RE450 is broadcasting TKIP instead of AES. Roaming issues
My main router (Netgear R7000P) is set to use only WPA2-PSK (AES), both on 2,4 GHz and 5 GHz. However, I'm experiencing roaming and disconnection issues when my devices do a handover to the RE 450 extended network. It seems that it is happening because RE 450 is also broadcasting the lower security protocol and encryption WPA-PSK (TKIP). Sometimes, my device shows me that the signal strength is good but there is no internet connection. My iPhone Xr (running iOS14) says "weak security", right next to the wifi network name.
I was wondering if the TP-Link engineers could provide a new firmware that could allow the customer to set the wireless security for the extended network only to WPA2_PSK (AES), or at least give the chance to choose what security protocol and encryption the RE 450 extended network should use.
Could you help me? Thanks. AlexCouto
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi all,
it seems that finally we have new official firmware release (thanks TP-Link support!).
For RE450v3 here is the link:
https://www.tp-link.com/en/support/download/re450/v3/#Firmware
I tested it and it solves the issue for TKIP.
In order to be sure to get rid of TKIP, just take care to re-scan and re-associate with your main wifi source and you've done.
Hope it helps.
- Copy Link
- Report Inappropriate Content
Hello everyone,
Here is a summary thread for Range Extender Weak security issue where you could find the latest firmware or beta firmware that fixed the problem:
[Solution] iPhone iOS14 recognizing the range extender wireless network as "weak security"
https://community.tp-link.com/en/home/forum/topic/232218?page=1
If your model is not listed, or you still experience the same issue, please leave your comment there with case details. We will look in to your inquiry as quickly as possible.
- Copy Link
- Report Inappropriate Content
Good day.
Thank you very much for your time and patience.
As for the weak security issue on IOS 14, it is recommended to change the encryption method of the front-end router or main AP to WPA2 + AES, then configure the RE device to re-associate with the front-end router through the web management interface (Tether is not recommended).
Note:
Our Range Extenders use Auto security mode by default, which supports WPA2+AES, and TKIP to be compatible with the devices that only support old encryption methods. If the Apple devices detect that the wireless connection a weak encrypted network, 'the weak security' would show up there. But in fact, IOS devices would still prefer the secure encryption method WPA2+AES, instead of TKIP when connecting to the range extenders, and users do not need to worry about the potential security issue.
Thank you very much.
- Copy Link
- Report Inappropriate Content
Firmware version: 1.0.1 Build 20190124 Rel. 56886
Hardware version: RE450 v3.0
It is very annoying to see "weak security" next to the wifi network name on iOS14. I understand the auto security mode by default (with TKIP support) but after the first configuration setup, it should be the user to choose whether TKIP is enabled or disabled. It's very frustrating not being able to set AES encryption only.
You say that “IOS devices would still prefer the secure encryption method WPA2+AES, instead of TKIP when connecting to the range extenders”, so why does my iPhone still show “weak security”? When I press the “i” icon right next to network name, it says “WPA/WPA2 (TKIP) is not considered secure. If this is your Wi-Fi network, configure the router to use WPA2 (AES) or WPA3 security type”. So, it's clearly choosing to negotiate TKIP. This is all very confusing.
PS: And yes, my router is set to WPA2+AES only.
- Copy Link
- Report Inappropriate Content
@AlexCouto I'm in the same situation....please refer to me if you find a solution.
- Copy Link
- Report Inappropriate Content
@Aion As stated before i'm in the same situation...as soon as i have upgraded my iphone to IOS14 i had the same problem...and yes my router is set to WPA2+AES only, too
Infact when my phone is connected directly to the wifi without TP-Link extender i do not have this annoying message about security
Hope someone can solve the problem
- Copy Link
- Report Inappropriate Content
@LucaItaly I returned the RE450 to Amazon and I bought the DECO M3 pack (01 x DECO M4R and 01 x DECO M3W extender). It's a mesh network instead of a router-repeater setting. My internet speeds at my daughter's room - close to the M3W - is around 50 Mbits instead of 5 or 6 Mbits when I was using the RE450. And now I have only WPA2-AES on all network (thanks to the beta firmware for this DECO kit - https://community.tp-link.com/en/home/forum/topic/227662).
- Copy Link
- Report Inappropriate Content
@AlexCouto I just bought the RE450 yesterday and I'm having the exact same issue. It connects to my router using WPA2-AES but anything I connect to the RE450 connects with WPA-TKIP which is unacceptable. There is no way under the sun for the end user to control the security in the Wifi and TP-Link seems to prefer to use TKIP by default. I've made a decision to return mine to Amazon. Such a waste of time. You'd think by year 2020 a network company would know how to make wifi work. Very disappointed in TP-Link. I'm also reading that the extender RE-220 is having the exact same issue.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Solla-topee wrote
Our Range Extenders use Auto security mode by default, which supports WPA2+AES, and TKIP to be compatible with the devices that only support old encryption methods. If the Apple devices detect that the wireless connection a weak encrypted network, 'the weak security' would show up there. But in fact, IOS devices would still prefer the secure encryption method WPA2+AES, instead of TKIP when connecting to the range extenders, and users do not need to worry about the potential security issue.
Your argument is flawed. Since the wireless extender still broadcasts using TKIP, attackers can still break into the network and access unencrypted data packets. TKIP option compromises the security of the entire network. I am appalled that TP-link sells products in 2020 with TKIP enabled by default.
TKIP can be an option if customers have older devices, but the default configuration has to be delivered to be a secure one. At the bare minimum, AES option should be available for customers to enable.
Are you rolling out firmware upgrades that enable AES option for the extended network? Or should I and all your customers who care for wifi security just give up and throw this equipment into the trash?
- Copy Link
- Report Inappropriate Content
@saisrujan Fortunately since I bought the RE450 last week, I was able to return it and get every penny back. I won't buy anymore TP-Link wifi stuff. Especially when they condone the TKIP protocol and blame it on the router. I'm using a router than is defined for WPA2-AES only and the extender connects ok to it BUT it re-broadcasts using TKIP. It has nothing to do with the source router.
anyway I'm glad this was a quick and easy big to find so that I could return it.
- Copy Link
- Report Inappropriate Content
Dear @Solla-topee
I (but I think all of us) completely agree with @saisrujan .
I own a RE200 repeater and I'm in the very same situation.
I already asked a few times what the development timeline for an updated firmware is, but no answer yet.
So, please tell us by when we should expect a fix (because as said several times this definitely is a problem of the repeater) or if we should trash our equipment, as @saisrujan says.
Because, I want to stress this, our networks have been exposed for a long time (and until Apple released iOS v.14, we just didn't know it - maybe just a few of us did, using some network sniffer programs).
KR
- Copy Link
- Report Inappropriate Content
Information
Helpful: 7
Views: 17987
Replies: 52