Cisco IOS XE 17.15.3 was released on April 7, 2025, and introduces several new features and updates.
Enhanced Restrictions for Wi-Fi 7/MLO Devices
Version 17.15.3 imposes stricter requirements for clients connecting as Wi-Fi 7 or MLO (Multi-Link Operation) devices. These clients must support Protected Management Frames (PMF). Additionally, if using SAE (Simultaneous Authentication of Equals), they must have SAE-EXT or FT-SAE-EXT (AKM 24/25) enabled.
Have Tested this and if you try use SAE , 9800 Will not let you configure it ,You will need to use SAE-EXT or FT-SAE-EXT
Summary of SAE-EXT-KEY AKMs
Supported Combinations for the Ciphers
| Profile Name | SSID | 6GHz Security |
| wpa3-sae_profile | wpa3-sae | [WPA3][SAE][AES] |
| wpa3-sae-ext_profile | wpa3-sae-ext | [WPA3][SAE-EXT-KEY][GCMP256] |
| wpa3-sae-ext-mab_profile | wpa3-sae-ext-mab | [WPA3][MAB][SAE-EXT-KEY][GCMP256] |
| wpa3-sae-ext-webauth_profile | wpa3-sae-ext-webauth_profile | [WPA3][SAE-EXT-KEY][Webauth][GCMP256] |
| wpa3-sae-ext-mab-webauth_profile | wpa3-sae-ext-mab-webauth_profile | [WPA3][MAB][SAE-EXT-KEY][Webauth][GCMP256] |
| wpa3-ft-sae_profile | wpa3-ft-sae | [WPA3][FT + SAE][AES] |
| wpa3-ft-sae-ext_profile | wpa3-ft-sae-ext | [WPA3][FT + SAE-EXT-KEY][GCMP256] |
| wpa3-ft-sae-ext-mab_profile | wpa3-ft-sae-ext-mab | [WPA3][MAB][FT + SAE-EXT-KEY][GCMP256] |
| wpa3-ft-sae-ext-webauth_profile | wpa3-ft-sae-ext-webauth | [WPA3][FT + SAE-EXT-KEY][Webauth][GCMP256] |
| wpa3-ft-sae-ext-mab-webauth_pro | wpa3-ft-sae-ext-mab-webauth | [WPA3][MAB][FT + SAE-EXT-KEY][Webauth][GCMP256] |
Leave a Reply