WPA-TKIP WPA2-AES Connection speed

Similar Messages

• IPad WiFi works only with WPA/TKIP, not WPA2/AES

  My iPad (like so many others) stopped connecting to my Linksys WRT54G router (which like everyone else's connects fine with every other device, including non-iOS 4 iPhones). The whole reset/restart/restore dance with the iPad/router/cable modem was performed to no avail. By sheer desperation, security protocols were changed, and that's what finally worked.
  The protocol to the rescue was WPA/TKIP, curiously enough. (When security is completely disabled ("Open"), the iPad also connects, perhaps expectedly.) The culprit is WPA2/AES (even AES+TKIP). Any iteration of WPA2/AES ends up blocking the iPad from getting the appropriate IP address via DHCP. Once I changed to WPA/TKIP, everything's been rock-solid and fast.
  (The only times WPA2/AES worked was when the iPad was first used for a couple days, and a couple days after switching back to WPA2/AES when it started working with WPA/TKIP. Since then, switching back to WPA2/AES no longer works, even temporarily.)
  Any idea why initially WPA2/AES worked, and then suddenly stopped?

  Ralph Landry1 wrote:
  That is a very interesting question ... [involving] the combination of the router and the iPad and their respective implementations of the AES encryption algorithm. The AES algorithm is considerably more complex than TKIP. Why some have problems and not others has to be related to the router and its implementation and the Apple implementation.... t works fine for me connecting with [both] a Verizon FiOS (Actiontec) router [a]nd ... an AirPort Extreme. But there have been a number of posts recently about problems with Linksys and Belkin connectivity.
  Tell me about it. I'd been pulling my hair out prior to "discovering (by accident," as George Costanza would say) that WPA/TKIP fixed the problem, and seems to be working fine and fast. Now I'm just academically frustrated (better than actually frustrated) wondering why WPA2/AES is so problematic +with this particular trifecta+ (my iPad, my Linksys router, and WPA2/AES).
  Bottom line is there is probably not an easy solution ... and since you do have a strong security protocol that works, keep using it. Very strange that there would be a change in connectivity after a few months, though. Old engineering philosophy, if it ain't broke, don't fix it. If you have something that works, stick with it for now.
  Actually, WPA2/AES worked on two (short but notable) occasions:
  a) for two days when I first unpacked the iPad, and
  b) for two days when I switched back to WPA2/AES upon discovering WPA/TKIP fixed the issue.
  So it wasn't two months, which makes more sense. I agree with you that I'm not touching this arrangement for now. What I did have to do was change over the other devices (PCs, Wii's, TiVo's) that didn't automatically adjust over to WPA/TKIP. (To its credit, the iPhone did that on the fly.) Going through each device hurt a little, knowing I was using a less-than-optimal protocol for just one cranky device at expense of every other one--but of course I'd rather everything play nice than be necessarily cutting edge. (It's not like I'm the Pentagon or anything here.)
  But also give feedback to Apple:
  http://www.apple.com/feedback/ipad.html
  Done and done. And thanks for a great and reassuring explanation.
  Message was edited by: TashTish

• Newbie adding Comcast wireless: WPA2-PSK (AES) or WPA-TKIP?

  I have an old (but still great!) 1.25 GHz PowerPC G4, runnig Mac OS X 10.5.8.  I also have a 3G iPhone (iOS 4.2.1).  (Both are the most current OS for those devices.)   In the next 6 months I'll be upgrading both of these devices, but I need to install my router now, with the older equipment/software.
  I am very, very new to wireless technology, so I am aware I know nothing about this.  I find that the support at Comcast isn't very Mac-savvy (especially working with my older device).
  I have a new "Gateway" ARRIS modem/router to set up.  My questions:
  1 -- Encryption Method - do I choose WPA2-PSK (AES) or WPA-TKIP?
  2 -- Are there any settings on my Mac (or iPhone) that I need to know about, in order to be sure the wireless network functions properly and securely?
  My thanks to all of you!

  1. At the noment your G4 isn't capable of running  WPA, the only thing you can run is WEP, but change that as soon as you get your new Mac.
  2. You ned to go to Settings>wi-fi and enter the details of your setup, name, password, smtp etc etc.

