eduroam Security Upgrade (WPA3 Transition)

On March 13 at 6:00AM EST, the security protocol used by the eduroam Wi-Fi network on campus was upgraded.  WPA3-Enterprise transition mode was enabled at this time. 

 

WPA3 is the current generation of “Wi-Fi Protected Access” - the software feature that encrypts Wi-Fi connections.  Dartmouth has upgraded eduroam to support this standard in order to ensure the highest level of security as well as support the latest Wi-Fi protocols.

Most modern devices support WPA3.  Devices that do not support WPA3 will be able to continue connecting using the existing WPA2 mode.  Your device may indicate that it is connecting with WPA2 even though it supports and is actually using WPA3.  This is a known cosmetic issue on many devices.

 

WPA3 is supported on the following Apple devices:

  • iPhone 7 or later
  • iPad 5th generation or later
  • Apple TV 4K or later
  • Apple Watch series 3 or later
  • Mac computers (late 2013 or later, with 802.11ac or later)

https://support.apple.com/guide/security/secure-access-to-wireless-networks-sec8a67fa93d/web

 

Android version 10 and later supports WPA3. https://source.android.com/docs/core/connect/wifi-wpa3-owe
 

Windows 10 May 2020 Version 2004 and newer support WPA3.  WPA3 is also supported in Windows 11.

Support for WPA3 on Windows also requires that the Wi-Fi drivers installed support it as well.

https://support.microsoft.com/en-us/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09

Please check with your device manufacturer for driver updates.
https://services.dartmouth.edu/TDClient/1806/Portal/KB/ArticleDet?ID=140388

 

Linux devices may need to be reconfigured to enable WPA3.  Your device will continue to connect with WPA2 if you do not make any change.

For devices using wpa_supplicant, please make the following changes to your configuration:

network={
  ssid="eduroam"
  identity="YOURNETID@dartmouth.edu"		# Edit this
  password="YOURPASSWORD"			# and this
  disabled=0
  scan_ssid=0					# No broadcast probe requests
  auth_alg=OPEN					# No WEP
  ieee80211w=1					# Use PMF/MFP if available (Required for WPA3)
  key_mgmt=FT-EAP WPA-EAP			# Use Fast Roaming if available
  proto=RSN					# WPA2/3
  pairwise=CCMP					# WPA2/3 AES-CCMP
  group=CCMP					# WPA2/3 AES-CCMP
  # Authentication:
  eap=PEAP
  anonymous_identity="anonymous@dartmouth.edu"
  phase1="peaplabel=0"
  phase2="auth=MSCHAPV2"
  ca_path="/etc/ssl/certs"
}

Details

Article ID: 157558
Created
Fri 3/1/24 4:20 PM
Modified
Mon 3/18/24 9:46 AM