EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-01 19:38:16
Model: EAP660 HD  
Hardware Version: V1
Firmware Version: V1_1.0.1 build 20200724

I have a network with EAP245 Managed by OC200

Now I bought one of the new EAP660 and added this to the Network.

Adopted ok, an most of the clients are happy. However one, a Blackberry 9700 sees the Networks (encrypted with WPA2) as encrypted with WEP, which is for sure not correct.

I did a restart of the OC200, reprovisioning of the EAP600, restart of EAP660.

I changed the encyption to WPA, changed the key. No change, Also a reboot of the Blackberry will not make a difference.

But when I remove the EAP660 and connect the EAP245 everything is ok again.

 

What can be done to fix this problem?

 

 

  0      
  0      
#1
Options
7 Reply
Re:EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-01 21:11:07 - last edited 2021-04-01 21:14:19

@valued_customer 

 

Hey

 

Do you have the encryption method set to  WPA2-PSK/WPA3-SAE ?

 

Just thinking out loud that the 660 could be running WPA3-SAE as its default, as the blackberry doesnt even know WPA3 exists it mis-reads it as WEP..  had something similar with AES years ago on a few PDAs that didnt know about / understand WPA2 AES and therefore identified it as WEP64.    When I ran WPA2-TKIP it identifed however, not un-similar to your issue.

 

If you remove the 660 and add the 245 it goes back to WPA2-AES (highest the 245 supports) and the blackberry identifies the encryption... then sounds plausable!   

 

Just a stab in the dark but by sounds of it, time to scrap the blackberry or move it to a SSID of its own.. 

 

  0  
  0  
#2
Options
Re:EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-02 07:40:50

@Philbert 

Thank you for stabbing, but no, changing the encryption method wll not make the Networks visible to the Blackberry with the correct encryption.

The networks are set to WPA2 only, I also tried WPA3 and WPA, changed the key (which has a length which would work as a WEP PSK). No joy. The only way I can make the Blackberry join the network seems to create a WEP secured network. I will try WPA enterprise also, but I have to setup first a raduis server.

But if the EAP 660 still supports WEP, then TP-Link should be able to make it compatible the the Blackberry. Most likely this is a bug, there will be more devices having a similar problem in the future.

 

  0  
  0  
#3
Options
Re:EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-02 08:31:13

@Philbert 

Followup:

If I select TKIP then the 9700 will see the network as WPA2 encrypted (Mixed AES/TKIP will not work)

WPA2-Enterprise will not make a difference.

 

  0  
  0  
#4
Options
Re:EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-02 09:11:02

@valued_customer 

 

Yeah it sounds exactly what I had then also, think it was an old samsung galaxy s1 at the time but it was pre the ratification of WPA2-AES so it didn't work after a few years with all the hardware I tried.   TKIP was the answer for me too as its basically just WEP on steroids.

 

Your call ultimately but does appear to be that specific blackberry device itself, at the risk of offending one must ask do you 100% require such old hardware on your network.   Even from a security point of view, its a un-supported, unpatched 10 year old OS.  I called time on the users old galaxy device for that very reason

  0  
  0  
#5
Options
Re:EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-02 09:38:45

@Philbert 

Dont make prejustice about this blackberry device unless you are sure.

All communication this device does (with the exception of SMS or Voice) is secured through a permanent VPN to the Enterprise Server. To my knowledge, there is still no way anyone is able to look into the communication or break into it. Regardless of the encryption a Wireless network uses, it will not have a negative effect on the security of the device or the communication.

An then, the usability, security, reliability, size, weight, battery runtime -to name a few things- of the Blackberry is still much better then any other smartphones I tried, and currently trying. I refuse to use anything else until the very end (which might be coming in January 2022 - blackberry announced to shutdown the network used by these devices).

 

I hope a few more reports about similar problems will pop up and hopefully tp-link will fix this problem

 

  0  
  0  
#6
Options
Re:EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-02 10:16:14

@valued_customer 

 

Hey

 

As I claimed, at the risk of offending.. 

 

Ultimately its your personal opinion and choice on this one, if you feel the blackberry is vital to you then crack on. 

 

My opinion however, you are mixing up data transport security with network encryption, its not the device im specifically saying is the issue, rather the effect it will have on your network.  

 

To purchase AX grade WiFi hardware, designed primarily for WPA3 and reduce the encryption for that SSID to facilitate one device, which itself is EOL and as you say gone in 2022..   VPN or no VPN is irrelevant, anything WEP / TKIP based is a weak point into your network.  Once that shared key is known someone is in your network and sniffing your LAN.  The VPN traffic is of no interest to them and yes will be secure, however they are still on your network and that is my point. 

 

Seems like saying I wont put a good lock my house door because I keep my wallet in the safe.

 

But that is just my opinion

 

Whatever you do best of luck to you!  I don't speak for TP Link in any way, however I doubt they will be making any changes to firmware or encryption implementations to support this age of hardware.

  0  
  0  
#7
Options
Re:EAP 660 backwards compatiblity? Network seen as WEP instead of WPA2
2021-04-02 10:32:24

@Philbert 

No Problem, I dont feel offended.

And I know about the security problems a weak encryption might introduce.

But I use a network for the 9700 which actually is a kind of public network. Encrypted, but guest because only acess to the internet allowed.

 

 

 

 

  1  
  1  
#8
Options

Information

Helpful: 0

Views: 944

Replies: 7

Related Articles