• Accept Certificate when connecting to an SSID with WPA2-AES encryption.

  When I try to Connect my Iphone to an SSID with WPA2-AES encryption,i need to accept the certificate and gets authenticated.When i switchover to different SSID and reconnect again to the same WPA2-AES SSID i do not get the Certificate accept page.
  When i click on the Forget Network and deisconnect from the SSID and re-connect again,i will be prompted to acept the certificate.Is this a normal behavior in Iphone.
  Any suggestions would be greatly appreciated.
  Thanks and regards,
  Sendhil Balakrishnan

  Hi
  with the config i have i seem to be able to login using either tkip or aes, but i don't think i have got mixed mode configured on the AP so it should only accept WPA2-AES encryption but it also accepts TKIP making me believe something is configured incorrectly.
  should i change anything in the config on the AP to only allow WPA2-AES encryption?
  many thanks
  rogier

• How to set WPA and WPA2 security with multiple AEs

  Hi Everybody,
  I have purchased a second AE and with the help of Alan Summers was able to set them all up for multiple speakers use in iTunes. In order to make them run I had to downgrade security settings to 40-bit WEP which is not really satisfying. My Airport Admin. Utility was still 4.0, so I tried 4.2 which offers the use of WPA and WPA2 with multiple AEs. Upgraded to 4.2 and switched off security settings first. Both AE are recogniced and speakers of second AE also show up in iTunes but I cannot connect to them. Since it didn't work without security settings, I didn't even try with it and went back using 4.0. All other firmware is up-to-date:
  AirPort Express 6.3
  iTunes 6.0.2
  Intel(R) PRO/Wireless 2200BG Network Connection 9.0.3.0
  Any advice would deeply be appreciated!
  BTW - if it works, it's maybe the greatest sound experience I ever had. Music all over the place!!
  Best regards
  Roman

  Found it!!
  1) upgrade Airport Admin. Utility to 4.2
  2) set second AE as "remote base station" and not in "client mode" (that's the clue!!)
  3) follow instructions and type in MAC address of main base station
  4) choose a channel (doesn't matter which one, just has to be the same on both AEs)
  5) choose your personal WPA and WPA2 password (same on both AEs)
  6) restart both AEs
  7) enjoy the music all over the place!
  Best regards
  Roman

• Unable to connect to a Wifi WPA2 AES network

  Hello
  I have an issue to connect to a Wireless WPA2 AES network. I am using an iPhone 4 with iOS 6.0.1
  Is that a  known issue?

• New iPad won't connect to Mobile Hotspot using WPA or WPA2

  I have a new iPad running iOS 6.01.  It connects to wifi networks perfectly.  I also own a Blackberry 9790 that is capable of running a wifi hotspot.  When I try to connect my iPad to the mobile hotspot when WPA or WPA2 Encryption is used the iPad cannot connect.  If I change the Encrypstion to WEP I am able to connect the iPad and wifi works on it.
  Is there a reason the new iPad won't connect to a mobile hotspot that's using WPA/WPA2?  Is there a way to resolve this issue?
  I am able to connect my MacBook Pro to the mobile hotspot using WPA/WPA2 so I know that it's not my phone or the hotspot not working properly.
  Thanks

  It appears as though I fixed my own problem...I hadn't yet tried restarting my blackberry or my iPad since I had been trying to setup the mobile hotspot and connect the iPad.  Anyways, I restarted both devices and then tried connecting using WPA/WPA2 and it worked.
  iPad is now connecting to my mobile hotspot using WPA/WPA2 with no problems.
  Maybe try doing the same if you haven't.

• Automomous AP not broadcasting SSID and can I get it to support both WPA and WPA2?

