NWA50AX - difference between wpa2-mix and wpa3
e_mano_e
Posts: 87 
Ally Member
Ally Member
Hi,
the Zyxel Online Web Help isn't really much helpful to describe the difference.
The help just says: Select a security mode from the list: none, enhanced-open, wep, wpa2, wpa2-mix or wpa3.
But what does wpa2-mix mean? Is it wpa/wpa2 combination?
Or is wpa-mix a wpa2/wpa3 combination?
And when I choose wpa3 will the access point fall back to wpa2 if older devices are trying to connect to wlan?
Thanks.
the Zyxel Online Web Help isn't really much helpful to describe the difference.
The help just says: Select a security mode from the list: none, enhanced-open, wep, wpa2, wpa2-mix or wpa3.
But what does wpa2-mix mean? Is it wpa/wpa2 combination?
Or is wpa-mix a wpa2/wpa3 combination?
And when I choose wpa3 will the access point fall back to wpa2 if older devices are trying to connect to wlan?
Thanks.
0
Accepted Solution
-
Hi e_mano_e,
Welcome to Zyxel forum.
There are 3 kinds of WLAN security mode setting.
1. WPA1, it means WPA-TKIP and WPA2-AES, know as WPA2-Mix.
2. WPA2, it means WPA2-AES only.
3. WPA3, it means WPA3 only and when we select WPA3, it will enable "transition mode" to be compatible the client which does not support WPA3.
Thank you.
BR, Dick0
Zyxel Employee
All Replies
-
On my NWA210AX, the "wpa3" setting actually will let in both WPA2 and WPA3 clients (verifiable by looking at the station list, which shows each client's security setting). I too would be interested to know how wpa2-mix differs.0
-
Hi e_mano_e,
Welcome to Zyxel forum.
There are 3 kinds of WLAN security mode setting.
1. WPA1, it means WPA-TKIP and WPA2-AES, know as WPA2-Mix.
2. WPA2, it means WPA2-AES only.
3. WPA3, it means WPA3 only and when we select WPA3, it will enable "transition mode" to be compatible the client which does not support WPA3.
Thank you.
BR, Dick0 -
@Zyxel_Dick
your explanation would be a great addition for the Zyxel Web Online Help.0 -
Hello, thanks for the clarification @Zyxel_Dick! There is one question remaining, which is the difference between activating
- WPA2-mix with Cipher Setting AES and
- WPA2 with Cipher Setting auto
Both can fallback to TKIP, so what is the difference?
And I guess WPA2 AES also means CCMP, right?
Thanks for any clarification!
Michael.0 -
Hi @michaelrommel
WPA2-mix include WPA+TKIP and WPA2+AES, so WPA2-mix with Cipher Setting AES means WPA2+AES.
WPA2 with Cipher Setting auto means WPA2+TKIP and WPA2+AES. Due to TKIP is unsecure and the low speed for station (54Mbps), so we set WPA2+AES as default to get more secure and the faster speed for station.WPA2 AES also means CCMP.Judy
0 -
Thank you, Zyxel_Judy for explaining this! Much appreciated!
Since I have two devices (Withings Scale and a Nest smoke detector) that do not connect to the access point whenever I set the SSID (iot.devices) to WPA2-AES and only if I set the cipher to auto, that means that other devices on this same SSID can also only use 54Mbps. So if there were other device that would be capable of achieving higher data rates and higher security (like raspberry pis), does it make sense to open up another SSID, like iot.tkip.devices and iot.aes.devices?
Also, is there a place in a log or so, where I can see which client negotiated which cipher/WPA2/WPA3?0 -
In case you set WPA2 and the cipher to auto, it means WPA2+TKIP and WPA2+AES. Your two devices (Withings Scale and a Nest smoke detector) can connect with WPA2+TKIP, otherwise, the stations with the higher capability can connect with WPA2+AES to get higher data rates and higher security.
In Nebula, there is no WPA2 with the cipher as auto, so suggest you choose WPA1, it means WPA-TKIP and WPA2-AES. You don’t need to create other SSID.
In Access point > Monitor > Client list shows the column named “Security”. This column shows which secure encryption method (WPA1/WPA2/WPA3) is being used by the client to connect to the Nebula Device.
Judy
0 -
Thank you very much, @Zyxel_Judy for the additional info! Then I have already set everything up as it should be. I am not using Nebula, just the local UI. And I really appreciate it, that I can just use that UI, I have switched to Zyxel from Ubiquity for that exact reason. I am pretty satisfied with the access point!
0
Categories
- All Categories
- 388 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 913 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 330 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 875 Nebula FAQ
- 414 Security FAQ
- 220 Switch FAQ
- 193 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 61 Security Highlight
