-2

While configuring a TPL Wi-Fi Access Point I found out that there are three similar parameters in it which need to be set to make it work properly. If these parameters are not set correctly then some of my Wi-Fi enabled devices either do not get connected with the AP at all or in some scenarios they successfully make the connection but give some other error for example 'TCP link down'. But if I set all of these parameters to following values then all of my devices work properly.

These parameters and their values that work for me are:

  1. Security -> WPA-PSK/WPA2-PSK
  2. Authentication -> WPA-PSK
  3. Encryption -> AES

I want to know:

  1. How are these three parameters same or different from each other?
  2. Are they only relevant at the SSID/PW matching stage between the Wi-Fi device and AP or they also effect how the data is sent and received between the Wi-Fi device and the remote Server (website)?

Here is a screenshot of the UI:

Screenshot of UI

Improve this question

1 Answer 1

Reset to default
1

That's really bad UI. The term "WPA2-PSK" automatically implies PSK authentication and AES-CCMP encryption. This UI was probably created by someone who didn't really grasp the technical details. So I don't want to try to guess what the UI designer was thinking when he created this UI, and in what way he was trying to differentiate these concepts. I think his mental model was wrong, resulting in confusing UI.

For most people, the setting that works best is WPA2-PSK only (no original WPA, no TKIP). Original WPA and TKIP were a stopgap measure c. 2003-2004 that almost no products ever needed/supported (that is, without also supporting the much better WPA2). Now leaving it enabled just complicates things and triggers bugs. Most smart sysadmins went straight from WEP only to WPA2 only. I highly recommend you give WPA2-only (AES only) a shot, or a second shot if you already tried it. Leaving original WPA/TKIP enabled is useless, but worse than useless because it complicates things and exposes bugs that cause devices to fall off the network or become undiscoverable.

PSK authentication is involved when a client joins or rejoins the network. AES-CCMP encryption is used to "scramble" every packet the client to the AP or the AP sends to the client. This is to make it harder for people to eavesdrop on your network traffic wirelessly, even if you're not using proper TLS 1.2 or better security for every connection you make to a web server or other internet server. The AES-CCMP encryption of packets on a WPA2-protected network only applies to the wireless link. So it doesn't make your web connection to your bank's website more secure to Internet based eavesdroppers. You still need to use TLS 1.2 or better for that.

Improve this answer
1
  • The UI is very unclear. It has "Auto" as an option for the 2 parameters 'Authentication' and 'Encryption'. But when I select "Auto" in these parameters settings then sometimes my devices work while sometimes they don't work. What could be the meaning of "Auto" in these parameters?
    – homecloud
    Commented Jul 21, 2019 at 9:39

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .