Configuring WPA3/WPA2/WPA EAP Settings

The settings shown in the below image can be defined when one of the WPA EAP options is selected for the Authentication Type.

To configure wireless appliance for WPA authentication

1. Navigate to DEVICE | Internal Wireless > Security page.

2. Select the appropriate authentication type from the Authentication Type drop-down menu.

   • WPA2 - EAP : Connects using WPA2 and an extensible authentication protocol.

   • WPA2 - Auto - EAP : Automatically tries to connect using WPA2 and an extensible authentication protocol, but falls back to WPA if the client is not WPA2-capable.

   • WPA3 - EAP : Connects using WPA3 and an extensible authentication protocol.

   • WPA3/WPA2 - EAP : Automatically tries to connect using WPA3 and a preset authentication key, but falls back to WPA2 if the client is not WPA3-capable.

     EAP support is available when the Radio Role includes Access Point mode, but not when Radio Role is set to Wireless WDS Station alone.

3. Select the EAPOL Version setting from the drop-down menu:

   • V1—Selects the extensible authentication protocol over LAN version 1.
   • V2—Selects the extensible authentication protocol over LAN version 2. This provides better security than version 1, but might not be supported by some wireless clients.

4. In WPA3/WPA2/WPA Settings section, specify these settings:

   • Cipher Type—Select TKIP. Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis, but it is less secure and has lower throughput. AES and AUTO are also Cipher type options.

   • Group Key Update—Specifies when the SonicWall security appliance updates the key. Select By Timeout to generate a new group key after an interval specified in seconds; this is the default. Select Disabled when using a static key.

   • Interval—If you selected By Timeout in the Group Key Update field, enter the number of seconds before WPA automatically generates a new group key. The default is 86400 seconds. If you selected Disabled for Group Key Update, this option is not displayed.

5. In the Extensible Authentication Protocol Settings (EAP) section, specify these settings:

   • Radius Server Retries—Enter the number of authentication retries the server attempts. The default is 4.

   • Retry Interval (seconds)—Enter the delay the server is to wait between retries. The default is 0 (no delay).

   • Radius Server 1 IP and Port—Enter the IP address and port number for your primary RADIUS server.

   • Radius Server 1 Secret—Enter the password for access to the primary RADIUS server.

   • Radius Server 2 IP and Port—Enter the IP address and port number for your secondary RADIUS server, if you have one.

   • Radius Server 2 Secret—Enter the password for access to the secondary RADIUS server.

6. Click Accept to apply your WPA3/WPA2 EAP settings.