  Ok, I am playing around with a 3702i that has been converted to Autonomous running ap3g2-k9w7-mx.153-3.JAB
  I have 2 issues I have not been able to solve yet.   I have basically set it up using the web interface....
  First, I can't get the SSID to broadcast -- the SSID is active, because I can type it in manually.
  Second, I have an HP 8600 Pro All-in-One printer that I normally connect over WiFi.  Basically, it does not seem to support WPA2...I spent most of yesterday pouring through HP forums and WPA2 support seems to be a issue.  My old Linksys router had a setting that supported WPA/WPA2...does anyone know how or if I can support WPA / WPA2 simultaneously on this Autonomous AP?
  Here is my config:
  Thanks....
  Cisco3702#sh run br
  Building configuration...
  Current configuration : 3867 bytes
  ! Last configuration change at 12:44:59 -0500 Tue Mar 9 1993
  ! NVRAM config last updated at 11:29:23 -0400 Sat Oct 18 2014
  ! NVRAM config last updated at 11:29:23 -0400 Sat Oct 18 2014
  version 15.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Cisco3702
  logging rate-limit console 9
  no logging console
  enable secret 5 XXXXXXXXXXXX.
  no aaa new-model
  clock timezone -0500 -5 0
  clock summer-time -0400 recurring
  no ip source-route
  no ip cef
  ip domain name mydomain.com
  ip name-server 192.168.6.254
  dot11 syslog
  dot11 activity-timeout unknown default 300
  dot11 activity-timeout client default 300
  dot11 ssid MYSSID
     band-select
     authentication open
     authentication key-management wpa version 2
     infrastructure-ssid
     wpa-psk ascii 7 XXXXXXXXXXXX
  dot11 network-map
  dot11 arp-cache optional
  crypto pki trustpoint TP-self-signed-2632604960
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2632604960
   revocation-check none
   rsakeypair TP-self-signed-2632604960
  crypto pki certificate chain TP-self-signed-2632604960
   certificate self-signed 01
  username CISCO password 7 XXXXXXXX
  username ADMIN privilege 15 secret 5 XXXXXXXXXXXX
  bridge irb
  interface Dot11Radio0
   no ip address
   encryption mode ciphers aes-ccm
   ssid MYSSID
   antenna gain 0
   stbc
   speed  basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
   channel 2412
   station-role root access-point
   dot11 qos class video local
      admission-control
      admit-traffic signaling infinite
   dot11 qos class voice local
      admission-control
      admit-traffic narrowband max-channel 75 roam-channel 6
   dot11 qos class video cell
      admission-control
   dot11 qos class voice cell
      admission-control
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface Dot11Radio1
   no ip address
   encryption mode ciphers aes-ccm
   ssid MYSSID
   antenna gain 0
   peakdetect
   dfs band 3 block
   stbc
   speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23. a1ss7 a2ss7 a3ss7
   channel dfs
   station-role root access-point
   dot11 qos class video local
      admission-control
      admit-traffic signaling infinite
   dot11 qos class voice local
      admission-control
      admit-traffic narrowband max-channel 75 roam-channel 6
   dot11 qos class video cell
      admission-control
   dot11 qos class voice cell
      admission-control
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface GigabitEthernet0
   no ip address
   duplex auto
   speed auto
   bridge-group 1
   bridge-group 1 spanning-disabled
   no bridge-group 1 source-learning
  interface BVI1
   mac-address 58f3.9cea.5d20
   ip address 192.168.6.253 255.255.255.0
   ipv6 enable
  ip forward-protocol nd
  ip http server
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  snmp-server view dot11view ieee802dot11 included
  snmp-server community public view dot11view RO
  snmp-server location Home
  snmp-server chassis-id Cisco3702i
  bridge 1 route ip
  line con 0
  line vty 0 4
   login local
   transport input all
  sntp server 173.255.227.205
  sntp broadcast client
  end

  Hi
  You have to add "guest mode" command to broadcast your SSID. Also if you need WPA/TKIP support then remove version 2 keyword under SSID & add TKIP option under radio interface encryption config. Also get rid of "infrastructure SSID" command under SSID config.
  dot11 ssid MYSSID
     band-select
     authentication open
     authentication key-management wpa version 2
     infrastructure-ssid
     wpa-psk ascii 7 XXXXXXXXXXXX
    guest mode
  interface Dot11Radio1
   encryption mode ciphers aes-ccm tkip
  Pls do not forget to rate all useful responses 
  HTH
  Rasika

