Update for anyone interested: Running the NBE-M2-400 (with any firmware 5.5.6-10) identifies this mixed mode AP as WPA, even when the NBE is config’d for WPA2-AES, whereas it identifies some std. home routers in view as WPA2. It appears to dump the pass-key after connecting to the device identified as WPA---the AP logs report an “incorrect PW”, and disconnect after an apparent initial connection.
Again, the older devices (NBM2, etc.) are connecting fine to this AP when configured for WPA2-AES. My questions to ubnt (or anyone else): 1. Does connection via WPA2-AES to an AP device that permits connection via WPA-TKIP as well, constitute the same or comparable security vulnerability as connecting via the latter? 2. If I am reading this right, any workaround, or fix? ( I do realize that this is a cross-mfr., and kind of legacy compatibility issue, but I have to ask.) 3. I’m also restricting access with a MAC ACL. Should I just dump encryption, and leave it at that? This little node is hardly serving Langley or a HIPPA compliant health facility…? TIA, Jeremy From: [email protected] [mailto:[email protected]] On Behalf Of Jeremy Grip Sent: Monday, October 20, 2014 8:00 PM To: 'Ubiquiti Users Group' Subject: Re: [Ubnt_users] 5.5.10 Security Bug? (was NBM2 vs. PBE M2-400 intrees) Was just gonna point that out…;-) Anyway, in this conversation: I don’t seem to have an AES only option in the AP: But, as Josh said, it should work with this setting, anyway, right? JG From: [email protected] [mailto:[email protected]] On Behalf Of Rory Conaway Sent: Monday, October 20, 2014 7:44 PM To: Ubiquiti Users Group Subject: Re: [Ubnt_users] 5.5.10 Security Bug? (was NBM2 vs. PBE M2-400 intrees) Oops, wrong converstation. Rory From: [email protected] [mailto:[email protected]] On Behalf Of Rory Conaway Sent: Monday, October 20, 2014 4:19 PM To: Ubiquiti Users Group Subject: Re: [Ubnt_users] 5.5.10 Security Bug? (was NBM2 vs. PBE M2-400 intrees) I’m not running TKIP. In fact, I’m not running any security. Rory From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Lamothe Sent: Monday, October 20, 2014 3:29 PM To: Jeremy Grip; 'Ubiquiti Users Group' Subject: Re: [Ubnt_users] 5.5.10 Security Bug? (was NBM2 vs. PBE M2-400 in trees) That's the normal behavior on XW units. Updated wireless spec discontinued TKIP and WEP for authentication methods. Can you force your AP to run in AES mode only? TKIP also limits you from using the higher QAM16 and QAM64 rates ie mcs 13-15 Sent from Samsung Mobile -------- Original message -------- From: Jeremy Grip Date:2014-10-20 17:49 (GMT-05:00) To: 'Ubiquiti Users Group' Subject: [Ubnt_users] 5.5.10 Security Bug? (was NBM2 vs. PBE M2-400 in trees) So…. I went to replace one of those NanoBridge M2’s with a NanoBeam M2 after upgrading it to 5.5.10. The (Wavion) AP is configured for WPA2 mixed mode PSK // AES +TKIP // PSK by passphrase and all of the NanoBridges were authenticating fine set for WPA2-TKIP // PSK and the passphrase or WPA2-AES // PSK and the passphrase. However, the ‘Beam running 5.5.10 has no WPA2-TKIP setting, only WPA2-AES. It will not authenticate with that setting and the proper passphrase. The log of the AP shows an “incorrect password” message. Going to downgrade to 5.5.9 and try it again….. Jeremy Grip North Branch Networks,LLC
_______________________________________________ Ubnt_users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/ubnt_users
