Transition Mode Overview

Transition Mode eases the transition for an organization from WPA2 to WPA3 Wi-Fi security. This mode connects newer client hardware with the latest security standards, while still allowing legacy client devices to access the same SSID using older standards.

Important

Transmission mode with Auto Protected Frame Management across all radios (including 6 GHz) requires IQ Engine 10.7.3. If you push the Auto setting to an AP with IQ Engine below 10.7.3, the AP defaults to the best available 802.11w setting available, so Protected Management Frames will be set to Mandatory.

There are three distinct types of transition modes, each functioning in its own unique way:

Open to Enhanced Open (OWE): Supports both OWE and open standards. Newer devices can connect using OWE, while older client devices can connect without encryption. This is provided through two distinct SSIDs: a visible open network and a similarly-named hidden OWE network. All clients attempt to join the visible open network, but clients that support OWE receive an an information element in the open network‘s SSID probe response to join the hidden OWE network instead.
WPA2/WPA3 Personal (PSK to SAE): Supports both WPA2 and WPA3 on a single passphrase protected SSID. Devices supporting WPA3 can connect using WPA3 with SAE, while older devices can still connect using WPA2 with PSK. 802.11w (Protected Frame Management, or PMF) is set to optional on these SSIDs, enabling newer clients to use Protected Frames, while older clients do not.
WPA2/WPA3 Enterprise: Supports both WPA2-Enterprise and WPA3-Enterprise on the same SSID. While all clients use the same backwards-compatible encryption (AES 128), 802.11w is set to Optional on these SSIDs. Newer clients use PMF, while older clients do not.

Transition Mode is only supported on the legacy radio bands (2.4 and 5 GHz), while 6 GHz networks are required to use the newer security standards. To simplify the adoption and use of the same SSIDs across all radios, ExtremeCloud‌ IQ intelligently applies PMF settings on an SSID within an Enterprise network, based on the selected security and radio settings.

Table 1. Transition Mode Security and Radio Settings
	Transition Mode	2.4/5 GHz Enabled	6 GHz Enabled	802.11w Setting
WPA2-Enterprise	N/A	Yes	N/A	Off
WPA3-Enterprise	No	Yes	No	Mandatory
WPA3-Enterprise	Yes	Yes	No	Optional
WPA3-Enterprise	No	Yes	Yes	Mandatory
WPA3-Enterprise	Yes	Yes	Yes	Auto*

Note

*Auto 802.11w requires IQ Engine 10.7.3 or newer.