When do I use WPA2-PSK AES versus when to use TKIP?

How do I make a decision to choose between WPA2-PSK AES or TKIP?

formatting link

I have some guests coming over for a week, and they asked for the wifi password, which is fine, so I logged into my router and decided to set up a guest network (so that I can give them a *different* passphrase).

When I logged into the router, I'm confronted with this choice? ( )WPA2-PSK (AES) ( )WPA-PSK [TKIP] + WPA2-PSK [AES]

I'm sure *both* work just fine, but, rather than just click one of them arbitrarily (which is what I did prior), I wonder if you can advise me on how I would properly make a decision between the various options?

Reply to
Werner Obermeier
Loading thread data ...

Werner Obermeier wrote in moegjn$30n$ snipped-for-privacy@solani.org:

Also, what exactly does checking this box do? ( )Allow guest to access My Local Network

Reply to
Werner Obermeier

TKIP is no longer considered secure, unlike AES.

You would only enable TKIP when the guests had older devices which did not support AES. Anything made in the last 9 years should support AES.

Reply to
Ralph Fox

BTW, I do have this manual:

formatting link

But, all it says for the first question is: WPA2-PSK (AES) - WPA2-PSK is stronger than WPA-PSK. It is advertised to be theoretically indecipherable due to the greater degree of randomness in encryption keys that it generates. WPA-PSK (TKIP) + WPA2-PSK (AES) - WPS-PSK + WPA2-PSK Mixed Mode can provide broader support for all wireless clients. WPA2-PSK clients get higher speed and security, and WPA-PSK clients get decent speed and security. The product documentation for your wireless adapter and WPA client software should have instructions about configuring their WPA settings.

And, for the second question, I don't see how these are different? Allow guest to access My Local Network - If this check box is selected, any user who connects to this SSID has access to your local network, not just Internet access. Enable Wireless Isolation - If this check box is selected, then wireless clients (computers or wireless devices) that join the network can use the Internet, but cannot access each other or access Ethernet devices on the network.

Reply to
Werner Obermeier

What follows are my understandings, perhaps quite flawed:

If all you want your guests to be able to access is the wide-area, distant internet, do NOT check this box (checking it will allow guests to access everything -- printers, modems, computers, SAN drives, files and folders, etc. -- on your local network as well). Whether your guests will or won't be able to access *each other* seems to be unspecified here.

If all you want is for your guests to be able to access the wide-area, distant internet, but nothing local, not even each other, check this box.

It almost appears as if checking the first box, to give guests access to everything, and checking the second, to assure that guests are wirelessly isolated from each other, will let guests access the internet, and local printers, say (or modems, or faxes, etc.), but *not* each other.

But test that before letting guests loose in that playground, I may well be horribly off-base :-) .

Cheers, -- tlvp

Reply to
tlvp

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.