[o2bad455]

Background: I've been using WPA3-Enterprise (without any WPA2 fallback) from older client radios (circa 2013 with 2016-17 drivers) that worked fine but reported it as WPA2. That is, in network authentication on the WRT1900ACSv1 and ACSv2 dd-wrt routers, I only have the "WPA3 Enterprise" and "CCMP-128 (AES)" checkboxes enabled for some VAPs. An even older client radio (circa 2012, which I just retired) could not connect to a WPA3-only VAP at all, but could connect to a comparable WPA2-only VAP (with 802.11w MFP set to Auto).

Upgrade: I recently replaced that older radio with a WPA3-capable Intel AX210 WIFI-6E card (with latest 2021-06-29 driver) in a Lenovo Win10 Pro laptop PC and tested r47256 with it. When I connected that PC to a WPA3-Personal VAP on either router, Windows wifi properties correctly identified the connection as "WPA3" security. So far, so good.

Problem: However, when I connected that same PC with latest radio and driver to a WPA3-Enterprise VAP on either router, Windows still identified the connection as only "WPA2" security.

EDIT: Per wikipedia, "The new standard uses an equivalent 192-bit cryptographic strength in WPA3-Enterprise mode (AES-256 in GCM mode with SHA-384 as HMAC)". I guess WPA3 Enterprise with AES-128 CCM allowed is exactly the same as WPA2 Enterprise with AES-128 CCM but also with the WPA2-optional 802.11w Management Frame Protection (MFP) required in WPA3, so there's actually no difference from the client's perspective unless it could tell that MFP is required on the AP. I assume that if the router and firmware both supported AES-256 GCM we could require that and then the client would know it must be WPA3, but since we don't have that option (yet?), it can't. Any chance of adding AES-256 GCM as an available WPA algorithm to the Marvell dd-wrt builds? If not, it seems like WPA3-Enterprise isn't truly supported on these routers, so the Intel AX210 is correctly reporting it as only WPA2 Enterprise.

[blkt]

I am certain Marvell WRT series do not support WPA3 at all due to abandoned mwlwifi driver and binary blobs.

Unless NXP decides to publicly provide miracles, it is safe to assume new features and fixes will never happen.

[o2bad455]

Thanks and understood for WPA3-Enterprise(EAP). For the record, WPA3-Personal(SAE) is working great on both of our WRT1900ACS units (v1 & v2) under r47256.

[blkt]

Apparently I am wrong. This might be useful. https://github.com/kaloz/mwlwifi/issues/389

[oliver44]

I think the problem is on the part of the open source driver developer!
a little test I did with the latest version of openwrt with custom packages...

http://s.go.ro/4fk0f6ej
https://github.com/kaloz/mwlwifi/issues/391