SSID WPA2/AES VS AUTO(WPA1&2)/AUTO(TKIP&AES) what is better and why?

  • 1
  • Question
  • Updated 3 years ago

Hi guys,

I was recommend to change the SSID access security setting from AUTO(WPA or WPA2) with AUTO TKIP / AES to just WPA2/AES. Is that really better?

When a 802.11n laptop is connected with a AP through WPA1/TKIP, is there a bandwidth limit compared with WPA2/AES ?

It looks like WPA1TKIP give only 802.11g or a but WPA1/AES comes with 802.11n.

We use a 802.11x radius server and some domain joined laptops. the bandwidth is always  only 54Mbps, when they are connected to wireless network and in the SSID access security setting, it is WPA-(WPA or Auto)-802.1X with TKIP. Should I change it to WPA2-(WPA2 enterprise)-802.1X with AES? does it give me higher bandwidth because WPA2/AES is capable with 802.11n??

I am a beginner in wireless network. Cheers.



Photo of Jamie Cho

Jamie Cho

  • 27 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Brian Powers

Brian Powers, Champ

  • 391 Posts
  • 91 Reply Likes
You must use Open or WPA2/AES for your clients to be able to connect at higher than the legacy a/b/g data rates (54 Mbps) with the 802.11n standard.  WPA2-Enterprise (802.1X) can require additional configuration and hardware (RADIUS server namely).
Photo of Crowdie

Crowdie, Champ

  • 968 Posts
  • 270 Reply Likes
From a security point of view AES is more secure than TKIP.  TKIP was only a stop gap measure for the even less secure WEP deployments where the wireless clients couldn't support AES.  Unfortunately to keep the backward compatibility with WEP TKIP retained some of WEP's vulnerabilities.

In a nutshell don't use WEP ever and only use TKIP when the wireless client does not support AES and cannot be upgraded to.  Even better, if the wireless client can't support AES, go and purchase a wireless client that can.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2487 Posts
  • 449 Reply Likes
Yes, you do want to be using WPA2 only.
Photo of J. Goodnough

J. Goodnough, Champ

  • 265 Posts
  • 32 Reply Likes
to reiterate Nick and Crowdie, only ever use WPA2 and if a client doesn't support WPA2 it needs to be replaced immediately; network security should not be compromised to accommodate it. WEP can be broken in literal seconds.
Photo of Jamie Cho

Jamie Cho

  • 27 Posts
  • 0 Reply Likes

After reviewing some articles and you guys points, I understand the WPA2/AES is the best option for the security.

In our network, there are domain joined laptops, and we use a radius server and WPA/WPA2 802.1x(enterprise) for them. In the SSID settings, the key management is WPA-(WPA or Auto)-802.1X.

To my understanding, The WPA2/AES is the best for the security So, I intend to change it to WPA2-(WPA2 enterprise)-802.1X with CCMP(AES). Before I do that, there are some things to check.

1.  The key management is set with WPA-(WPA or auto)-802.1X, and if I change it to WPA2/AES, is there a configuration I should change in the radius server?

2. I understand the WPA2/AES comes with higher security. Except the security advantage, are there more advantages?

3. Do I only get only 54Mbps speed in using TKIP? or in 802.1x ? In the monitor, the domain joined laptops show me the Authentication method is WPA-802.1x, Encryption method is TKIP and radio mode is 802.11g or a. It is not 802.11ng or na. Do you know why?