Connecting Apple iPhone SE/iPad Air2 to Aruba AP-505 WPA3-Personal
WPA3 対応の iPhone SE/iOS13.5.1 と WPA2 対応の iPad Air2/iOS13.5.1 をアルバ AP-505/Instant OS 8.7.0.0/WPA3-Personal に接続してみました。アルバでは、opmode-transition コマンドがデフォルトで有効で、WPA3 端末だけではなく、WPA2 端末も同一の SSID で接続させることが可能なため、比較するのに便利です。
Auth Commit、Auth Confirm、Assocの後に、4-way handshakeを実施しているのが分かる。
AP505# show ap debug auth-trace-buf Auth Trace Buffer ----------------- Jun 30 15:21:31 sae-pmk-update * 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - - Grp:19 PMK:32 Succ Jun 30 15:21:31 station-up * 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - - wpa3-sae aes-ccmp-128 Jun 30 15:21:31 wpa2-key1 <- 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 117 Jun 30 15:21:31 wpa2-key2 -> 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 135 Jun 30 15:21:31 wpa2-key3 <- 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 191 Jun 30 15:21:31 wpa2-key4 -> 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 95 AP505# show ap debug mgmt-frames Traced 802.11 Management Frames ------------------------------- Timestamp stype SA DA BSS signal Misc --------- ----- -- -- --- ------ ---- Jun 30 15:21:31.497 assoc-resp b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 15 Success Jun 30 15:21:31.497 assoc-req 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 43 - Jun 30 15:21:31.494 auth b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 15 SAE-Confirm:0 Jun 30 15:21:31.493 auth 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 SAE-Confirm:0 Jun 30 15:21:31.466 auth b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 15 SAE-Commit:0 Jun 30 15:21:31.430 auth 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 SAE-Commit:0
Auth、Assoc、4-way handshakeを実施しているのが分かる。
AP505# show ap debug auth-trace-buf Auth Trace Buffer ----------------- Jun 30 15:22:05 station-up * 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - - wpa2 psk aes Jun 30 15:22:05 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jun 30 15:22:05 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jun 30 15:22:05 wpa2-key3 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 191 Jun 30 15:22:05 wpa2-key4 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 95 AP505# show ap debug mgmt-frames Traced 802.11 Management Frames ------------------------------- Timestamp stype SA DA BSS signal Misc --------- ----- -- -- --- ------ ---- Jun 30 15:22:05.310 assoc-resp b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success Jun 30 15:22:05.310 assoc-req 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 45 - Jun 30 15:22:05.308 auth b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success (seq num 0) Jun 30 15:22:05.308 auth 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 -
- Association 情報
iPhone SEは、S: SAE client フラグがついており、WPA3 SAEに対応していることが分かる。また、phy が a-HE-20-2ss となっており、11ax/HE (High Efficiency) に対応していることが分かる。
AP505# show ap association The phy column shows client's operational capabilities for current association Flags: H: Hotspot(802.11u) client, K: 802.11K client, M: VHT Mu beam formee, R: 802.11R client, W: WMM client, w: 802.11w client, V: 802.11v BSS trans capable, P: Punctured preamble, U: HE UL Mu-mimo, O: OWE client, S: SAE client, E: Enterprise client, m: Agile Multiband client, C: Cellular Data Capable - network available, c: Cellular Data Capable - network unavailable, T: Individual TWT client, t: Broadcast TWT client PHY Details: HT : High throughput; 20: 20MHz; 40: 40MHz; t: turbo-rates (256-QAM) VHT : Very High throughput; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz HE : High Efficiency; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz <n>ss: <n> spatial streams Association Table ----------------- Name bssid mac auth assoc aid l-int essid vlan-id phy assoc. time num assoc Flags DataReady UAC ---- ----- --- ---- ----- --- ----- ----- ------- --- ----------- --------- ----- --------- --- AP505 b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 y y 1 20 bin4-wpa3-personal-trans 1 a-HE-20-2ss 2m:40s 1 WVwS Yes (Implicit) 0.0.0.0 AP505 b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 y y 2 20 bin4-wpa3-personal-trans 1 a-VHT-20sgi-2ss 2m:6s 1 WVw Yes (Implicit) 0.0.0.0 Num Clients:2
