Menu
What's new
By:
Filters Better Search

WPA2-Personal vs WPA2/WPA3 Personal

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

neil0311

Senior Member
Been searching and trying to find clarity around those two network security settings. I have mostly modern devices with OS's that support WPA3, but some older devices and IOT devices that may/do not. Does the WPA2/WPA3 Personal in the Asuswrt wireless settings provide WPA3 for devices that support and fallback to WPA2 for devices that don't? Is that how that setting is intended?
 
neil0311 said:
Been searching and trying to find clarity around those two network security settings. I have mostly modern devices with OS's that support WPA3, but some older devices and IOT devices that may/do not. Does the WPA2/WPA3 Personal in the Asuswrt wireless settings provide WPA3 for devices that support and fallback to WPA2 for devices that don't? Is that how that setting is intended?
Click to expand...
Correct, when you select wpa2/wpa3. Devices which support wpa3 will use it and rest will use wpa2 for their encryption.
 
Hawk said:
Correct, when you select wpa2/wpa3. Devices which support wpa3 will use it and rest will use wpa2 for their encryption.
Click to expand...
Is it worth using it in practicality, or just stick with WPA2-Personal? Any known issues associated with WPA3/WPA2?
 
Yes, lots of known issues. Depending on your client mix, router, firmware version, etc. WPA3 isn't prime time yet (for all).

The best results (i.e. no issues related to these settings) are all on WPA2 or all on WPA3. The mix is the nix. ;)

Not hard to test though if all your devices can use WPA3 or not.

Or, WPA2/WPA3, as required by the client device.

But what I would not spend a second on is trying to 'fix' why it works or not (just use tried and true WPA2 at that point).
 
Wpa3 is having teething issues, as L&LD mentioned it is best to stick with wpa2 for time being.
 
Sorry to necro an old thread, but is not using WPA2/WPA3-Personal still not recommended? Just got a GT-AX6000 and I have mostly have AC and AX devices
 
Jon555 said:
Sorry to necro an old thread, but is not using WPA2/WPA3-Personal still not recommended? Just got a GT-AX6000 and I have mostly have AC and AX devices
Click to expand...

The following settings are not causing issues with my handful of n, ac, and (1) ax clients:

- enable 802.11ax/WiFi6 mode, WiFi Agile Multiband, Target Wake Time; set Authentication Method to WPA2/WPA3-Personal (alphanumeric passwords with NO spaces)*, and Protected Management Frames to Capable
Beware IoT compatibility.

I avoid IoT... I have a few Wyze cams here.

OE
 
Jon555 said:
Just got a GT-AX6000 and I have mostly have AC and AX devices
Click to expand...

Test it with your clients. WPA3 requires PMF and some clients may not like it.
 
I have one old client that does not like WPA2/WPA3-Personal. So I set up a Guest Wi-Fi with just WPA2-Personal which is also for IOT clients.
 
Jon555 said:
Is there a way to determine which devices are using WPA2 and WPA3 from the router?
Click to expand...

Some clients will report this, like a Windows PC.

The router Wireless Log reports client WiFi mode... presumably n,ac is WPA2 and ax is WPA3(?).

OE
 
OzarkEdge said:
Some clients will report this, like a Windows PC.

The router Wireless Log reports client WiFi mode... presumably n,ac is WPA2 and ax is WPA3(?).

OE
Click to expand...
Nope. I have AC clients that use WPA3.
 
bbunge said:
Nope. I have AC clients that use WPA3.
Click to expand...
Yup. Looking at things here, all of my (few) AX clients know WPA3, but the AC-capable clients are a mix of WPA2 and WPA3. I've even got a couple of Apple watches that know WPA3 even though their radios only do 802.11n. (They're reasonably new, so Apple was either too worried about power budget or just too cheap to put a better radio in them. But apparently WPA3 compatibility doesn't really cost anything.)

I have one very, very, very old Apple laptop that failed to work with the WPA2/WPA3 setting on my Zyxel APs, though it did work with the straight WPA2 setting. That's led me to set the guest network to WPA2 in case any of my friends are rocking ancient phones. But I'm going to retire that laptop rather than back off security on the main network.

Bottom line's the same as what people already said: try it and see. I suspect most people reading this thread are using gear that would work with WPA2/WPA3, even if it won't work as actual WPA3.
 
Can confirm that so far, WPA2/WPA3 mode has been working fine (for reference again, GT-AX6000 and I have mostly have AC and AX devices). I do have a decent amount of newer IoT devices that I put on a guest network (which is WPA2-Personal only), but not because they weren't operating correctly in mixed mode and instead because I don't really trust them having access to the rest of the network.
 
