Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Issues connecting with WPA2-aes and wpa2-tkip

This thread has been viewed 4 times

  • 1.  Issues connecting with WPA2-aes and wpa2-tkip

    Posted Nov 20, 2012 02:10 PM

    Currenty our SSID profile is allowing mixed authentication of wpa-aes, wpa-tkip, wpa2-aes and wpa2-tkip. Most of my clients are authenticating using wpa2-aes or wpa2-tkip.

     

    However, today we changed the 802.11 security to allow wpa2-aes and wpa2-tkip only. All of a sudden all of my client machines, which were authenticatiing using wpa2-aes, or wpa2-tkip can no longer connect. If we change the settings back to mixed all of my wpa2 users can connect once again.

    So why, when we have network authentication set to wpa2-aes, wpa2-tkip, do my clients fail?



  • 2.  RE: Issues connecting with WPA2-aes and wpa2-tkip

    EMPLOYEE
    Posted Nov 20, 2012 05:27 PM

    Are you sure that some of your clients are not hardcoded to connect via wpa-aes, wpa-tkip?



  • 3.  RE: Issues connecting with WPA2-aes and wpa2-tkip

    Posted Nov 26, 2012 10:11 AM

    Yeah we double checked and the clinets are not hard coded to anything besides wpa2



  • 4.  RE: Issues connecting with WPA2-aes and wpa2-tkip

    Posted Nov 26, 2012 10:31 AM

    Can you try putting WPA2 AES only and try with a client which is WPA2 AES capable to see if the problem goes away... to see if the problem is the TKIP?

    Dont use mixed i mean put just WPA2 it will give you just option of AES i have read problems with that mixed mode before

     

    Just to test...

     

    What code of firmware you got?



  • 5.  RE: Issues connecting with WPA2-aes and wpa2-tkip

    Posted Nov 26, 2012 10:45 AM

    Actually i remenber i read once on the forum that

    that on 802.11n it will not let clients to connect if you are using tkip...some clients do not like mixed mode in this case WPA2 mixed mode...

    I did a search for that topic here is it

     

    http://community.arubanetworks.com/t5/Campus-WLAN-and-High-Density-Wi/IMAC-not-getting-an-ip-address-when-op-mode-is-set-for-mixed/td-p/33200

     

    There you go

    Try putting it on WPA2 AES  only and try again but with a client that you know that it support AES

     

    Aruba recommends that if you using TKIP you should migrate it to clients that support AES As soon as possible

     

    TKIP does not let clients to get the maximum thougput just AES and ssids with no encriptation...

    Plus tkip has security issues...



  • 6.  RE: Issues connecting with WPA2-aes and wpa2-tkip

    Posted Nov 20, 2012 06:13 PM

    Collin is right


    Check in one of those machines that cannot authenticate for example if its a windows 7 check on the profile of that SSID and check its really connnecting to WPA2 AES, i mean check if its configured as it... because on the clients there isnt any option of mixed... or anything like that... its WPA2 AES or its WPA2 TKIP  or itsWPA  TKIP there is no mix in there... you understand where im going?

     

    Check on the client...