[teunispeters]

Instructions ... yeah, not bad. It's essentially WPA3-Enterprise with possibly 192 bit set up. I like WPA3-Enterprise, it's really sufficient for most people when one moves to discontinuous permissions on a network. That said, after developing WPA3/Enterprise/192 for a platform out there, it's really very very restricted - and there were very few clients at the time that supported the combinations of security authentications required. Oh, also roaming clients is somewhat restricted (by no fast roaming protocols, at least as of the last time I went through the specs).

Here's specifics, using hostap/wpa_supplicant style configuration: key management WPA-EAP-SUITE-B-192. (but then they talk about that); pairwise=GCMP-256, group_mgmt=BIP-GMAC-256; EAP=TTLS;

I mean RADIUS support isn't that hard - freeradius will do. TLS - well, need valid certs that work for EAP. (it's not as specialized as Passpoint/Hotspot-2, which requires custom certs that must be validated by a specific CA, but it still takes some steps). My own experiments across a number of clients showed that GCMP-256 support for pairwise and group management weren't that common before Wifi-6 took off. Suite-B 192 though isn't so hard to reach.

Hostly, I prefer WPA3-Enterprise with Fast Roaming. Sadly, typical household devices didn't work well with it (mixed with android devices, generally no for printers and other IOT), so I went back to two networks - WPA2/Personal with PMF=optional for those annoying devices that don't have working PMF, and WPA3/Personal for most devices - at least for household operations.