When do I use WPA2-PSK AES versus when to use TKIP?

Discussion in 'Wireless Internet' started by Werner Obermeier, Jul 18, 2015.

  1. How do I make a decision to choose between WPA2-PSK AES or TKIP?

    I have some guests coming over for a week, and they asked for the wifi
    password, which is fine, so I logged into my router and decided to set up
    a guest network (so that I can give them a *different* passphrase).

    When I logged into the router, I'm confronted with this choice?
    ( )WPA2-PSK (AES)
    ( )WPA-PSK [TKIP] + WPA2-PSK [AES]

    I'm sure *both* work just fine, but, rather than just click one of them
    arbitrarily (which is what I did prior), I wonder if you can advise me on
    how I would properly make a decision between the various options?
    Werner Obermeier, Jul 18, 2015
    1. Advertisements

  2. Also, what exactly does checking this box do?
    ( )Allow guest to access My Local Network
    Werner Obermeier, Jul 18, 2015
    1. Advertisements

  3. Werner Obermeier

    Ralph Fox Guest

    TKIP is no longer considered secure, unlike AES.

    You would only enable TKIP when the guests had older devices which
    did not support AES. Anything made in the last 9 years should
    support AES.
    Ralph Fox, Jul 18, 2015
  4. BTW, I do have this manual:

    But, all it says for the first question is:
    WPA2-PSK (AES) - WPA2-PSK is stronger than WPA-PSK. It is advertised to be theoretically indecipherable due to the greater degree of randomness in encryption keys that it generates.
    WPA-PSK (TKIP) + WPA2-PSK (AES) - WPS-PSK + WPA2-PSK Mixed Mode can provide broader support for all wireless clients. WPA2-PSK clients get higher speed and security, and WPA-PSK clients get decent speed and security. The product documentation for your wireless adapter and WPA client software should have instructions about configuring their WPA settings.

    And, for the second question, I don't see how these are different?
    Allow guest to access My Local Network - If this check box is selected, any user who connects to this SSID has access to your local network, not just Internet access.
    Enable Wireless Isolation - If this check box is selected, then wireless clients (computers or wireless devices) that join the network can use the Internet, but cannot access each other or access Ethernet devices on the network.
    Werner Obermeier, Jul 18, 2015
  5. Werner Obermeier

    tlvp Guest

    What follows are my understandings, perhaps quite flawed:
    If all you want your guests to be able to access is the wide-area, distant
    internet, do NOT check this box (checking it will allow guests to access
    everything -- printers, modems, computers, SAN drives, files and folders,
    etc. -- on your local network as well). Whether your guests will or won't
    be able to access *each other* seems to be unspecified here.
    If all you want is for your guests to be able to access the wide-area,
    distant internet, but nothing local, not even each other, check this box.

    It almost appears as if checking the first box, to give guests access to
    everything, and checking the second, to assure that guests are wirelessly
    isolated from each other, will let guests access the internet, and local
    printers, say (or modems, or faxes, etc.), but *not* each other.

    But test that before letting guests loose in that playground, I may well be
    horribly off-base :) .

    Cheers, -- tlvp
    tlvp, Aug 4, 2015
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.