...
"security" field remain present, but won't be used (should remain unset).
"ft_psk" field will be ignored, Fast transition will be configurable with "ft-*" entries in "wpa_key_mgmt" field.
New fields:
Field name | Type | Mandatory | Presence in Wifi_VIF_* tables | Comment | |
Config | State | ||||
wpa | bool | yes | yes | yes | TRUE - use any if WPA* modes; FALSE - use OPEN mode |
wpa_key_mgmt | enum list | yes | yes | yes | Any valid combination of: "wpa2-psk", "sae", "wpa2-eap", "dpp", "ft-wpa2-psk", "ft-*" (other Fast Transition modes in future) etc. In future this list may be extended with e.g. "owe" |
wpa_psks | map <key_id : psk> | no, depends on "wpa_key_mgmt" | yes | yes | List of passwords used by WPA1/2 and SAE (see example below for more details). |
wpa_oftags | map <key_id : oftag> | no, depends on "wpa_key_mgmt" | yes | no | WPA1/2 passwords' oftags |
radius_srv_addr | string | no, depends on "wpa_key_mgmt" | yes | yes | Remote RADIUS server address (IP or domain name) |
radius_srv_port | int | no, depends on "wpa_key_mgmt" | yes | yes | Remote RADIUS server port number |
radius_srv_secret | string | no, depends on "wpa_key_mgmt" | yes | yes | Remote RADIUS server secret |
default_oftag | string | no | yes | no | Default oftag used when wpa/sae/*_oftag is not available (e.g. it will be used for WPA-Enterprise, OPEN and possibly OWE) |
...
The controller selects between two implementations: legacy and new.
| Panel | ||||||
|---|---|---|---|---|---|---|
| ||||||
The legacy method of configuring the security type (OVSDB security field) is unable to set WPA3. Therefore, the new method must be used. Method selection is defined by the SDN controller. |
...
Within WPA3 support, a new "default_oftag" field was introduced. The field serves as a fallback for oftag lookup and is used whenever a better oftag cannot be find. At the moment, only WPA2 Personal can use multiple oftags associated to different PSks, in all other cases generic "default_oftag" should be set.
Security mode | wpa_oftags | default_oftag |
|---|---|---|
OPEN | N/A | used |
WPA1 Personal | N/A | used |
WPA1/WPA2 Personal | potentially used | potentially used |
WPA2 Enterprise | N/A | used |
WPA2 Personal (HomePass) | used | potentially used |
WPA3 Personal | N/A | used |
WPA2/WPA3 Personal | N/A | used |
OWE | N/A | used |
...
At the moment, reporting is limited to WPA2 Personal and SAE, but design is ready for future extensions (e.g., reporting the WPA2/3-EAP failures).
Field | Value | Comment |
channel_list | ["set",[]] | Not used |
radio_type | 2.4G | |
report_type | ["set",[]] | Not used |
reporting_count | ["set",[]] | Not used |
reporting_interval | 240 | Default: 15 minutes |
sampling_interval | ["set",[]] | Not used |
stats_type | client_auth_fails | |
survey_interval_ms | ["set",[]] | Not used |
survey_type | ["set",[]] | Not used |
threshold | ["map",[]] | Not used |
...