Home > Wireless LAN > Encryption and Authentication > Setting a WPA Encryption Mode

Setting a WPA Encryption Mode

By default, SSIDs on Cisco Meraki access points that are configured as WPA2 will utilize a combination of both TKIP and AES encryption. In most cases this will allow support for a wider variety of clients but some devices can respond poorly to these extra options.

Mixed Encryption with MR Access Points

Wireless beacons and probe responses will advertise AES or TKIP as encryption methods for unicast traffic and TKIP as the encryption method for multicast/broadcast traffic. This can be seen in the tagged parameters portion of the 802.11 wireless lan management frame of beacon and probe packets. The tags which provide this information are the "RSN Information" tag and the vendor specific "WPA Information Element" tag.

Setting the Encryption Type

The WPA encryption setting is SSID specific, and can be found on the Wireless > Configure > Access control page as seen below:


This drop down will allow for "WPA2 only" or "WPA1 and WPA2". The "WPA1 and WPA2" option is the default selection and sets the SSID to perform in mixed mode. The "WPA2 only" option forces AES encryption.


If the device does not support AES, it is also possible to force TKIP only. Please contact Cisco Meraki support to configure this option.

You must to post a comment.
Last modified
08:29, 24 Jul 2017


This page has no custom tags.


This page has no classifications.

Article ID

ID: 1667

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case