Wireless-ethernet bridge with WPA-PSK (AES) ?

Is there not a wireless-ethernet bridge ("gaming adapter") that supports WPA-PSK (AES) ?

I've bought two from a local store only to return them because they don't do AES. I told them I would keep purchasing and returning until the manufacturers learn to put full specifications on the box. If they just list WEP and WPA-PSK, HTF are you supposed to know if WPA-PSK is both TKIP and AES?

Thought about ordering online, but I sent an email to a couple manufacturers asking if specific bridges support AES but they babble talk and refuse to give a clear answer. Probably because they don't have a clue.

What is WPA2? Is WPA2 the same thing as "WPA-PSK (AES)" ? Would I bridge that says WPA2 on the box work with "WPA-PSK (AES)" ?


Reply to
Loading thread data ...

I believe dd-wrt supports WPA-PSK AES, in case you're willing to go that route. That's what I would do.

Reply to
Char Jackson

Yes. Any of the devices supported by DD-WRT firmware.

I don't have a list of game adapters that specifically mention WPA2-PSK-AES. That's because most of the common game adapter were introduced with firmware that does NOT support WPA2. However, they also have firmware updates that usually supply the missing feature.

Did you check the web sites for the unspecified hardware for updates that might just support WPA2-PSK-AES ??

Which makes and models did you buy?

Chuckle. I almost spilled my cup or herbal tea over that. Most of the manufacturers are going out of their way to dramatically reduce any technical descriptions, specs, or performance claims. I've been fighting that battle for years with little success. Anyway, it's considered good form to research the products online before shelling out money. Try the wireless reviews at:

Let's see if the Linksys WGA54G does WPA2-Personal-AES. Looks like v1.10 only does WEP:

I did some digging and found that the WGA54G v2 hardware supports WPA2-TKIP but *NOT* WPA2-AES. Oddly, it claims that it requires v1.16 firmware, while the latest on the LinksysBuyCisco web pile is 1.10.

So, you're right. No WPA2-AES for that game adapter which is not surprising for firmware released in 2005.

You're right. It should be listed. However, WPA and WPA2 may have been added after the initial firmware release.

True. My favorite fun question is "What's the current version number of the firmware?" They never seem to know that.

Yes. They're the same. PSK means "pre-shared key" which is sometime called "WPA-Personal". AES is the "Advanced Encryption Something" which is the new and improved encryption standard endorsed by the federal bureaucracy. There's also authentication standards that came with AES. See:

Sorta. WPA2 will work with either TKIP encryption (as used with WPA) or optionally AES. The optional is the key here. TKIP is a stream cipher and is easily done in either hardware or software. AES is a block cipher and is not so simple. AES was originally intended to be done only in hardware. That's why it's optional. However, CPU horsepower has improved sufficiently that AES can now be done easily in software. The problem is that some manufacturers are reluctant to revise firmware for products they no longer sell, resulting in no AES support. It's also possible that they ran out of RAM/ROM needed to implement AES. Hard to tell, but you will find devices that only do WPA2-PSK-TKIP and NOT do WPA2-PSK-AES. Offhand, I can't think of any, but I've seen them in the past.

Reply to
Jeff Liebermann

Apparently, AES is part of the WPA2 spefication, but some manufactuers started using AES earlier in WPA1 in a "non standard" sort of way.

I need a bridge that can talk to an AP using WPA1-PSK-AES. I tried using WPA2 on a bridge, but it doesn't work. After digging further, I read that even though the encryption matches, WPA1 and WPA2 have different broadcast flags. So, WPA1-PSK-AES will only talk to WPA1-PSK-AES... :(

And there is zero way of knowing if XYZ bridge does WPA1-PSK-AES because the full specs aren't written on the web sites, let alone the box. Asking a sales drone is also a waste of time too. They stare like a deer caught in headlights...

Reply to

None that I know of. Which product has WPA with AES? As far as I can determine, WPA is only supplied with TKIP encryption.

Why? I can guess, but I want to know what you're trying to accomplish by specifying this non-existent mode of encryption and authentication.

Do you own the access point or wireless router that you're trying to connect with? What make and model access point? If it's NOT yours, then you're doing something wrong.

Yes, I've seen that. Some bridge systems will only do WEP. DD-WRT will do WPA-PSK-TKIP:

However, I had problems with disconnects when using WPA2-PSK-AES and went back to WPA-PSK-TKIP

Yep, but some access points and wireless routers have an algorithm where it will accept connections from either TKIP or AES. For example, the common DD-WRT firmware supports this mode. It supports: "WPA2 Personal Mixed" However, there is no option for WPA with mixed encryption methods. WPA only does TKIP.

Yep. You're not going to get tech support or system engineering help at a big box store.

Reply to
Jeff Liebermann

Found one that works. Linksys WET54G, H/W Version 3.1

The setup lists both TKIP and AES for WPA1. (It also has both for WPA2.)

Sure enough, when WPA1 is selected with AES, it connected fine, but when WPA2 is selected with AES it doesn't connect. Nor does it connect when TKIP is selected for either.