OzarkEdge said:
The following settings are not causing issues with my handful of n, ac, and (1) ax clients:

- enable 802.11ax/WiFi6 mode, WiFi Agile Multiband, Target Wake Time; set Authentication Method to WPA2/WPA3-Personal (alphanumeric passwords with NO spaces)*, and Protected Management Frames to Capable
Beware IoT compatibility.

I avoid IoT... I have a few Wyze cams here.

OE
Click to expand...
I agree, definitely works with my settings.....
1654656340909.png
 
SomeWhereOverTheRainBow said:
I agree, definitely works with my settings.....
View attachment 41679
Click to expand...

That's aggressive... I like it! :)

Presumably no issues with hiding SSIDs and 2.4 40MHz.

Permitting the 5.0 Auto control channel to be a DFS channel (100-144) would be a problem here for at least one of my clients... it doesn't see it.

Your current 5.0 control channel 153 suggests DFS has any AX clients connecting at 80MHz max. I wonder how often DFS reconsiders using DFS channels to again permit 160MHz connections.

OE
 
OzarkEdge said:
Your current 5.0 control channel 153 suggests DFS has any AX clients connecting at 80MHz max. I wonder how often DFS reconsiders using DFS channels to again permit 160MHz connections.
Click to expand...
As discussed in the other thread, this is ACSD making the channel decisions not "DFS". ACSD used to run every 15 minutes but its behaviour seems to either be broken or has changed somehow. See my post here.
 
All my Apple devices work with the WPA3-Personal setting (5 GHz-1) on the AX11000.

The Nvidia Shield Pro doesn't support WPA3 so I keep it on 5 GHz-2 with WPA2-Personal.
 
ColinTaylor said:
As discussed in the other thread, this is ACSD making the channel decisions not "DFS". ACSD used to run every 15 minutes but its behaviour seems to either be broken or has changed somehow. See my post here.
Click to expand...

Hmm... I have only noticed acsd in the Log when using ch Auto, or so I thought. I have not used ch Auto in a long time... and did not notice acsd had gone missing for any reason other than it not being used. ACSD being 'broken' since Feb seems fundamentally at odds to the default setting being ch Auto, used by many.

I understood DFS cleared use of DFS channels, and that DFS channels are required for 160MHz bw. And that in the US, 160MHz requires channels in the DFS range of 36-128. So, assuming 160MHz use is permissable (no radar detected), the control/extension channels should be 36-64 (half DFS) or 100-128 (all DFS) to enable 160MHz bw as set. The subject ch 153 is not in those ranges, so I assume DFS is the reason why, and then only 80MHz bw non-DFS is permitted.

(Further, if you restrict the ch Auto control channel to non-DFS channels, then the only range that supports 160MHz bw is 36-64 with control channel in the non-DFS range 36-48... which suits my finicky legacy client that can't see a DFS control channel.)

OE
 
Last edited:
OzarkEdge said:
Hmm... I have only noticed acsd in the Log when using ch Auto...
Click to expand...
Which is what we're talking about here.

OzarkEdge said:
ACSD being 'broken' since Feb seems fundamentally at odds to the default setting being ch Auto, used by many.
Click to expand...
It seems to work fine for some people like @bbunge but inconsistently for myself. However, the more I looked into how acds2 makes decisions the more complicated I realised it was.

OzarkEdge said:
The subject ch 153 is not in those ranges, so I assume DFS is the reason why, and then only 80MHz bw non-DFS is permitted.
Click to expand...
Channel 153 was probably chosen by ACSD because he's set both the channel and the bandwidth to auto. ACSD selects the channel/bandwidth combination based on what it thinks is "best". The router may have started up on a different (perhaps DFS) channel and then switched at a later time (we don't have that information).
 
You must log in or register to reply here.

Similar threads

P
Client connection reporting wpa2 vs wpa3
Replies
1
Views
705
bbunge
bbunge
hellohi3654
Asus AX86U Pro AX and AC on 5ghz band working with Mediatek chipsets but not Intel
Replies
16
Views
955
hellohi3654
hellohi3654
R
Asus BQ16 Little help required.
Replies
4
Views
478
Reinforcer
R
jixiangyuan
BE96 Firmware Update 3.0.0.6.102_34777
Replies
0
Views
524
jixiangyuan
jixiangyuan
N
Connectivity Issues on IOT Devices with ROG Rapture GT-AXE16000 and ASUS ZenWiFi AX (XT8) Mesh
Replies
11
Views
4K
Krzysztofz
K
Similar threads
Thread starter Title Forum Replies Date
S AiMesh 5Ghz set to WPA3/WPA2, only one node advertising WPA3/2, rest WPA2 only. ASUS Wi-Fi 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 820 (members: 16, guests: 804)
Top