Posted on September 25, 2020 3:59 pm
 |  Asked by Ondřej Brabec
Print Friendly, PDF & Email

Hello all,

we have an SSID profile configured with 802.1x authentication (Windows NPS). The customer started to receive a message that the WiFi network is not secured. After logging in to the SSID, it can be seen that TKIP is used as a cipher, which has not been secure for a long time. I can’t find where to change the encryption to AES .. Can anyone advise? I can’t find it anywhere in the Security SSID profile configuration.

Thanks a lot.


Posted by Sreelekha
Answered on September 28, 2020 9:52 am

Hi Ondrej,

Thanks for using the forum.

With WPA2+ 802.1x ( or WPA2 enterprise ) AES encryption is used by the AP by default. This is advertised in the beacons and management frames.

But when you select "WPA and WPA2 mixed mode".This setting will allow you to cater both TKIP and AES clients. Hence both the capabilities are advertised in the beacons and the clients associate according to their capabilities.

Can you verify if you have "WPA and WPA2 mixed mode" selected under the security section and modify it to WPA2 only?

Let us know if that helps.


Posted by Ondřej Brabec
Answered on September 29, 2020 8:32 am

Hi Sreelekha,

thank you for your answer. Yes we have selected "WPA and WPA2 mixed mode.

I changed settings to WPA2 only, but I noticed high client connction drop. With WPA/WPA2 mixed I see connected about 30 clients, with WPA2 only see about 5 clients. There is no exact data about authentication issues in Cloud Vision Dashboard. Is there any chance how to find information about  used ciphers (TKIP or AES) for connected user? I tried to find this information in both CloudVision and Wireless Manager, but I didn't find it.

Thank you.


Post your Answer

You must be logged in to post an answer.