jelmervdmeer wrote

I have found that enabling MLO (and 6GHz) forces WPA3 only. 2.4 and 5GHz can still be accessed.

@jelmervdmeer very nice finding. I almost tried this until it warns me about the impact of disabling the 802.11k/v/r capability, which is very important to me. In fact, it was one of the top reasons I switched to Omada.

GPB wrote

Did I misread the warning? I thought it said it pertained only to MLO clients (of which I have none). I enabled it and haven't noticed any issues with roaming.

  @GPB you're right! My bad, I didn't read the whole warning. Testing it right now. 

  @Hank21 

hello do you have any news about this feature, our security team want us to disable wpa2

dear,

  @mixman68 at this point I doubt they'll implement it in the near future. Your only option is the workaround I mentioned above.

  @reynhartono 

"While the current "WPA2/WPA3" mode ensures backward compatibility by automatically reverting to WPA2 for devices that don't support WPA3,"

I created a current thread about a similar issue I'm having with their WPA-Enterprise implementation. I'll go further than your suggestion above, and state that I think even devices that support WPA3 (and ax/be) are being downgraded to the legacy option by default. Maybe it's just an Android thing, but I have two different client devices that are choosing WPA2 over WPA3 if both options are offered. Not sure if that's the client's fault, or TP-Links fault.

The only time I'm getting WPA3 only is on 6ghz.

TP-Links controller only offers the option to enable progressively newer standards, it does not offer any direct option to disable older ones. (You can enable ax or be, but you can't turn off a/b/g/n/ac).

  @jelmervdmeer this is not a very appealing work around because only clients that support wifi7 will support MLO. There are plenty of wifi 6 clients that support WPA3. You'd be locking out all of them with this.

  @motoronion enabling MLO does not restrict the network from being accessed by devices that are not WiFi 7 compatible. It does enforce WPA3 for all devices connecting to the network. 
 

Don't get me wrong, I prefer an option in the menu, but this does effectively the same.

+1 for a WPA3-only option.

There's nothing wrong with the WPA2/WPA3 mixed mode for backward compatibility, but having a WPA3-only option is really essential in some environments.

I'm currently using the MLO workaround, it's a bit janky, but it seems to work for now.