pecking  support (Is the default option).
Step 12| no shutdown Example:
Device(config-wlan)# no shutdown| Enables the WLAN.
Step 13| end Example:
Device(config-wlan)# end| Returns to the privileged EXEC mode.

Verifying WPA3 SAE H2E Support in WLAN

To view the WLAN properties (PWE method) based on the WLAN ID, use the following command:

To verify the client association who have used the PWE method as H2E or Hnp, use the following command:

To view the number of SAE authentications using the H2E and HnP, use the following command:

Support for Hash-to-Element for Password Element in SAE Authentication

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Cisco User Manuals

cisco Configuring Console Access Instructions
Cisco
cisco HyperFlex HX-Series Data Platform for HCI Instructions
Cisco
CISCO Meraki Cloud Monitoring for Catalyst User Guide
Cisco
CISCO Cloud-Delivered Catalyst SD-WAN Platform User Guide
Cisco
CISCO 60079011 Wi Fi 6 E Access Point User Manual
Cisco
CISCO IP Phone o Through the Normal Startup Process User Guide
Cisco
CISCO Install Enterprise NFVIS Using USB User Guide
Cisco
CISCO NCS 1014 Network Convergence System 1014 Instruction Manual
Cisco
CISCO Set Up Webex User Guide
Cisco
CISCO Webex App User Guide
Cisco
CISCO DNA Center Configure Telemetry User Guide
Cisco
802.11 Parameters for Cisco Access Points User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide Release 9.3 Instruction Manual Product Information
Cisco
CISCO P-LTE-450 Cellular Pluggable Interface Module Configuration User Guide
Cisco
CISCO Nexus 3600 Series NX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 SeriesNX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide User Guide
Cisco
CISCO Nexus 9804 NX-OS Mode Switch Hardware Installation Guide
Cisco
CISCO Nexus 3548 Series NX-OS Verified Scalability Instructions
Cisco
CISCO 9.0SU Emergency Responder User Guide
Cisco

Related Manuals

CONRAD 990-00126 LED Ball Worklight User Manual
CONRAD
PEREL VTBAL403 Digital Mini Round Precision Scale User Manual
PEREL
Whirlpool W11567358B Top Loading Washing Machine User Guide
Whirlpool
GAF EZCR1 Master Flow EZ Cool Plug-In Power Attic Vent Instructions
GAF
audio pro P5 Bluetooth Speaker User Manual
audio pro
alpha PM-2098.2 Turn Sheet With Hidden Handles User Manual
Alpha
ENEGON RX10 Sony Replacement Battery and Rapid Dual Charger Instructions
ENEGON
Voweek VW-VC10 Cordless Vacuum Cleaner User Manual
Voweek
FISHER PAYKEL RDV2-488 48 Inch Dual Fuel Range User Guide
Fisher & Paykel
hansgrohe RAINDANCE E Shower Set Instruction Manual
hansgrohe
MiBOXER PIR1-RF Zigbee Drivers for Motion Instruction Manual
MiBOXER
Emerson 1F95-1291 Non-Programmable Thermostat Installation Guide
Emerson
Godox AD400Pro Witstro All In One Outdoor Flash Instruction Manual
Godox
cybex GOLD UN R129 Child Car Seat User Guide
cybex GOLD
SmartGen BAC2410 Battery Charger User Manual
SmartGen
SIGMA BC 12.0 WR Cycling Computer Instruction Manual
SIGMA
DOMETIC 98368 Pizza Stone Chef Range Instruction Manual
Dometic
RATH 2100-CSW Wi-Fi VoIP Solar 36 Inch Emergency Call Station User Manual
RATH
HUAWEI BoD-WDH9 Laptop MateBook User Guide
Huawei
JBL CLIP 5 Portable Waterproof Bluetooth Speaker User Guide
JBL
Trust 20322 Primo Wireless Mouse User Guide
Trust
ideal Evojet 450 Condensing Pressure Jet Boilers User Guide
IDEAL
SteelSeries Arctis Nova 7X Draadloze Gaming Headset User Manual
SteelSeries
CARDIOLINE Walk200b Portable Patient Monitor User Manual
CARDIOLINE
Deaf Bonce AP-M61AC Apocalypse Series Mid Range Speakers Owner’s Manual
Deaf Bonce
Jabra BT2015 Mono Bluetooth Headset User Manual
Jabra
Brookstone BKWIFICAMB Smart Camera-Smart Baby Monitor User Manual
Brookstone
LG 34GP63AP LED Monitor Applies LCD Screen with Backlights User Manual
LG
Radial engineering mPress Modular Press Box Owner’s Manual
Radial engineering
SERVER IS 1 IntelliServ 1/3 Size Pan Warmer Instruction Manual
SERVER
Contact Us   Privacy Policy   3.236ms