Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Considerations for 6 GHz Wireless

When deploying Wi-Fi 6E, there are practical considerations to keep in mind to ensure successful implementation. This document provides guidance specifically for deploying Wi-Fi 6E using Mist, and focuses on the necessary steps, configurations, and best practices.

Spectrum Availability

Wi-Fi 6E operates in the 6-GHz frequency band, offering increased bandwidth and reduced interference compared to previous Wi-Fi standards. Before deploying Wi-Fi 6E, it is crucial to verify spectrum availability in your region and ensure that you're complying with regulatory requirements.

Configure your wireless LAN (WLAN) to utilize both the 5-GHz and 6-GHz bands. Doing this will ensure that clients can fall back to the 5-GHz band in case of a connection issue on the 6-GHz band.

Security

Use of Wi-Fi Protected Access 3 (WPA3) security or Opportunistic Wireless Encryption (OWE) is mandatory for Wi-Fi 6E deployments. We recommend that you understand the devices and driver versions of the devices on your network before deciding which security type best fits the needs of your environment.

Note:

In Mist, the 6-GHz band needs to be explicitly enabled on each Wireless LAN (WLAN). It is not enabled on existing WLANs, and is not enabled by default on new WLANs.

Consider the following points before deciding which security type best fits the needs of your environment:

  • WPA3-Enterprise—This security type is easy to adopt. It is very similar to WPA2-Enterprise, so it is usually low-risk to adopt WPA3-Enterprise.

  • WPA3-Personal—Adopting this security type is fairly low-risk when modern devices are involved. You might run into interoperability issues with older devices, in which case, it is best to go with an SSID with WPA2-Personal configured so that older devices can connect to the network without any issue. Built-in downgrade protections prevent roaming back to WPA2. WPA3-Personal is also known as Simultaneous Authentication of Equals (SAE).

    In 6-GHz, Hash-to-Element (H2E) is mandatory to mitigate some of the early vulnerabilities found with WPA3-Personal. With H2E, the password undergoes hashing and serves as an element (Password Element [PWE]) in establishing connectivity.

  • Opportunistic Wireless Encryption (OWE)—This security type has the most recent device support. It is common to deploy OWE Transition for maximum compatibility.

    For guest networks, device support of OWE is fairly new; so you will likely need to use OWE Transition if you want to have your guest network on the 6-GHz band.

Transition Modes

Transition modes can help ease adoption to WPA3 or OWE. Transition modes delay the migration to WPA3 by continuing to offer existing security types.

  • WPA3-Enterprise Transition—This is mostly made up of WPA2-Enterprise and Protected Management Frames (PMF). When you enable WPA3-Enterprise Transition, the same Authentication and Key Management (AKM) (5) is used, but PMF is changed from mandatory to capable. Legacy AKM 1 is dropped with WPA3-Enterprise Transition. Device support of PMF is positive.

    Customer feedback has been generally positive around enabling both WPA3-Enterise and WPA3-Enterprise Transition. This will vary based on the devices and device drivers in your network.

  • WPA3-Personal Transition—The preshared key (PSK) and Simultaneous Authentication of Equals (SAE) AKMs are advertised.

    Older devices (such as Android 9 and older as well as Microsoft Surface devices with Marvell chipsets) have had trouble connecting to WPA3-Personal Transition networks. Therefore, it’s important to understand the variety of devices on your networks. You might want to consider using an SSID with WPA2-Personal configured on the 2.4 and 5-GHz bands to support older devices.

  • OWE Transition—You will need to deploy OWE Transition if you would like to enable your “open” or guest networks on the 6-GHz band. Otherwise, keep these networks on the 2.4 or 5-GHz bands.

    OWE Transition creates a second "hidden" SSID. The open network continues to broadcast, and a new information element is added to the beacon to indicate the presence of an OWE SSID, which is broadcast as hidden.

    In Mist, when you configure OWE Transition, it automatically creates the hidden OWE SSID, and appends -OWE to the end of the SSID name.

    Note:

    Mist allows you to configure WPA3 and OWE Transition modes on 6-GHz multiband SSIDs, to ensure easier adoption of transition mode SSIDs. This eliminates the need to create two separate SSIDs, which would break fast roaming if enabled, and would display as two SSIDs with potentially the same name in the UI.

