I have similar problems with WPA3 on new
cAP AX with the latest ROS 7.14.2 usinf Wifi menu (wifi-qcom package on AP). I have CRS112-8P-4S as CAPsMAN.
When WPA3 is enabled I am unable to connect from Android device, Apple devices have also problems and Linux was mostly unable to connect, but sometimes it connected. It felt random with maybe 20% probability of connecting. Windows did not have any problems.
After some troubleshooting I was able to determine that problem is not WPA3-PSK per se, but it is somehow connected to SAE Anti Clogging Threshold.
If I disable this option, I am able to connect without problems even with WPA3-PSK enabled:
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes \
ft-preserve-vlanid=yes group-key-update=5m name=t_Test-psk \
sae-anti-clogging-threshold=disabled
Also if I keep this enabled, but increase sae-max-failure-rate to something like 300, it works:
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes \
ft-preserve-vlanid=yes group-key-update=5m name=t_Test-psk \
sae-max-failure-rate=300
I do not understand WPA3 or SAE very well and documentation is not detailed on those two parameters. It would be great if someone from Mikrotik could look at this. Also for those who have similar problems please provide ROS version. And those, who have WPA3 working correctly, also provide ROS version and configuration, so we can pinpoint root cause of this problem.
Changelog for 7.8 states:
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
That would indicate, that problematic functionality was introduced in 7.4, but changelog for 7.4 does not include any mention of anything like anti-clogging, SAE or anything similar.
Also on one network I use WPA2-EAP and WPA3-EAP with Radius server does work correctly so far (on Linux, other devices will be tested in near future). So far it seems to be limited to WPA3-PSK only.