WA850RE Extended wifi offers TKIP, how do I disable that?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

WA850RE Extended wifi offers TKIP, how do I disable that?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
WA850RE Extended wifi offers TKIP, how do I disable that?
WA850RE Extended wifi offers TKIP, how do I disable that?
2017-09-26 17:57:58 - last edited 2020-09-18 11:49:06
Model : WA850RE

Hardware Version : V2

Firmware Version : : 1.0.0 Build 20160527 Rel. 60757

ISP :

WA850RE Extended wifi offers TKIP, how do I disable that?

[V2 hardware (Admin, pls note the "Add more information" section of the post creation form does not allow me to enter the hw version)]


My "primary" wifi (host network) security is set as WPA2-AES (no TKIP, and no WPA). When I view it with Acrylic's wifi scanner (free) it confirms this wifi as just WPA2 offered, with "PSK-CCMP" only available (CCMP essentially is AES by another name), so confirming no WPA and no TKIP are available (or WEP come to that).

After using WPS to connect the extender to this wifi, Acrylic shows that the extended wifi is offering both the old WPA as well as WPA2, and both are shown as "PSK-(TKIP|CCMP)". [and Nirsoft's free WifiInfoView says the same]

Note that TKIP is deprecated and should not be used, so WPA should not be used at all, and WPA2 should not be used with TKIP.
So I don't want my extender to offer anything except WPA2 with PSK + AES.

In the extender's web management pages there are no obvious setting to change the extended wfi security settings.

I did note though that under Wireless/Connect to Network (ie where you can manually set the primary wifi connection details) there is a Security drop-down which shows " WPA-PSK/WPA2-PSK" currently selected, but gives "WPA2-PSK" as an alternative option. I tried the "WPA2-PSK" option and it has changed the extended wifi security, BUT not "enough".

After changing to "WPA2-PSK" Acrylic now shows the extended wifi with just WPA2 offered (WPA has gone), BUT it still shows "PSK-(TKIP|CCMP)" whereas I was hoping for "PSK-CCMP".

So how do I switch off the now deprecated TKIP completely in the extended wifi?

Cheers
  1      
  1      
#1
Options
1 Accepted Solution
Re:WA850RE Extended wifi offers TKIP, how do I disable that?-Solution
2020-09-18 11:46:54 - last edited 2020-09-18 14:36:48

@Jedihead 

Good day, Sorry for the delay.

We had noticed this issue as well.

For the Deco series products, we have released the beta firmware already.

https://community.tp-link.com/en/home/forum/topic/227662

 

Update:

For Range Extenders, it is recommended to change the encryption method of the front-end router or main AP to WPA2 + AES, then configure the RE device to re-associate the front-end through the web management interface (Tether is not recommended).

 

Note:

Our Range Extenders use Auto secutiy mode by default, which supports WPA2+AES, and TKIP to be compatible with the devices that only support old encryption methods. If the Apple devices detect that the wireless connection a weak encrypted network,  'the weak securiy' would show up there. But in fact, iOS devices would still perfer to the secure encryption method WPA2+AES, instead of TKIP when connecting to the range extenders, and users do not need to worry about the potential security issue.

 

If you have any further issue, please feel free to update it here.

Thank you very much.

Recommended Solution
  1  
  1  
#10
Options
17 Reply
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2017-09-29 16:25:06
The range extender will have the same authentication type with the router, so if your router uses AES, the extender should be the same.
So if your main router is AES, then the 850RE should be AES as well, and that cannot change. Did you try any other way to check it?
BTW, did you set different name for the RE and Rotuer? Just make sure that you are checking the correct signal.
It will be good if you can share a screenshot about it:-)
  0  
  0  
#2
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2017-09-29 16:50:05
Hi, thanks for the reply.

If the extender should " have the same authentication type with the router" then I think it is faulty.

Look at the screenshot, see the two "DaveG" entries:
Extender (A2-E9) = WPA2-PSK with TKIP+CCMP
Host (83-E2) = WPA2-PSK with CCMP





As I said, both Nirsoft and Acrylic show "TKIP", any other suggestions as to how to confirm it?

And note that (as first posted) I have already had to change the Security drop-down to remove WPA!

Cheers

Dave
  0  
  0  
#3
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2020-04-12 13:37:12

Hello, I have the same issue with TL-WA854RE v3.0 the device has simplistic UI which doesn't help with disabling TKIP(WPA). 

