Ruijie Community

Title: EW300 seems to use TKIP instead of AES in WPA2-PSK mode [Print this page]
Author: Symlogia Helpde    Time: 2023-7-10 16:26
Title: EW300 seems to use TKIP instead of AES in WPA2-PSK mode
<p>I have deployed a pair of EW300, which work well, but iOS devices report Weak Security indicating WPA/WPA2 is in use, when the router is ocnfigured to use WPA2-PSK only. It seems the change from WPA/WPA2 to WPA2-PSK is not working correctly.</p><p><img alt="image.png" src="data/attachment/forum/202307/10/162454a9hhjh30p0112j93.png" width="556" height="284"></p><p>This is on the latest firmware available.<br></p>
Author: liuxiyang@ruiji    Time: 2023-7-10 16:29
Hi sir, May I know your device SN and firmware version? I checked Advanced Encryption Standard (AES), which is more secure than TKIP, is recommended.
Author: info@symlogia.c    Time: 2023-7-10 16:43
GTAC-Steve replied at 2023-7-10 16:29
Hi sir, May I know your device SN and firmware version? I checked Advanced Encryption Standard (AES) ...

Hi Steve
Firmware: ReyeeOS 1.204.1810
Serial: G1RP6JL041395
G1RP6JL050222
Author: liuxiyang@ruiji    Time: 2023-7-10 20:58
Symlogia Helpdesk replied at 2023-7-10 16:43
Hi Steve
Firmware: ReyeeOS 1.204.1810
Serial: G1RP6JL041395

Hi sir,

Cov I cannot check the photo which you send with me, may you send it  to my email?
This is my email:liuxiyang@ruijie.com.cn
Author: JuanK-50237    Time: 2023-7-17 00:31
Hello Symlogia Helpdesk,
I have the same problem. My EW1200G-PRO is configure to use WAP2-PSK only. However I get the weak TKIP encryption error on all my apple devices (iPhone and Mac). Can you advise how to fix it?
This is the my device info:
Thank you.
Author: guominxiang@rui    Time: 2023-7-17 12:07
JuanK-50237 replied at 2023-7-17 00:31
Hello Symlogia Helpdesk,
I have the same problem. My EW1200G-PRO is configure to use WAP2-PSK only.  ...

You can change the password to a more complex one and test again.
It may be because of the trust certificate of the iPhone.

Please check my test results below:







Author: liuxiyang@ruiji    Time: 2023-7-17 12:09
JuanK-50237 replied at 2023-7-17 00:31
Hello Symlogia Helpdesk,
I have the same problem. My EW1200G-PRO is configure to use WAP2-PSK only.  ...

Hi sir,

May you show me your EW1200G-PRO configuration and iPhone and Mac issue screenshot?



Best regards,


Steve


Author: JuanK-50237    Time: 2023-7-17 22:22
GTAC-Micca replied at 2023-7-17 12:07
You can change the password to a more complex one and test again.
It may be because of the trust  ...

My Wi-Fi password is a 14 character string combining numbers, special characters and upper/lower. I don't believe it is weak, any other recommendation?

I do have WAP2-PSK enforce, but can't select AES over TKIP.


Author: JuanK-50237    Time: 2023-7-17 22:24
GTAC-Steve replied at 2023-7-17 12:09
Hi sir,

May you show me your EW1200G-PRO configuration and iPhone and Mac issue screenshot?

Sure this is the EW1200G-PRO configuration:





And this is the Mac error:




Author: liuxiyang@ruiji    Time: 2023-7-17 23:19
JuanK-50237 replied at 2023-7-17 22:24
Sure this is the EW1200G-PRO configuration:

Hi sir,
Thank you , I will check it first
Author: liuxiyang@ruiji    Time: 2023-7-17 23:19
JuanK-50237 replied at 2023-7-17 22:24
Sure this is the EW1200G-PRO configuration:

Hi sir,
Thank you , I will check it first
Author: liuxiyang@ruiji    Time: 2023-7-17 23:19
JuanK-50237 replied at 2023-7-17 22:22
My Wi-Fi password is a 14 character string combining numbers, special characters and upper/lower.  ...

Hi sir,

Thank you , I will check it first

Author: guominxiang@rui    Time: 2023-7-18 13:51
JuanK-50237 replied at 2023-7-17 22:22
My Wi-Fi password is a 14 character string combining numbers, special characters and upper/lower.  ...

Would you mind share with me what password you configure on your device then I can test with same password on my device? If it is not convenient for you to public password, you can send the password to my email: guominxiang@ruijie.com.cn


Author: JuanK-50237    Time: 2023-7-18 21:39
GTAC-Micca replied at 2023-7-18 13:51
Would you mind share with me what password you configure on your device then I can test with same  ...

Hello GTAC-Micca,

I believe I fix it but I'm curios why behavior is this way. My original setup was with separate SSIDs for 2.4Ghz and 5Ghz networks, this configuration was giving weak TKIP errors on every apple device.
For testing purposes I enabled Dual-Band Single SSID and it fixed the error with no changes to the password. I don't need separate SSIDs, so this is ok. But ideally this should not affect the encryption.





Welcome to Ruijie Community (https://community.ruijienetworks.com/) Powered by Discuz! X3.2