Network security

[Wando64]

I have been using for some time a TP-Link WA850RE range extender and since installing iOS 14 I am getting warning that the network is using an insecure protocol WPA/WPA2.
In theory, according to TP-Link, the extender should be using the main Router's protocol.

It is clear that the connection between the extender and my main router is WPA2-PSK and it is secure. My router would not allow any other connection.
However it would seem that the extender itself would allow connections from insecure WPA protocol as it is reported WPA/WPA2 by both iOS14 devices and by my Macs.

Am I misunderstanding something fundamental or do I have a problem?

 

[mystery hill]

Doesn’t the extender have an option to only allow connections using WPA2?

 

[Wando64]

Doesn’t the extender have an option to only allow connections using WPA2?

It has a setting to specify the connection with the router, but not one to specify what it will accept as incoming connections.
Maybe the two are the same, however I have set it to connect to the router using WPA2 only but it still advertises itself as accepting WPA/WPA2 connections.

 

[mystery hill]

TP-Link WA850RE offers TKIP

Our Range Extenders use Auto secutiy mode by default, which supports WPA2+AES, and TKIP to be compatible with the devices that only support old encryption methods. If the Apple devices detect that the wireless connection a weak encrypted network, 'the weak securiy' would show up there. But in fact, iOS devices would still perfer to the secure encryption method WPA2+AES, instead of TKIP when connecting to the range extenders, and users do not need to worry about the potential security issue.

 

[Wando64]

TP-Link WA850RE offers TKIP

I did see this document, but I don’t find it particularly reassuring.
Again I might be misunderstanding something fundamental, but even if my devices connect to the extender using a secure protocol, what is to stop another device gaining access to my network via the less secure WPA protocol that seems to be available from the extender?

 

[Wando64]

Is there a way to test if the range extender is really accepting WAP connections?
Can I force one of my devices to use WAP only for the purpose of testing?

 

[mystery hill]

Is there a way to test if the range extender is really accepting WAP connections?

iPhone > Settings > WiFi > Other > You can manually enter the name of your wireless network and choose the security type.

You should forget your WiFi network on your phone before testing.

 

[Wando64]

iPhone > Settings > WiFi > Other > You can manually enter the name of your wireless network and choose the security type.

You should forget your WiFi network on your phone before testing.

I cannot see from Apple’s support info whether this will determine the minimum security level or the maximum.

e.g. If I set the security as WAP2, will it connect to a network with security a)WPA2 or below, b)WPA2 or above, c)precisely WPA2

Is there a way of checking which protocol I am using at any given moment in time?

 

[mystery hill]

Why not set it to WPA?

 

[Wando64]

Why not set it to WPA?

Sure. Same question though.
Does it means that it will connect to networks with a minimum requirement of WPA (WPA and above) or it means that it will connect to networks with a maximum requirement of WPA (WPA or WEP) or does it mean it will only connect to a WPA network?

I have also been looking for a way to tell which protocol and encryption I am using (WPA-TKIP or WPA2-AES).
If I ask my Mac, all i get is that I am using WPA/WPA2 which doesn't tell me anything useful.

 

[mystery hill]

Does it means that it will connect to networks with a minimum requirement of WPA (WPA and above) or it means that it will connect to networks with a maximum requirement of WPA (WPA or WEP) or does it mean it will only connect to a WPA network?

If you manually choose WPA then it means that it's connecting via WPA.

If you connect successfully then the extender is accepting connections for WPA and WPA2.

 

[Wando64]

If you manually choose WPA then it means that it's connecting via WPA.

If you connect successfully then the extender is accepting connections for WPA and WPA2.

That is exactly what is happening.
Do you know of a way to confirm the protocol in use?

 

[mystery hill]

Selecting WPA and successfully connecting is the confirmation.

That's the expected behaviour according to the TP-Link page that I posted above. The extender is accepting both WPA and WPA2 connections.

I guess you could check if there is a firmware update that allows you to restrict the security protocol.

I wouldn't really worry about it since someone would need to be physically in range of the wireless network and also wanting (and knowing) how to crack the WPA protocol to gain access.

 

[Wando64]

I already have the last Firmware update.

Oh well...
What I could do is use MAC filtering on the extender to give me a little bit more security.

Thanks for your help

 

[mystery hill]

Thanks for your help

You're welcome.

 

[Wando64]

TP-Link have released a new firmware to fix this problem.