Issue summary: Iphone 16 is not connecting to WiFi7 AP with MLO Suiteb encryption. Furuno AP(EW750) is sending EAPOL M1 message, but Iphone16 is not responding with EAPOL M2 message, Hence Iphone16 is unable to connect to Qualcomm based AP with MLO suiteb encryption.
Issue impact: All the Iphone16 users cannot connect to WiFi7 AP with MLO suiteb encryption globally. Predominantly, Iphone users tend to connect to more secured wifi networks using WPA3 suiteb encryption, hence many of the iphone users will experience the connectivity issue significantly.
Topology:
AP Hardware: Furuno WiFi7 AP(EW770) The Furuno WiFi7 AP uses Miami IPQ5332 with waikiki radio QCN9274 AP software: SPF12.2 CSU3 IPhone16 software: (18.3.1 or 18.5 ) Iphone16 wifi capabilities: 802.11 b/a/g/n/ac/ax/be Radius server details: Radius server: Laptop running with Ubuntu Radius package: 3.0.26dfsggit20220223.1.00ed0241fa-0ubuntu3.4 Version: 3.0.26
Steps:
- Power on the Wi-Fi 7 Access Point with the Miami chipset, and flash it with the SPF 12.2 CSU3 image.
- Enable both 5 GHz and 6 GHz radios on the AP.
- Enable MLO (Multi-Link Operation) in 6Ghz & 5Ghz, set MLD address different from radio address and configure Suite-B (192-bit) encryption
- On the Linux laptop, set up the RADIUS server with EAP-TLS authentication method.
- Once the above steps are completed, take the iPhone 16 and follow the steps below to install the RADIUS client certificates on the device.
- On the sniffer laptop, switch the Wi-Fi adapter to monitor mode, configure the required channel, and begin packet capture.
- Check SSID is broadcasting, then connect the iPhone 16 to <MLO Suiteb SSID>.
- Verify if the client (iPhone 16) connects to the SSID using WPA3-Enterprise, MLO, and Suite-B encryption by checking the wireless capture on both the AP and iPhone sides.
Support needed from Apple team: We would request Apple team to analyse and enable the IPhone16 users to connect to advanced security WPA3 Suiteb by resolving the issue.
Below is our analysis and observation for your reference.
- As per IEEE, MLD mac address can be set to the same or different from radio address, Iphone16 is not accepting EAPOL M1 message if source address(MLD) is different from radio address.
- IPhone16 is accepting EAPOL M1 if the source address(MLD) is set to the same as the radio address and responds with M2 message
- IPhone16 is not accepting EAPOL M1 if source address(MLD) set to different from radio address and fails to respond with M2 message
Support needed from Apple team
We’re not going to be able to help you in this context. DevForums is focused on code-level issues, and specifically Apple APIs and developer tools. Given that you can reproduce this problem without writing any code for Apple platforms, it’s not something we can help you with.
My advice is that you file a bug so that Apple Wi-Fi engineering team to investigate. As part of that, make sure to capture and attach Wi-Fi diagnostics. There’s info about how to do that on our Bug Reporting > Profiles and Logs page.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"