 

My main network is WPA2 only so essentially this device is MAKING MY NETWORK INSECURE. 

 

Please help me to find the detailed UI in this device otherwise I'll have to return.

 

Thank you

  0  
  0  
#4
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2020-09-17 09:38:45

@root23 

 

I have same problem. Router is WPA2-AES but the TL-WA855RE only uses TKIP.

  0  
  0  
#5
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2020-09-17 13:56:44 - last edited 2020-09-18 11:50:30

I have TL-WA855RE  version 4 with latest firmware. I write here to formally ask that you add WiFi security settings with the option to require WPA2-AES over TKIP.

 

My router is WPA2-AES but I can see no way to stop the TL-WA855RE being TKIP.

 

You may know that with iOS 14 such equipment is flagged as weak security, so you may get more demand for this now.

  3  
  3  
#6
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2020-09-17 21:21:13

I have AC750 (RE200) v2 and it too has this issue. WPA2/AES is not listed as an available security protocol. My main router is using WPA2/AES.

 

I was alerted to this issue after upgrading my iPhone to iOS14 (see screenshot below).

 

  2  
  2  
#7
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2020-09-18 03:46:19

@TomiS facing the same problem too after installed the ios 14. i was thinking the someone intercepted and changed my settings. After reset and upgraded the firmware, it was still there.  And now i know it is a general problem. We have been connecting the extender for a long time in a insecure way without any notices. TPLINK should patch this flaw inmmediately.

  3  
  3  
#8
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2020-09-18 11:43:04

I have the same issue, this needs to get fixed/patched asap, it is compromising my all network.

  3  
  3  
#9
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?-Solution
2020-09-18 11:46:54 - last edited 2020-09-18 14:36:48

@Jedihead 

Good day, Sorry for the delay.

We had noticed this issue as well.

For the Deco series products, we have released the beta firmware already.

https://community.tp-link.com/en/home/forum/topic/227662

 

Update:

For Range Extenders, it is recommended to change the encryption method of the front-end router or main AP to WPA2 + AES, then configure the RE device to re-associate the front-end through the web management interface (Tether is not recommended).

 

Note:

Our Range Extenders use Auto secutiy mode by default, which supports WPA2+AES, and TKIP to be compatible with the devices that only support old encryption methods. If the Apple devices detect that the wireless connection a weak encrypted network,  'the weak securiy' would show up there. But in fact, iOS devices would still perfer to the secure encryption method WPA2+AES, instead of TKIP when connecting to the range extenders, and users do not need to worry about the potential security issue.

 

If you have any further issue, please feel free to update it here.

Thank you very much.

Recommended Solution
  1  
  1  
#10
Options
Re:WA850RE Extended wifi offers TKIP, how do I disable that?
2020-10-01 09:01:53

@Solla-topee 

 

Hello, thanks for your answer, but i have the same problem on a RE450, the extended network is in WPA2-PSK (AES+TKIP) and my router in WPA2-PSK (AES), i can't put the extender in the same configuration and it's causing some trouble for WIFI Roaming on my MacBook in addition to lowering the security level.

 

Can you solve this problem ?

 

You said "Our Range Extenders use Auto securitiy mode by default, which supports WPA2+AES, and TKIP to be compatible with the devices that only support old encryption methods." and "But in fact, iOS devices would still prefer to the secure encryption method WPA2+AES, instead of TKIP when connecting to the range extenders, and users do not need to worry about the potential security issue."

 

Sorry for being a bit rude but it is a lack of knowledge of cybersecurity, an attacker can more easily bypass security with TKIP than with AES and if he "force the connection" by using an old endpoint he can attack and compromise the network by using this breach, there is no link with the fact that my computer is connected using AES instead of TKIP, it is the fact that the extender provide a TKIP connection for old devices which is the problem in fact. It's a security breach..

 

You have to let us choose the security we want to put, my router is on AES only it works perfectly with all my devices and it's more secure, i must be able to have AES only on my extender so as not to lower the security of my network and permit an easy WIFI Roaming.

 

If we can have an update for RE450 extender to permit to put only WPA2-PSK (AES) it would be a good thing :).

 

Thanks for your help

 

 

  6  
  6  
#11
Options