• WPA2 Aes encryption on cisco 1121G AP

  hi
  i wanted to increase the security on my 1121G accesspoint by enabling wpa2 with aes encryption. in a test environment i set this up and i configured my wireless client to connect, my wireless client (ibm thinkpad t42p with 11a/b/g Wireless LAN Mini PCI Adapter II has the ability to either select WPA or WPA2 and whether you use TKIP or AES. i selected WPA2 and AES enter the encryption key which i had entered on the AP and i connected,
  i change the settings on the client to WPA and TKIP and entered the same encryption key and i managed to connect as well, which puzzles me, when i enter an incorrect encryption key it won't associate.
  is this normal behaviour or do you think i have configured something incorrectly on the 1121G AP?
  i have attached my config and have removed some personal data.
  many thanks
  rogier

  i have finally figured it out, it is the windows client or mac clients being very smart, if you configure your windows client to use WPA instead of WPA2 and select TKIP instead of AES encryption somehow it figures out this is incorrect and automatically sets the WPA to WPA2 settings and changes TKIP to AES encryption, i am amazed, i finally figured it out when a windows machine which did not have the windows patch to allow it to connect to WPA2 could not connect, only after installing the WPA2 patch would it connect. in the AP log it always showed as logging in with the WPA2 EAS encryption.
  i guess windows xp is a bit smarter than i originally thought

• Mimo access points with Static WEP security do not allow connection speeds above 54mbps

  I am getting this message:
  Access Connections - Mimo access points with Static WEP security do not allow connection speeds above 54mbps
  If I switch from WEP to WAP i do not get the message but I still only get 54mbps speed.  I have a Linksys Wireless-N Broadband Router.  Is there a setting that I am missing???

  Yes you need to use WPA-AES or WPA2-AES, or no encryption, to go faster than 54Mbps. This is part of the 802.11n spec.
  That's not so bad, because if you have the right 802.11n card and use the right settings you can go up to 300Mbps!
  What bites is that the 802.11n card which comes with X-Series ThinkPads is the Intel 4965AGN. It does not support the broader 802.11n 40MHz channel width option, limiting the top speed to 130Mbps .
  The new ThinkPads based on the Montevina/Centrino 2 platform will most likely use the Intel WiFi Link 5100/5300 802.11n/WiMax cards, which I hope will fix this, coz I'm going to buy one!
  I don't work for Lenovo. I'm a crazy volunteer!

• How do I set my E3000 to WPA2 AES?

  On the cisco connect (192.168.1.1) page, where can I change the encryption scheme to WPA2-AES?
  Solved!
  Go to Solution.

  WPA2 Personal uses AES only.
  WPA Personal uses TKIP only.
  WPA2/WPA Personal Mixed Mode uses both.
  For best security and performance use WPA2 Personal only.

• Issue getting Motorola 9060G scanner to work with 5508 WPA-TKIP

  All,
  We have a new 5508 controller that we are trying to get setup to use our Motorola 9060G handheld scanners. This device uses WPA-TKIP and has been working with a Symbol controller without issue. I need to retire this controller so started re-creating the SSID on the Cisco controller. I am having issues getting the scanner to connect with the new SSID. It looks like everything works fine with no security but once I start to enable WPA+WAP2 I get no connectivity. Laptops work fine just not the handheld. I have tried every combination I can think of for AES and TKIP under the WPA and WPA2 policies. I have also gone through the Cisco Best Practices guide for Motorola/Symbol Wireless Handheld Scanners and so far unless I have no security I cannot get things to work properly. I tried doing a debug client to see what or how the two are talking but I can only get results with security set to open. Just looking for other suggestions as to something that I might be missing. My controller is running 7.6.100
  Thanks ...
  Brent Berry

  We have a new 5508 controller that we are trying to get setup to use our Motorola 9060G handheld scanners. This device uses WPA-TKIP and has been working with a Symbol controller without issue. I need to retire this controller so started re-creating the SSID on the Cisco controller.
  Just be aware that the Wi-Fi Alliance has scheduled the "elimination" of TKIP.  What you are about to do is a "temporary" solution.  You can get the scanner to work now because you are using WLC firmwares that still support TKIP.  However, if (in the future) you need to upgrade your controller's firmware to support newer wireless access points, your scanners may not work any more.  
  Read HERE.