Reply to

Egads.... You're right. I checked the settings at:

Both AES and TKIP are offered in both WPA and WPA2. Amazing.

Chuckle. Usually it's TKIP that works every time in WPA2 mode, and not AES. Now, it's backwards. Congratulations, maybe.

Reply to
Jeff Liebermann

Yeah, that emulator is also old as well. The newest software firmware has both WPA and WPA2 in the drop down box. (Along with WEP, Radius, etc.) AES/TKIP are selectable for both WPA and WPA2. The only combination that I got it finally working with was WPA and AES.

I'm not sure what router or AP they were using at the place I needed the bridge at. All I know is that it was a Linksys.

I have a AP at home that also does WPA1-PSK-AES. (It doesn't even have WPA2). It is the DLink DWL-7100AP

If my reading was correct, AES was intended for WPA2, but some manufacturers "snuck" it into WPA1 early, making WPA1-PSK-AES a proprietary "non standard" ? Also read that even though the encryption matches with WPA2, there are major differences with the other protocols, so the two (WPA1-PSK-AES and WPA2-PSK-AES) can't talk to one another...

Ya'd think they (manufacturers) would have wanted to prevent confusion... Oh well...

Reply to

formatting link

Reply to

Y'er right. Amazing. The data sheet at:

shows: WPA - Wi-Fi Protected Access (WPA - TKIP/AES PSK)

Ugh. I was wrong. WPA-PSK-AES is sorta kinda supported on DD-WRT:

You can use WPA + AES for higher security than TKIP, but only if your devices support it (it is optional). For this reason it is not very common. You also do not get the improved roaming features of WPA2.

WPA + TKIP+AES provides a fallback in case AES is not supported by a device in that it switches to the more common TKIP. The disadvantage is that it might switch to TKIP unexpectedly but is more backwards compatible if needed.

I still think it's a bad idea. My (second) guess is that there are quite a few client radios and drivers that will not support the WPA-PSK-AES mode.

Weird, totally weird. It kinda looks like some manufacturers had the room to implement AES encryption, but ran out of horsepower or space to implement the various WPA2 authentication methods.

Looking at the various home router certifications at:

most of the common wireless routers are tested and certified for WPA and WPA2 with an assortment of authentication protocols. However, there's no detail on which combination of encryption protocols are included in the test.

The associated "white paper" on the certification process only hints that the testing follows 802.11i. So, grabbing 802.11i:

I'm blessed with 190 pages of heavy reading which is guaranteed to turn my brain into mush. A quick search offers no mention of WPA or WPA2, but the underlying protocols are described in excruciating detail. Methinks I'll pass for now and leave this exercise for another time when I'm awake and have more time.

Reply to
Jeff Liebermann

Yeah, the whole WPA1-PSK-AES thing threw me off at first too. I also thought that WPA1-PSK-AES was "WPA2", but it is its own animal...

The Sony PS3 and PSP, along with with Nintendo Wii, support WPA1-PSK-AES (in addition to WPA2). WPA1-PSK-AES are given as a seperate option...

Reply to

I'm afraid you're right. Since you mentioned it, I've been looking at various current wireless router wireless encryption setups and finding that most of them now support WPA1-PSK-AES. Yet another defacto standard. I haven't had time (or the intestinal fortitude) to read through IEEE 802.11 docs to see if it's kosher.

Reply to
Jeff Liebermann

~ On Thu, 12 Mar 2009 07:59:14 -0400, "bc20" ~ wrote: ~ ~ >Yeah, the whole WPA1-PSK-AES thing threw me off at first too. I also ~ >thought that WPA1-PSK-AES was "WPA2", but it is its own animal... ~ >

~ >The Sony PS3 and PSP, along with with Nintendo Wii, support WPA1-PSK-AES (in ~ >addition to WPA2). WPA1-PSK-AES are given as a seperate option... ~ ~ I'm afraid you're right. Since you mentioned it, I've been looking at ~ various current wireless router wireless encryption setups and finding ~ that most of them now support WPA1-PSK-AES. Yet another defacto ~ standard. I haven't had time (or the intestinal fortitude) to read ~ through IEEE 802.11 docs to see if it's kosher.

WPA1-AES is neither a standard per IEEE 802.11i nor per the Wi-Fi Alliance. WPA1-TKIP is a Wi-Fi standard, and WPA2-TKIP and WPA2-AES are standard per both IEEE and Wi-Fi.

Generally speaking, WPA1-AES showed up when hardware appeared that supported AES, before the advent of supplicants that supported WPA2.

For example, Windows XP SP2 did not support WPA2 at FCS (you either needed to add a hotfix such as 893357, or upgrade to SP3, to get WPA2.) However, it did support WPA1-AES, if the hardware supported AES.

Among Cisco products, our "autonomous products" such as wireless routers (871W, HWIC-AP) and APs (AP1131, AP1252, etc.) support WPA1-TKIP and WPA2-TKIP/AES, but not WPA1-AES. However, our "centralized" solution (lightweight APs running under control of a Wireless LAN Controller) do support WPA1-AES as well as the others.


Reply to
Aaron Leonard

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.