A Question about WRT600N wireless router..

I have this router in my home. I use the 5Gig channel as a wireless N network and I use the 2.4GHz channel as a Mixed network, (B, G or N) Both channels are set to WPA-2 with AES.

I am trying to connect the XBOX by wifi and it seems that microsoft has disabled this option (The WPA-2 is in the XBOX config GUI but it is greyed out.)

I don't want to bring down the 2.4GHz channel to WEP as that seems to be the only security mode (Other than none) that the XBOX supports.

Is there something I can do on the router to have the connection between the XBOX and the Linksys an open connection while the other connections are secure?

Where else might I post this message?

Reply to
SpreadTooThin
Loading thread data ...

It does NOT need to be an open connection. XBox does not support WPA2-AES, but does support WPA-TKIP. While not as secure as WPA2, WPA is good enough and way better than WEP.

In any of the Xbox forums. A Google search for "Xbox WPA2" shows that it's a common question.

Reply to
Jeff Liebermann

On Tue, 15 Sep 2009 07:56:35 -0700, Jeff Liebermann wrote in :

WPA-TKIP has been cracked. WPA-AES or WPA2 should be used instead.

Reply to
John Navas

Nope. Xbox360 supports WPA-TKIP and WPA-AES (kludge). No WPA2-AES support, yet:

One fix is to use a wireless client bridge instead of the official Microsoft wireless adapter:

Reply to
Jeff Liebermann

On Sun, 20 Sep 2009 18:44:27 -0700, Jeff Liebermann wrote in :

Read what I wrote more carefully -- WPA-AES or WPA2-TKIP are sufficient (as far as we currently know).

Yep.

Reply to
John Navas

Check your assumptions.

  1. WPA-AES is not officially part of 802.11i. That's why I marked it as a kludge.

  1. There is no such thing as WPA2-TKIP. WPA2 always uses AES encryption. I would normally suggest that everyone use WPA2-AES but I keep blundering into wireless devices (i.e. Microsloth Xbox360 wireless client) that don't support WPA2-AES, and client drivers that simply don't work reliably with WPA2-AES, but do work with WPA-TKIP. (Note: All this is with a Pre-Shared Key. RADIUs support is a different horror story).

Reply to
Jeff Liebermann

On Mon, 21 Sep 2009 15:42:42 -0700, Jeff Liebermann wrote in :

"Understanding the updated WPA and WPA2 standards"

The encryption piece of WPA and WPA2 mandates the use of TKIP or, because it?s considered to be more secure than TKIP, preferably AES encryption. From an encryption standpoint, WPA leaves AES optional while WPA2 mandates both TKIP and AES capability.

Although AES is preferred from a security standpoint, other important issues are (1) what the equipment actually supports and (2) amount of overhead.

AES will usually have less overhead than TKIP with AES hardware support (at both ends of the radio link), but more overhead with only software support. Unfortunately, often the only way to tell is to actually test the equipment.

Some equipment (and DD-WRT) support TKIP+AES with automatic fallback, but, unfortunately, "a chain is only as strong as its weakest link", and this essentially obviates the security advantage of AES unless WPA2 is forced.

Reply to
John Navas

On Sep 21, 3:42=A0pm, Jeff Liebermann wrote: . =A0

How would this be towards better understanding?:

There is no such thing as WPA2-TKIP; There is WPA2-AES and WPA-AES+TKIP, but no 'TKIP' by itself.

berk

Reply to
berk

On Wed, 23 Sep 2009 01:22:30 -0700 (PDT), berk wrote in :

"Understanding the updated WPA and WPA2 standards"

The encryption piece of WPA and WPA2 mandates the use of TKIP or, because it?s considered to be more secure than TKIP, preferably AES encryption. From an encryption standpoint, WPA leaves AES optional while WPA2 mandates both TKIP and AES capability.

Although AES is preferred from a security standpoint, other important issues are (1) what the equipment actually supports and (2) amount of overhead.

AES will usually have less overhead than TKIP with AES hardware support (at both ends of the radio link), but more overhead with only software support. Unfortunately, often the only way to tell is to actually test the equipment.

Some equipment (and DD-WRT) support TKIP+AES with automatic fallback, but, unfortunately, "a chain is only as strong as its weakest link", and this essentially obviates the security advantage of AES unless WPA2 is forced.

Reply to
John Navas

It does not mandate the use of TKIP with WPA2. Your ref doc uses the wifi alliance as the creators:- "The WPA and WPA2 standards were created by the Wi-Fi Alliance industry group that promotes interoperability and security for the wireless LAN industry." From the WiFi Alliance:- "WPA2 is today's generation of Wi-Fi security. It is founded on two key protocols: (1) Advanced Encryption Standard (AES), the encryption protocol used by the United States and other governments to protect confidential and classified information, and by the enterprise to secure WLANs, and (2) IEEE 802.1X, a standard widely used in corporate networks to provide robust authentication and sophisticated network access control features. WPA2 is based on IEEE 802.11i and provides 128-bit AES-based encryption. It also provides mutual authentication with Pre-Shared Key (PSK; in Personal mode) and with IEEE 802.1X / EAP (in Enterprise mode). In 2004 the Wi-Fi Alliance introduced WPA2 certification. In 2006 WPA2 certification became mandatory for all Wi?Fi CERTIFIED equipment submitted for certification."

Reply to
LR

On Wed, 23 Sep 2009 15:43:11 +0100, LR wrote in :

AES is required for certification, but "The standard certified through WPA2 is BACKWARD COMPATIBLE with the standard certified through WPA."

[emphasis added]
Reply to
John Navas

An item that has been certified as WPA2 will be compatible with an item that has been certified WPA in that it has the capability to be set to use WPA.

Reply to
LR

So, (lets try this again...)

- WPA2_AES = YES

- WPA2_AES+TKIP = YES

-WPA2_TKIP = No such animal.

Riiiight?

berk

Reply to
berk

Yes

This is dubious. Some manufacturers have WPA2_AES+TKIP in their settings for WPA2 Personal however if you read the notes what you actually get is WPA_TKIP and WPA2_AES e.g.

I have 2 Zyxel gateways which can have the security set to be WPA compatible when using WPA2, but they fall back to WPA when using this function if the client cannot use WPA2. The WPA2 only setting for these gateways is only compatible with AES.

WPA2_TKIP = No such animal.

The bottom line is that manufacturers can include whatever they like and as long as it includes the basic requirements for certification the Wifi Alliance will probably certify it as meeting their standard.

I haven't seen the latest version of the 802.11 standard but there was discussion that TKIP was obsolete and should be removed. "TKIP has reached the end of its designed lifetime and has been deprecated in the next full release of the 802.11 standard."

Comment "TKIP has reached the end of its designed lifetime and number of critical deficiencies in its security has already been identified. Consequently, TKIP cannot be considered secure and its use not should be promoted in any way." Proposed change "Add following paragraph to the end of 6.1.2: ?The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.? Replace ?TKIP and CCMP? with ?CCMP? elsewhere in 6.1.2." Resolution "Accept."

Reply to
LR

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.