wleeb wrote

I installed Omada Controller v3.2.1 and adopted 2 EAP225 AP's. I configured a SSID and selected 'WPA-PSK' for 'Security Mode' then under 'Advanced Settings' chose 'Auto' for 'Version' as I have both WPA-PSK1 and WPA-PSK2 clients. WPA-PSK1 clients will not establish a connection, only WPA-PSK2 clients work successfully.

 

To test, I 'forget' one of the AP's in Omada and configure it using the builtin web browswer. Under 'Wireless' I created a SSID and set the 'Security Mode; to WPS-PSK and 'Version' to 'Auto'. Both WPA-PSK1 and WPA-PSK2 clients connect sucessfully. This indicates the AP is 'Auto' selecting version dependant on client's needs when configured from the built-in web browser (as it should).

 

Given this test, it appears as if Omada Controller v3.2.1 does not set security mode version to 'Auto' in the adopted AP's when selected.

 

Any help would be appreciated.

Hello, 

From your description, it seems that when you use Omada Controller to manage the EAP, and choose "Auto" for the version, it is differnet from the "Auto" when you manage the EAP in Standalone mode.

When we choose "Auto", it will choose the encryption version randomly. So it may choose WPA-PSK or WPA2-PSK, it is not a bug.

If 'Auto' is really 'random' then how would I force it to use WPA1-PSK when using Omada as I have clients that require it?

wleeb wrote

If 'Auto' is really 'random' then how would I force it to use WPA1-PSK when using Omada as I have clients that require it?

Hi,

If you need WPA-PSK, we recommend you to set the version as WPA-PSK. 

Because when we set "Auto", we are not sure what it will choose. The best choice is to set it as WPA-PSK directly. 

I am still confused as to why 'Auto' would 'randomly' choose encryption verision. In what use case would this ever be applied?

I was logically reading 'Auto' as setting encryption version based on each client's requirment (WPA-PSK or WPA2-PSK) as that would allow both types of clients to function on the network simutanously.

Having the AP randomlly choosing encryption version (not knowing which one is applied) seems very strange. Using your suggested work around and forcing all clients to use WPA-PSK also seems very limiting as all AP's/clients would be forced down to WPA-PSK even if they are WPA2-PSK compliant.

Thanks for the support. As a workaround, I have abandoned Omada and using the buit-in interface on my AP's as "Auto" works as expected (both WP-PSK and WPA2-PSK clients connect). Let me know when the "Auto" function works in Omada and I will change back.

Questionmark wrote

@forrest,

 

Unless I am missing some important detail, something doesn't look right here.  The point of using 'auto' should be to let capable clients use WPA2-PSK while still allowing older clients that only support WPA-PSK to connect.  Random security selection just doesn't make any sense.  The Omada Controller manual says that when auto is selected "The EAP will automatically choose the version used by each client device."  I think the security of the client should be based on capability, not just randomness.

 

CC: @jonas

If wleeb is right about this, and the issue is reproducable, I think that it is worth taking a good look at.

Hi Questionmark

Yes, the "auto" version will let capable devices use WPA2-PSK while let traditional devices uee WPA-PSK to do the connection. For this issue, we will try to test this issue.

wleeb wrote

Thanks for the support. As a workaround, I have abandoned Omada and using the buit-in interface on my AP's as "Auto" works as expected (both WP-PSK and WPA2-PSK clients connect). Let me know when the "Auto" function works in Omada and I will change back.

Hello,

Please help us to have a test. When you manage the EAP via the Omada Controller, please enable SSH and login to the EAP via SSH. Then input some commands on the putty, it will tell us some logs about it. We can see some information from the log. 

About how to login to the EAP via SSH and what the commands are, we write a guide for you, please refer to the following website:

http://support.tp-link.com/f/621cff51b0/

wleeb wrote

I installed Omada Controller v3.2.1 and adopted 2 EAP225 AP's. I configured a SSID and selected 'WPA-PSK' for 'Security Mode' then under 'Advanced Settings' chose 'Auto' for 'Version' as I have both WPA-PSK and WPA2-PSK clients. WPA-PSK clients will not establish a connection, only WPA2-PSK clients work successfully.

 

To test, I 'forget' one of the AP's in Omada and configure it using the builtin web browswer. Under 'Wireless' I created a SSID and set the 'Security Mode; to WPS-PSK and 'Version' to 'Auto'. Both WPA-PSK and WPA2-PSK clients connect sucessfully. This indicates the AP is 'Auto' selecting version dependant on client's needs when configured from the built-in web browser (as it should).

 

Given this test, it appears as if Omada Controller v3.2.1 does not set security mode version to 'Auto' in the adopted AP's when selected.

 

Any help would be appreciated.

Hi, 

We have found that this problem is not a bug. When we use Controller to create SSIDs, some old client devices only support "TKIP" in the Encryption, so we should choose "Auto" to meet old and new client devices. Then this problem will be solved.