EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
I have a network with EAP245 Managed by OC200
Now I bought one of the new EAP660 and added this to the Network.
Adopted ok, an most of the clients are happy. However one, a Blackberry 9700 sees the Networks (encrypted with WPA2) as encrypted with WEP, which is for sure not correct.
I did a restart of the OC200, reprovisioning of the EAP600, restart of EAP660.
I changed the encyption to WPA, changed the key. No change, Also a reboot of the Blackberry will not make a difference.
But when I remove the EAP660 and connect the EAP245 everything is ok again.
What can be done to fix this problem?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hey
Do you have the encryption method set to WPA2-PSK/WPA3-SAE ?
Just thinking out loud that the 660 could be running WPA3-SAE as its default, as the blackberry doesnt even know WPA3 exists it mis-reads it as WEP.. had something similar with AES years ago on a few PDAs that didnt know about / understand WPA2 AES and therefore identified it as WEP64. When I ran WPA2-TKIP it identifed however, not un-similar to your issue.
If you remove the 660 and add the 245 it goes back to WPA2-AES (highest the 245 supports) and the blackberry identifies the encryption... then sounds plausable!
Just a stab in the dark but by sounds of it, time to scrap the blackberry or move it to a SSID of its own..
- Copy Link
- Report Inappropriate Content
Thank you for stabbing, but no, changing the encryption method wll not make the Networks visible to the Blackberry with the correct encryption.
The networks are set to WPA2 only, I also tried WPA3 and WPA, changed the key (which has a length which would work as a WEP PSK). No joy. The only way I can make the Blackberry join the network seems to create a WEP secured network. I will try WPA enterprise also, but I have to setup first a raduis server.
But if the EAP 660 still supports WEP, then TP-Link should be able to make it compatible the the Blackberry. Most likely this is a bug, there will be more devices having a similar problem in the future.
- Copy Link
- Report Inappropriate Content
Followup:
If I select TKIP then the 9700 will see the network as WPA2 encrypted (Mixed AES/TKIP will not work)
WPA2-Enterprise will not make a difference.
- Copy Link
- Report Inappropriate Content
Yeah it sounds exactly what I had then also, think it was an old samsung galaxy s1 at the time but it was pre the ratification of WPA2-AES so it didn't work after a few years with all the hardware I tried. TKIP was the answer for me too as its basically just WEP on steroids.
Your call ultimately but does appear to be that specific blackberry device itself, at the risk of offending one must ask do you 100% require such old hardware on your network. Even from a security point of view, its a un-supported, unpatched 10 year old OS. I called time on the users old galaxy device for that very reason
- Copy Link
- Report Inappropriate Content
Dont make prejustice about this blackberry device unless you are sure.
All communication this device does (with the exception of SMS or Voice) is secured through a permanent VPN to the Enterprise Server. To my knowledge, there is still no way anyone is able to look into the communication or break into it. Regardless of the encryption a Wireless network uses, it will not have a negative effect on the security of the device or the communication.
An then, the usability, security, reliability, size, weight, battery runtime -to name a few things- of the Blackberry is still much better then any other smartphones I tried, and currently trying. I refuse to use anything else until the very end (which might be coming in January 2022 - blackberry announced to shutdown the network used by these devices).
I hope a few more reports about similar problems will pop up and hopefully tp-link will fix this problem
- Copy Link
- Report Inappropriate Content
Hey
As I claimed, at the risk of offending..
Ultimately its your personal opinion and choice on this one, if you feel the blackberry is vital to you then crack on.
My opinion however, you are mixing up data transport security with network encryption, its not the device im specifically saying is the issue, rather the effect it will have on your network.
To purchase AX grade WiFi hardware, designed primarily for WPA3 and reduce the encryption for that SSID to facilitate one device, which itself is EOL and as you say gone in 2022.. VPN or no VPN is irrelevant, anything WEP / TKIP based is a weak point into your network. Once that shared key is known someone is in your network and sniffing your LAN. The VPN traffic is of no interest to them and yes will be secure, however they are still on your network and that is my point.
Seems like saying I wont put a good lock my house door because I keep my wallet in the safe.
But that is just my opinion
Whatever you do best of luck to you! I don't speak for TP Link in any way, however I doubt they will be making any changes to firmware or encryption implementations to support this age of hardware.
- Copy Link
- Report Inappropriate Content
No Problem, I dont feel offended.
And I know about the security problems a weak encryption might introduce.
But I use a network for the 9700 which actually is a kind of public network. Encrypted, but guest because only acess to the internet allowed.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 952
Replies: 7
Voters 0
No one has voted for it yet.