diff --git a/dp/wifi3.0/dp_rx.c b/dp/wifi3.0/dp_rx.c
index dcaeb10f3e..b3128ec109 100644
--- a/dp/wifi3.0/dp_rx.c
+++ b/dp/wifi3.0/dp_rx.c
@@ -2804,28 +2804,6 @@ done:
 
 		if (qdf_likely(peer)) {
 			vdev = peer->vdev;
-
-			/*
-			 * In encryption mode, all data packets except
-			 * EAPOL frames should be dropped when peer is not
-			 * authenticated. Thie feature is enabled for all peers
-			 * under this vdev when peer_authorize flag is set.
-			 */
-			if (qdf_unlikely(vdev->peer_authorize)) {
-				if (qdf_unlikely(vdev->sec_type != cdp_sec_type_none)) {
-					/*
-					 * Allow only EAPOL frames
-					 */
-					if (qdf_unlikely(!peer->authorize &&
-								!qdf_nbuf_is_ipv4_eapol_pkt(nbuf))) {
-						qdf_nbuf_free(nbuf);
-						nbuf = next;
-						DP_STATS_INC(soc, rx.err.peer_unauth_rx_pkt_drop, 1);
-						continue;
-					}
-				}
-			}
-
 		} else {
 			nbuf->next = NULL;
 			dp_rx_deliver_to_pkt_capture_no_peer(
@@ -2985,6 +2963,23 @@ done:
 			continue;
 		}
 
+		/*
+		 * Drop non-EAPOL frames from unauthorized peer.
+		 */
+		if (qdf_likely(peer) && qdf_unlikely(!peer->authorize)) {
+			bool is_eapol = qdf_nbuf_is_ipv4_eapol_pkt(nbuf) ||
+					qdf_nbuf_is_ipv4_wapi_pkt(nbuf);
+
+			if (!is_eapol) {
+				DP_STATS_INC(soc,
+					     rx.err.peer_unauth_rx_pkt_drop,
+					     1);
+				qdf_nbuf_free(nbuf);
+				nbuf = next;
+				continue;
+			}
+		}
+
 		if (soc->process_rx_status)
 			dp_rx_cksum_offload(vdev->pdev, nbuf, rx_tlv_hdr);