AC50 - When changing security of active SSID, WEP networks are created

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

AC50 - When changing security of active SSID, WEP networks are created

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
AC50 - When changing security of active SSID, WEP networks are created
AC50 - When changing security of active SSID, WEP networks are created
2018-08-17 11:38:46

I was having some issues on the SSIDs I had active on my AC50 - These were all configured as WPA/WPA2-PSK with the WPA2-PSK option selected but the encryption left to AUTO.  So I changed the encryption from Auto to AES (which is the correct encryption for WPA2) and upon doing so, the encryption appeared to change to WEP (as evidenced by Netspot and numerous devices attempting to connect) - The PSK password was not accepted.

 

Rebooting All APs and they all came back online with the correct setup (WPA2-PSK/AES)

  0      
  0      
#1
Options
3 Reply
Re: AC50 - When changing security of active SSID, WEP networks are created
2018-08-17 12:54:43 - last edited 2018-08-17 12:55:36

Pablo wrote

So I changed the encryption from Auto to AES (which is the correct encryption for WPA2) and upon doing so, the encryption appeared to change to WEP (as evidenced by Netspot and numerous devices attempting to connect) - The PSK password was not accepted.

 

What do you mean with "correct encryption for WPA"? TKIP and AES are two different encryption algorithms for WPA2 to choose from. TKIP has been introduced in WPA and it is very similar to the encryption algorithms WEP uses. You're right in so far that TKIP should not be used if possible, since it's a weak algorithm. But there are situations where one would still offer TKIP for older devices not supporting AES. If you set the mode to Auto, the AP and the device will negotiate upon the best encryption algorithm both devices support.

 

While WPA2 is supposed to use AES for optimal security, it can also use TKIP where backward compatibility with legacy devices is needed. In such a state, devices that support WPA2 will connect with WPA2 and devices that support WPA will connect with WPA. So WPA2 doesn’t always mean WPA2-AES.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:Re: AC50 - When changing security of active SSID, WEP networks are created
2018-08-17 23:58:53
The correct algorhythms created were WPA/TKIP and WPA2/AES - WPA2/TKIP is a mismatch and whilst devices can and do support it, it isn't best practice to use it. I assumed that when I set the network to WPA2/AUTO that actually the AC50 would take care on setting the network up as WPA2/AES. But it wasn't until I manually set the config to WPA2/AES that I witnessed WEP networks present in the air. So irrespective of whether or not WPA2/TKIP is actually usable, I had manually set the network to WPA2/AES and I woudn't expect WEP (or some hashed up TKIP network) to be present and clearly this is a bug
  0  
  0  
#3
Options
Re:Re:Re: AC50 - When changing security of active SSID, WEP networks are created
2018-08-18 00:13:37

Ok, so if you found a bug, file a ticket with your local TP-Link support to get it fixed.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#5
Options