Hello,
I’d like to enforce security on my wireless network (about 130 APs) to only use WPA2 + AES.
I searched both the forum and wiki but wasn’t unable to find out anything about forcing only AES also for GROUP CIPHERS.
Based on standard, “modern” (after 2006…) devices must support WPA2 which REQUIRE AES.
So a “TKIP-free” wifi network should work for most devices.
Are you aware of any issues in forcing AES for group ciphers?
Thanks.
No one should be considering TKIP in 2018 for either unicast or group ciphers. It’s trivially broken and AES has been part of the spec since 2004. Any device not supporting AES today belongs in the trash.
Thanks for reply, was also my idea.
Glad to see someone else agree.
Bye
In addition to what R1CH says, TKIP and/or WPA (not WPA2) if used, will drop performance on Wireless N networks to no more than 54Mbps - if we see TKIP and/or WPA-PSK anywhere we disable it 
If a device requires TKIP that represents a sales opportunity to replace the device …
Here is an interesting article: https://www.howtogeek.com/204697/wi-fi-security-should-you-use-wpa2-aes-wpa2-tkip-or-both/
Hello Scampbell,
thanks for your contribution to this topic.
I remeber I had some issues years ago (perhaps around 2011) while playing with unicast/group ciphers but cannot recall the exact issue.
BTW, it was my first Mikrotik config so probably I did a mistake somewhere or I was using obsolete hardware…
OK, it’s time to phase out TKIP.
Have a nice day
Hi there,
I hope some of you is still around here.
Is or has been ever a reason why there should be different ciphers for unicast and for mulitcast/broadcast?
thx
stefan