Skip to main content
Cisco Meraki Documentation

Setting a WPA Encryption Mode

Learn more with these free online training courses on the Meraki Learning Hub:

Sign in with your Cisco SSO or create a free account to start training.

Mixed Encryption with MR Access Points

By default, SSIDs on Cisco Meraki access points that are configured as WPA2 will utilize AES encryption.

Wireless beacons and probe responses will advertise AES as the encryption method for unicast traffic and TKIP as the encryption method for multicast/broadcast traffic. This can be seen in the tagged parameters portion of beacon and probe response management frames in the "RSN Information" element.

Setting the Encryption Type

The WPA encryption setting is SSID specific, and can be found on the Wireless > Configure > Access control page next to WPA encryption as seen below:


WPA Encryption Settings


Warning: WEP is deprecated in MR 30.X and newer firmware. Limited configuration options still exist when using the old Access control page (Wireless > Configure > Access control > View old version > WPA encryption mode) until this page is deprecated.

Please refer to WEP Deprecation on MRs for more information.


By default, this drop down will allow for WPA2 (recommended for most deployments) which forces AES encryption and WPA1 and WPA2 which sets the SSID to perform in mixed encryption mode. 


If the device does not support AES, it is also possible to force TKIP only. Please contact Cisco Meraki support to configure this option.

WPA3 Support

WiFi 6 capable MRs support WPA3 on MR 27.X firmware. Additionally, WPA3 can be enabled for WiFi 6 capable access points running MR 26.7+ by contacting Cisco Meraki Support. For more information on WPA3 and what access points support it, reference the WPA3 Encryption and Configuration Guide.  

  • Was this article helpful?