Skip to main content

What is Weaker Encryption for Legacy Device Compatibility?

Debbie Jones
Updated

The 'Weaker Encryption for Legacy Device Compatibility' feature enforces the weaker WPA2 WiFi encryption standard for all connected WiFi clients. This ensures that older WiFi clients, those that do not support WPA3 or WPA2/WPA3 Compatibility Mode, can still connect to your network without issues.

By default, newer Plasma Cloud Access Points operate in WPA2/WPA3 Compatibility Mode. A complete model overview below:-

Supported WPA Standards

Plasma Cloud WiFi Access Points support WPA2 and WPA3 (on selected models/firmware):

Models WPA2 WPA3
PA300/E ✔️ ✖️
PA1200 ✔️ ✔️*
PA2200 ✔️ ✔️*
PAX1800v1 ✔️ ✖️
PAX1800v2 ✔️ ✔️*
PAX1800-Lite ✔️ ✔️*
PAX5400 ✔️ ✔️*

*Available on firmware v4.0 and above

WPA2/WPA3 Compatibility Mode

Plasma Cloud Access Points supporting WPA3 (with firmware v4.0 and above) also enable WPA2/WPA3 Compatibility Mode by default. This mode allows newer WiFi clients to connect with WPA3, while older clients fall back to WPA2. The compatibility mode was designed to ensure a smooth transition to the more secure WPA3 standard while maintaining compatibility with most legacy clients.

note3.png
Not all WiFi clients support WPA2/WPA3 Compatibility Mode. These clients require WPA2 only to connect to the network. In this case, you may disable WPA3 entirely in your SSID settings and use WPA2 only for all connected clients.

Best Practices

If your network consists of newer AP models and some client devices cannot connect while using WPA2/WPA3 Compatibility Mode, enabling the Weaker WPA2 Encryption option may be necessary to maintain connectivity. You can consider setting up a dedicated SSID with weaker WPA2 encryption, and a second (or more) SSIDs running WPA3 as it will provide stronger security to those WiFi clients that support WPA3.

How to configure it?

Weaker encryption can be set up on the SSID settings page. 

  1. Log into the Plasma Cloud console;
  2. Select the organisation and network with the SSID of interest from the top right menu;
  3. Navigate to Settings > SSIDs > SSID name in the main menu on the left;
  4. Find the Authentication section and select the appropriate option from the drop-down menu;
  5. Enable the toggle 'Weaker Encryption for Legacy Device Compatibility';
  6. Press the Save button.

note3.png
Weaker WPA2 encryption can only be enforced on networks configured with firmware version 4.1 or newer.
Powered by Zendesk