In hybrid encryption mode, some network cards cannot go online

null

When the FAT AP device is configured with mixed encryption (CCMP+TKIP+WEP), some network card users cannot go online. The main phenomena are as follows:

(1) Network card users cannot go online in CCMP or TKIP; 

(2)  Network card users can successfully go online in WEP mode; 

(3) When the related configuration of WEP and Share-key is deleted, the network card user can successfully go online in CCMP or TKIP.

Under the configuration of mixed encryption mode, the protocol stipulates that the multicast key negotiation is carried out in the weakest encryption mode at this time. Therefore, the multicast key on the AP side is encrypted in WEP mode, and the WEP encryption mode is notified to the client in Beacon. However, the association request message multicast key sent by some network card users still requires CCMP encryption. Inconsistent encryption methods at both ends lead to unsuccessful key negotiation and network card users cannot go online.

(1) First check whether the network card supports hybrid encryption. Known network cards that do not support hybrid encryption are: H3C WN612, Dlink G520+. 

(2) If the network card clearly does not support hybrid encryption, you can modify the configuration of the AP and remove the related configuration of WEP and Share-key.