- Client-table 情報
e - Beamformer フラグがついているが、こちらからは特に違いがなかった。
AP505# show ap debug client-table Client Table ------------ MAC ESSID BSSID Assoc_State HT_State AID PS_State UAPSD TWT Tx_Pkts Rx_Pkts PS_Qlen Tx_Retries Tx_Rate Rx_Rate Last_ACK_SNR Last_Rx_SNR TX_Chains Tx_Timestamp Rx_Timestamp MFP Status (C,R) Idle time Client health (C/R) Tx_Bytes Rx_Bytes --- ----- ----- ----------- -------- --- -------- ----- --- ------- ------- ------- ---------- ------- ------- ------------ ----------- --------- ------------ ------------ ---------------- --------- ------------------- -------- -------- 04:69:f8:0c:88:a6 bin4-wpa3-personal-trans b8:3a:5a:8b:36:d1 Associated AWvSsEe 0x2 Power-save (0,0,0,0,N/A,0) (0,0) 62 516 0 0 156 173 65 62 2[0x3] Tue Jun 30 15:24:10 2020 Tue Jun 30 15:24:11 2020 (1,1) 0 100/8 23367 29882 84:ab:1a:11:d2:f6 bin4-wpa3-personal-trans b8:3a:5a:8b:36:d1 Associated AWvSsE 0x1 Power-save (0,0,0,0,N/A,0) (0,0) 96 608 0 1 258 286 58 60 2[0x3] Tue Jun 30 15:24:02 2020 Tue Jun 30 15:24:05 2020 (1,1) 6 100/8 34142 15469 Num of associated clients: 2 UAPSD:(VO,VI,BK,BE,Max SP,Q Len) TWT:(iTWT sessions num, bTWT groups num) HT Flags: A - LDPC Coding; B - TX STBC; D - Delayed BA; G - Greenfield I - HT40 Intolerant; M - Max A-MSDU; N - A-MPDU disabled Q - Static SM PS; R - Dynamic SM PS; S - Short GI 40; W - 40 MHz b - RX STBC; s - Short GI 20; t - turbo-rates (256-QAM) VHT Flags: C - 160MHz/80+80MHz; E - Beamformee; V - Short GI 160 c - 80MHz; e - Beamformer; v - Short GI 80 HT_State shows client's original capabilities (not operational capabilities) MFP Status: C - 1 if the station is MFP capable; R - 1 if the station has negotiated MFP
- WPA3 対応の iPhone SE 接続時の無線キャプチャ
- WPA3 対応の iPad Air2 接続時の無線キャプチャ
[English Version]
I got iPhone SE/iOS13.5.1 which supports WPA3 and iPad Air2/iOS13.5.1 which supports WPA2. So I tried to connect to Aruba AP505/Instant OS 8.7.0.0 WPA3-Personal. opmode-transition command is enabled by default, then not only WPA3 clients but also WPA2 clients can associate the SSID.
We can see Auth Commit/Auth Confirm/Assoc and 4-way handshake.
AP505# show ap debug auth-trace-buf Auth Trace Buffer ----------------- Jun 30 15:21:31 sae-pmk-update * 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - - Grp:19 PMK:32 Succ Jun 30 15:21:31 station-up * 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - - wpa3-sae aes-ccmp-128 Jun 30 15:21:31 wpa2-key1 <- 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 117 Jun 30 15:21:31 wpa2-key2 -> 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 135 Jun 30 15:21:31 wpa2-key3 <- 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 191 Jun 30 15:21:31 wpa2-key4 -> 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 - 95 AP505# show ap debug mgmt-frames Traced 802.11 Management Frames ------------------------------- Timestamp stype SA DA BSS signal Misc --------- ----- -- -- --- ------ ---- Jun 30 15:21:31.497 assoc-resp b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 15 Success Jun 30 15:21:31.497 assoc-req 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 43 - Jun 30 15:21:31.494 auth b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 15 SAE-Confirm:0 Jun 30 15:21:31.493 auth 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 SAE-Confirm:0 Jun 30 15:21:31.466 auth b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 15 SAE-Commit:0 Jun 30 15:21:31.430 auth 84:ab:1a:11:d2:f6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 SAE-Commit:0
We can see Auth/Assoc, and 4-way handshake.
