Cisco WLCs Get New WPA2 and WPA3 Options

Welcome to our November 2019 Blog update where this month I want to focus on changes to the Cisco security settings for WLANs and the new WPA2 and WPA3 options.

Cisco has changed its configuration options on both its AirOS and IOS-XE based controller platforms to include WPA3.

Now, when you select the security options on the latest AirOS controllers (currently 8.10) or IOS-XE controllers (currently 16.12), you get to choose from WPA+WPA2 or WPA2+WPA3. See Figures 1 and 2.

Figure 1: New WPA2 and WPA3 Options – Cisco AirOS Security – Layer 2 Security Setup

Figure 2: Cisco IOS-XE Security – Layer 2 Security Setup

Note: you also get the choice of WPA2 Personal or WPA2 Enterprise, on the AirOS controllers. See Figure 3.

Figure 3: Cisco AirOS Security – Layer 2 Security Type Setup

These options fit more closely with recommendations and vendor design guides. The option to choose Personal or Enterprise is simply selected from a drop-down.

Finally, you can also select WPA3 and configure options such as OWE and SAE.

(Blog article follow-up planned for December on this).

*Note* Amended as of 11/30/19: my intention was to write on WPA3 SAE and OWE (well, Enhanced Open anyway). However, my good friend mrncciew has written a most excellent series of articles on WPA3 and Enhanced Open. So I’ll redirect you to his links instead:
https://mrncciew.com/2019/11/21/enhanced-open-part-1/
https://mrncciew.com/2019/11/29/wpa3-sae-mode/
https://mrncciew.com/2019/11/29/wpa3-sae-transition-mode/

See you next time!

 

About NC-Expert

NC-Expert is a privately-held California corporation and is well established within the Wireless, Security, and Collaboration industry certification training, courseware development, and consulting markets.
Led by its Founder and CEO, Rie Vainstein, NC-Expert has won numerous private contracts with Fortune level companies around the world. These customers have depended on NC-Expert to train, advise, and mentor their staff.

So remember, if you are looking for the best IT training just call us at (855) 941-2121 or contact us

NC-Expert Blog

By Rie Morgan July 13, 2026
There is something wonderfully satisfying about seeing a Wi-Fi channel get wider: twenty megahertz becomes forty. Forty becomes eighty. Eighty becomes one hundred and sixty. This begs the question: more bandwidth must mean more speed... right? Well... sometimes. Like many things in Wi-Fi engineering, the answer begins with, "It depends." The idea that wider channels always deliver better performance has become surprisingly common. It's an understandable conclusion because, in theory, wider channels can carry more data. More lanes on a highway should allow more traffic to flow. But Wi-Fi isn't driven by theory alone. The RF environment has an annoying habit of reminding us that physics always gets the final vote. Let's explore why bigger isn't always better... More Lanes... But Fewer Roads Imagine a city with only a handful of highways. If you combine four lanes into one giant superhighway, each individual vehicle might travel faster. Unfortunately, you've also eliminated several independent routes that other drivers could have used. That's exactly what happens with channel bonding: - An 80 MHz channel occupies the same spectrum as four adjacent 20 MHz channels. - A 160 MHz channel consumes eight. While you've increased the potential throughput available to one transmission, you've dramatically reduced the number of separate channels available for everyone else. In an empty environment, this is often perfectly acceptable. But, in a busy enterprise? Not so much.
By Rie Morgan July 8, 2026
Walk into almost any office after a new Wi-Fi deployment and you'll hear a familiar sentence: "Coverage looks great. We should be good." It sounds logical. After all, if every corner of the building has a healthy signal, surely the network can handle whatever users throw at it. Except... that's not how Wi-Fi works. Coverage and capacity are close friends, but they're definitely not twins. One answers the question, "Can devices hear the network?" The other answers, "Can everyone actually use it at the same time?" Confusing the two is one of the most common mistakes in Wi-Fi design, and it often explains why a network that looks fantastic on a heatmap still leaves users frustrated.  Let's bust this myth once and for all.
By Rie Morgan July 1, 2026
We've all seen it happen: A user reports that "the Wi-Fi is terrible," so someone immediately checks the signal strength. "RSSI is -48 dBm." "Excellent." "Problem solved." Except... the user is still staring at a spinning "loading" icon. Welcome to one of the most persistent myths in wireless networking: Strong signal means great Wi-Fi. It's an easy trap to fall into because signal strength is visible. Nearly every wireless tool reports RSSI. Devices proudly display three, four, or five little bars. Coverage heatmaps glow with reassuring shades of green. Yet experienced Wi-Fi engineers know that great signal strength and great Wi-Fi are not the same thing. In fact, it’s entirely possible to have outstanding RSSI while users experience dreadful performance!