Roaming Between Security Types

In environments with varying device types and device versions, it is important to understand device behavior when roaming between different security types. The following observations have been found in our testing:

Table 1: Client Device Support of WPA3 and OWE

WPA3

OWE

Android

  • Version 10 and above

Android

  • Version 10 and above

Apple (iPhone 6, 2013+ MacBook (802.11ac), iPad 5)

  • iOS 13 and above
  • MacOS Catalina and above

Apple (iPhone SE, iPhone 12, iPad mini 6th gen, iPad Air 4th gen, iPad Pro 11 3rd gen, iPad Pro 12 5th gen, Apple Silicon Macs

Windows

  • WPA3 Enterprise – Windows 10 (2004)
    • For Intel NICs: 9260 or newer and driver 21.90.3.X or later
  • WPA3 Personal – Windows 10 (1903)
    • For Intel NICs 9260 or newer and driver 21.10.X or later
    • H2E Supported on Windows 10 21H2 or Windows 11
      • W10 Intel Driver = 22.70.x or Later, W11 Intel Driver = 22.100.x or Later

Windows

  • Windows 10 (2004)
    • For Intel NICs: 9260 or newer and driver 21.90.3.X or later

ChromeOS

  • Support added in 2020

ChromeOS

  • Not Supported

The information in the table above was derived from the intel.com and apple.com support websites.

Client Provisioning Considerations

In larger environments, it’s often necessary to rely upon provisioning tools such as MDM, group policy, or other tools which can push configuration profiles to devices. With these tools, you can pre-configure SSIDs, install certificates, and so on. Keep in mind that in the SSID profiles, you need to define the security type.

For secure Enterprise networks, you can define WPA2-Enterpise as the security type. This generally enables the device to connect to WPA3-Enterprise networks as well, if the device supports it. On the other hand, if you configure a higher security level and the device does not support it, the profile may fail to install.

The following depicts selecting the WPA2 Enterprise security type from Apple Configurator:

RF Design

Juniper Mist's testing reveals that the biggest difference between 5 GHz and 6 GHz, from a design perspective, is driven from reduced 6-GHz client transmission power. From a free space path loss (FSPL) perspective, 5 GHz and 6 GHz have a 1–2 dB difference depending on which frequencies you are comparing. The difference is that 5 GHz and 6 GHz might attenuate differently through different material types. There may also be max Access Point (AP) Transmission power differences, especially with Low Power Indoor mode (LPI).

6 GHz requires a slightly higher AP density than 5 GHz. We recommend a proper RF design for 6 GHz. However, in some environments this might not be feasible. If you already have capacity based on 5-GHz designs, you may not need to change much from a density perspective. Based on the material of your walls, you might find it necessary to add an AP specifically to a conference room where you previously did not have one for 5 GHz. If you look in any of the popular planning tools, you'll notice similar coverage between 5 GHz and 6 GHz.

Client transmission power is limited depending on the regulatory domain.

  • In real world tests, we see between 3-10 dB of difference between 5 GHz and 6 GHz.

  • In the United States, clients are limited to -1 dBm/MHz.

Preferred Scan Channels (PSCs)

Out of the box, Mist defaults to 80 MHz in the 6-GHz band.

80 MHz is recommended because it allows for a higher maximum equivalent isotropic radiated power (EIRP) and it lines up with Primary Scan Channels (PSCs), which clients have an easier time discovering.

Utilize non-PSCs in environments where you may want to utilize 20 or 40 MHz channel bandwidth, such as in Europe with only 500 MHz of spectrum, or in high density environments.

After testing the major client operating systems, the use of non-PSCs as the primary channel is generally OK. Our testing has also shown that Windows, Android, iOS, and MacOS clients connect to APs using non-PSCs and leverage out-of-band discovery mechanisms such as reduced neighbor reports or 802.11k neighbor reports.

In environments where you might need narrow channels, configure your WLAN to utilize both the 5-GHz and 6-GHz bands. This provides the added benefit that if there is ever a 6-GHz discovery issue, clients can fall back to the 5-GHz band.

Mist Radio Resource Management (RRM) uses PSCs by default. When Automatic is selected for channels, PSCs will be used as the primary channel. When Set allowable channels is selected, whichever channels are selected will be used as primary channels.

For most environments, the minimum power for 6 GHz can be kept the same as 5 GHz. For maximum power, you generally do not need to restrict the maximum for 6 GHz.

PoE Requirements

For Power over Ethernet (PoE), Mist Wi-Fi 6E APs need a minimum of 802.3at power, but 802.3bt is the general recommendation. For details about the power requirements, see PoE Requirements for Juniper APs.

Multigigabit Considerations

With Wi-Fi 6E, there are real-world situations where you could see more than 1 gigabit per second (Gbps) on a single AP. For these situations, Juniper Mist offers select switches that offer Multigigabit (mGig) speeds for Wi-Fi 6E APs. So, do you need 1 gigabit (Gb) or multigigabit for Wi-Fi 6E APs?

  • Generally speaking, you need at least 100 MHz of spectrum to exceed 1 Gbps of throughput.

  • With three data radio triband APs, you could have 120-140 MHz of spectrum used by a single AP.

  • Select Juniper Switches offer mGig speeds of 2.5 Gigabit Ethernet (GbE), which is necessary for Wi-Fi 6E deployments that surpass 1 Gbps throughput.