AP505# show ap debug auth-trace-buf Auth Trace Buffer ----------------- Jun 30 15:22:05 station-up * 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - - wpa2 psk aes Jun 30 15:22:05 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jun 30 15:22:05 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jun 30 15:22:05 wpa2-key3 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 191 Jun 30 15:22:05 wpa2-key4 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 95 AP505# show ap debug mgmt-frames Traced 802.11 Management Frames ------------------------------- Timestamp stype SA DA BSS signal Misc --------- ----- -- -- --- ------ ---- Jun 30 15:22:05.310 assoc-resp b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success Jun 30 15:22:05.310 assoc-req 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 45 - Jun 30 15:22:05.308 auth b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success (seq num 0) Jun 30 15:22:05.308 auth 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 -
- Association information
We can see S: SAE client flag on iPhone SE, this shows iPhone SE support WPA3 SAE. And we can also see phy a-HE-20-2ss, this shows iPhose SE support 11ax/HE (High Efficiency).
AP505# show ap association The phy column shows client's operational capabilities for current association Flags: H: Hotspot(802.11u) client, K: 802.11K client, M: VHT Mu beam formee, R: 802.11R client, W: WMM client, w: 802.11w client, V: 802.11v BSS trans capable, P: Punctured preamble, U: HE UL Mu-mimo, O: OWE client, S: SAE client, E: Enterprise client, m: Agile Multiband client, C: Cellular Data Capable - network available, c: Cellular Data Capable - network unavailable, T: Individual TWT client, t: Broadcast TWT client PHY Details: HT : High throughput; 20: 20MHz; 40: 40MHz; t: turbo-rates (256-QAM) VHT : Very High throughput; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz HE : High Efficiency; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz <n>ss: <n> spatial streams Association Table ----------------- Name bssid mac auth assoc aid l-int essid vlan-id phy assoc. time num assoc Flags DataReady UAC ---- ----- --- ---- ----- --- ----- ----- ------- --- ----------- --------- ----- --------- --- AP505 b8:3a:5a:8b:36:d1 84:ab:1a:11:d2:f6 y y 1 20 bin4-wpa3-personal-trans 1 a-HE-20-2ss 2m:40s 1 WVwS Yes (Implicit) 0.0.0.0 AP505 b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 y y 2 20 bin4-wpa3-personal-trans 1 a-VHT-20sgi-2ss 2m:6s 1 WVw Yes (Implicit) 0.0.0.0 Num Clients:2
- Client-table information
The difference between iPhone SE and iPad is e - Beamformer flag on iPhone SE, but we can not recognize WPA3 enabled or not.
AP505# show ap debug client-table Client Table ------------ MAC ESSID BSSID Assoc_State HT_State AID PS_State UAPSD TWT Tx_Pkts Rx_Pkts PS_Qlen Tx_Retries Tx_Rate Rx_Rate Last_ACK_SNR Last_Rx_SNR TX_Chains Tx_Timestamp Rx_Timestamp MFP Status (C,R) Idle time Client health (C/R) Tx_Bytes Rx_Bytes --- ----- ----- ----------- -------- --- -------- ----- --- ------- ------- ------- ---------- ------- ------- ------------ ----------- --------- ------------ ------------ ---------------- --------- ------------------- -------- -------- 04:69:f8:0c:88:a6 bin4-wpa3-personal-trans b8:3a:5a:8b:36:d1 Associated AWvSsEe 0x2 Power-save (0,0,0,0,N/A,0) (0,0) 62 516 0 0 156 173 65 62 2[0x3] Tue Jun 30 15:24:10 2020 Tue Jun 30 15:24:11 2020 (1,1) 0 100/8 23367 29882 84:ab:1a:11:d2:f6 bin4-wpa3-personal-trans b8:3a:5a:8b:36:d1 Associated AWvSsE 0x1 Power-save (0,0,0,0,N/A,0) (0,0) 96 608 0 1 258 286 58 60 2[0x3] Tue Jun 30 15:24:02 2020 Tue Jun 30 15:24:05 2020 (1,1) 6 100/8 34142 15469 Num of associated clients: 2 UAPSD:(VO,VI,BK,BE,Max SP,Q Len) TWT:(iTWT sessions num, bTWT groups num) HT Flags: A - LDPC Coding; B - TX STBC; D - Delayed BA; G - Greenfield I - HT40 Intolerant; M - Max A-MSDU; N - A-MPDU disabled Q - Static SM PS; R - Dynamic SM PS; S - Short GI 40; W - 40 MHz b - RX STBC; s - Short GI 20; t - turbo-rates (256-QAM) VHT Flags: C - 160MHz/80+80MHz; E - Beamformee; V - Short GI 160 c - 80MHz; e - Beamformer; v - Short GI 80 HT_State shows client's original capabilities (not operational capabilities) MFP Status: C - 1 if the station is MFP capable; R - 1 if the station has negotiated MFP