Hello, we have approximately 1500 wifi users. We had a wifi security audit completed recently which suggested implementing 802.11w MFP. In your opinion, as of April 2019 in a typical USA city, should be expect to encounter many wifi devices that do not support 802.11w ? I am trying to gauge whether we should enforce 802.11w MFP as 'optional' or 'required'. Thank you for any advice.
Regarding 802.11w MFP, it works best only when you have a client that supports it but, in Ruckus there are flexible options (Required and capable) when 'Required' is chosen AP would only let the client connect when 802.11w is supported, else the client would never connect if 'Capable'is chosen AP would let both the 802.11w supported and non supported clients to connect.
Below is my two cents, if your clients are Apple(I'm an Apple Fan) flavoured then blindly go head and enable 802.11w with 'Required' selected else first I would check the client device types by enabling 'Client Fingerprint' under WLAN Advance options, if not enabled and understand my user OS types if I have a good client base then would enable 802.11w with 'Capable' chosen.
This is very important because if client devices have mischievous drivers then this would cause issues and not let the client connect to WiFi, I would also send an note or some kind of update to the users with backup options to resume connectivity to WiFi if issues arise after enabling this option on Ruckus controller.
802.11w provides safety for your management frames which is better security for the wireless network.You could also visit the below link for MFP understanding and Check your client devices before enabling 11w, if “Required” is selected, clients must support 11w in order to connect. If “Capable” is selected, clients with or without 11w should be able to connect.