How to enable WPA2 AES (instead of TKIP)?

Daniel Müller

Hello there,
I just bought Amplifi HD. It's working fine. However, when I open Amplif APP -> Security. I can only choose None; WPA PSK or WPA2 PSK. How can I setup WPA2 AES?

@Daniel-Müller Can't believe no one has answered this! I have the same question for the Alien. I assume this (AES) is the default but I would love to see this explicitly stated. Hopefully someone responds.

Matthew Leeds

@Daniel-Müller said in How to enable WPA2 AES (instead of TKIP)?:

WPA2 PSK

https://amplifi.com/docs/AmpliFi_QSG.pdf page 22
https://amplifi.com/docs/AmpliFi_Datasheet.pdf page 9

@Matthew-Leeds Cool. I see it explicitly stated for the HD but not the Alien.

Matthew Leeds

Let's see if Amplifi support will add to this thread.

Do the HD and/or Alien support legacy devices that need TKIP when the WPA2-PSK option is selected? I would assume not but am looking for confirmation.

UI-AmpliFi

By default, AmpliFi (both HD and Alien) are using WPA2-PSK mode which allows only CCMP cryptographic protocol based on AES encryption algorithm.
For older client devices that do not support WPA2/CCMP, the WPA-PSK mode can be selected in AmpliFi App which allows both CCMP and TKIP protocols. This option is rarely needed. When this option is selected, all devices supporting CCMP (virtually every device made after 2004) should still use CCMP (AES).

Matthew Leeds

@UI-AmpliFi Thanks for the quick response and clarity. This makes sense and should reassure owners and potential customers.

@UI-AmpliFi thank you for the information. I ordered the Alien and it’s replacing an Apple Extreme (their last tower model), and it says WPA2-Personal which ios14 now says is weak, thus the questions from me on what the Alien Router meant my WPA2.

Matthew Leeds

@thepet24

WPA-Personal
Also referred to as WPA-PSK (pre-shared key) mode, this is designed for home and small office networks and doesn't require an authentication server.

As to IOS14, perhaps this? https://discussions.apple.com/thread/251805737

In which case you are just fine as long as you pick WPA2 and use a reasonably long passphrase.

Right. My issue is my Apple router only provides for the following:
WPA/WPA2 Personal
WPA2 Personal
WPA/WPA2 Enterprise
WPA2 Enterprise

Thus my desire to upgrade and my question about the Alien security details. The Apple discussion article simply says choose a better security option lol.

Correction. Turns out my issue (and thanks for the link I kept reading several pages in) is my TP-Link Extender. When connected directly to the primary Apple router w WPA2 Personal, no ‘weak security’ message confirming AES. Still going to upgrade as this router is showing it’s age. Thank you for your thoughtful and helpful responses.