• Difference between WEP, WPA, and WPA2 and better suggestion to use for shared family users

  What is the difference between WEP, WPA, and WPA2? My router is set up on my family PC and connected to a modem so I access Wi-fi through my laptop and my sister has a laptop too and uses our family network to get internet. I just set up a WPA today, so will we all be able to get internet (along with my family using the pc, and my sis on her laptop, even at the same time) protected? (like nobody else using our network)

  Wired Equivalent Privacy, commonly called WEP is 802.11's first hardware form of security where both the WAP and the user are configured with an encryption key of either 64 bits or 128 bits in HEX. So when the user attempts to authenticate, the AP issues a random challenge. The user then returns the challenge, encrypted with the key. The AP decrypts this challenge and if it matches the original the client is authenticated. The problem with WEP is that the key is static, which means with a little time and the right tool a hacker could use reverse-engineering to derive the encryption key. It is important to note that this process does affect the transmission speed.
  WPA builds upon WEP, making it more secure by adding extra security algorithms and mechanisms to fight intrusion.
  WiFi Protected Access (WPA) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer’s equipment.WPA delivers a level of security way beyond anything that WEP can offer, bridges the gap between WEP and 802.11i networks, and has the advantage that the firmware in older equipment may be upgradeable.
  WPA2 is based upon the Institute for Electrical and Electronics Engineers’ (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. The primary difference between WPA and WPA2 is that WPA2 uses a more advanced encryption technique called AES (Advanced Encryption Standard), allowing for compliance with FIPS140-2 government security requirements. 

• What's the security difference between WPA and WPA2 Personal?

  In order to get my G4 iMac (OS 10.4.11) onto my new AEBS(b/g/n) wi-fi network, I had to drop the network security down from WPA2 Personal to WPA/WPA2 Personal.
  What are the potential security risks in this mode? I know that WEP is no longer secure, so I'm concerned about WPA also being vulnerable.
  If there's a good online explanation of these security differences (not necessarily Apple-only), you just give me that link.
  Thanks

  Hi,
  Summary:
  1.WPA2 is the improved version of WPA
  2.WPA only supports TKIP encryption while WPA2 supports AES
  3.Theoretically, WPA2 is not hackable while WPA is
  4.WPA2 requires more processing power than WPA
  http://www.differencebetween.net/technology/difference-between-wpa-and-wpa2/

• Aironet 1140 54Mbps connection speed

  We are having some issues with our AP: Aironet 1140 at our head office where people are complaining of slow connection speeds.
  I have gone through the configuration on the controller and noticed that all Clients were connecting at 802.11g connection speeds (54Mbps).
  I have noticed in the configuration page on the controller Wireless>802.11b/g/n > High Throughput is disabled.  (See attached screenshot)
  I don’t want to just enable this setting in case it disconnects all the users from all the AP’s not just the ones at head office.
  We use 802.1x for authentication and Machine certificates.
  All Clients connect using WPA2.
  Would this settings increase the connection speed up to 802.11n?
  Is there a way to just enable it on 1 AP to trial it before enabling it on all the AP’s?

  The wireless speed is only 15-20mbps Max. When connected via Lan cable the speed is around 45mbps.
  As scott said, you are getting this speed due to the half duplex nature of wireless. If your AP model is 1142, then you can configure radio1 interface (5GHz)  for the SSID. You MUST use WPA2/AES  or Open Auth in order to get 802.11n speeds which is greater than 54Mbps. I do not think you are using that at the moment & it may be a reason why clients data rates not get 802.11n speeds.
  Below shows different AP model max data rates. If your clients having multiple spatical stream (SS) capability they can get higher speeds. Note that 20MHz BW is the max you can get in 2.4GHz band & 40MHz bandwidth you can get from 5GHz with channel bonding. So 5GHz is always better if you looking for higher througput (but obviously client should able to connect in 5GHz)
  Adding antoher AP would be a good idea (without bridging) & see wether you could afford 2602 or 3602 which can go upto 450Mbps data rates . Practically if you could you get 50% (which is around 200Mbps) that is really good. Note that this is total AP througput & if you connect multiple clients that will be shared among users.
  Also keep in mind when you add multiple users all users aggregate bandwidth is limited to 50Mbps due to your WAN link speed. So that would be the bottleneck within your network.
  HTH
  Rasika
  *** Pls rate all useful responses ***