Wi-Fi Certified 6E brings significant change, among others in relation to security questions and the lack of backward compatibility. A number of experts suggest a distinct SSID on the 6 GHz band vs. on the existing 2.4 and 5 GHz bands.
After a thorough analysis of the situation, eduroam recommends eduroam Service Providers to continue the use of the SSID “eduroam” also on the 6 GHz band. While an introduction of WPA3 Transition Mode/optional Protected Management Frames is in principle a good move towards better security, deployments should not coincide the introduction of the new band with changes on the existing bands regarding WPA3-Enterprise Transition Mode or changes to Protected Management Frames.
The advice against WPA3-Enterprise 192-Bit security (see https://eduroam.org/eduroam-and-wpa3/) remains unchanged, also on the 6 GHz band.
It is expected that Access Points supporting Wi-Fi 6E will at the same time also provide service on the 2.4 and/or 5 GHz bands, so that existing client devices without support for 6E continue to receive Wi-Fi coverage. It is NOT RECOMMENDED to deploy eduroam exclusively on the 6 GHz band.
Rationale:
- Regarding ‘no distinct SSID’: most of the more disruptive changes on the new 6 GHz band that make a distinct SSID a useful suggestion are in lower security modes (namely “no authentication” networks, which transition from cleartext transmission to OWE; and “personal” security which transitions from PSK to SAE). The changes on the high end (namely WPA-Enterprise, which is the mode eduroam operates on) are much less disruptive – the only difference being that PMFs are now mandatory. Early experimentation with Wi-Fi 6E on the same SSID as 2.4/5 GHz revealed that the only significant downside to expect is that seamless roaming between the bands may not be possible (i.e. clients may experience a few seconds of disruption of network connectivity while switching between radio bands). Service Providers should keep in mind that the coverage area of an Access Point on 6 GHz may be slightly less than on 5 GHz.
- Regarding Protected Management Frames / WPA3 Transition Mode on 2.4 and 5 GHz bands: eduroam has previously investigated PMFs and their possible incompatibilities with old client devices when WPA3-Enterprise first became an option on Wi-Fi 5 (https://eduroam.org/eduroam-and-wpa3/), and came to the conclusion that it is extremely rare that a PMF-unaware client cannot interoperate with Access Points that announce PMFs as supported, but optional. The vast majority of client devices without PMF support will connect to such Access Points without problems. Independently of Wi-Fi 6E, Service Providers may consider to support optional PMFs or WPA3-Enterprise Transition Mode at their own pace.
- Regarding not coinciding the change of Wi-Fi 6E with Optional PMFs/WPA3-Enterprise Transition mode: both of these changes to the network design at a Service Provider bring their own sets of possible incompatibilities in rare edge cases. To assist in fault-finding and debugging of user problems, it is considered most prudent to make one change at a time and allow for sufficient time in between to be able to correlate issues with causes.
eduroam Operations will continue to monitor deployment reports on possible unexpected incompatibilities in the future. This advisory will be revised as needed.
