Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Question regarding WPA2/personal & enterprise


I was wondering if anyone can tell me which one is more secure, WPA2 personal or enterprise. It seems like WPA2 personal is a little bit easier to config. What is the volubility for WPA2/personal besides the laptop got stolen? What type volubility WPA2/enterprise may have?

Thanks for the help,



Re: Question regarding WPA2/personal & enterprise

WPA-PSK (Personal) has some public methods to crack. If it is a dictionary word it is relatively easy to break. If it is a 63 character random string, it is not as practical to attempt (see for cracking info and video). WPA Enterprise (with PEAP, EAP-Fast, or EAP-TLS) is far more secure, and I am not aware of any practical attacks as long as you pick a reasonable re-key interval (12 hours or less should be enough).


Please remember to rate all helpful posts.

New Member

Re: Question regarding WPA2/personal & enterprise

Thanks for the reply. I am aware of both WPA/TKIP personal & enterprise. My question is regarding WPA2/CCMP personal & enterprise. Try to find out which one is more secure. And pros and cons of both versions of WPA2.

thanks, Glen

Hall of Fame Super Silver

Re: Question regarding WPA2/personal & enterprise

WPA2 is a newer 802.11i standard that provides even stronger wireless security than WiFi Protected Access (WPA) and WEP. CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method. Changing even one bit in a message produces a totally different result.

WPA2-CCMP is based upon the concept of a robust security network (RSN), which defines a hierarchy of keys that have a limited lifetime, similar to TKIP. Also like TKIP, the keys that the administrator provides are used to derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The end result is encryption that is extremely secure.

One thing to remember is "personal" is pre-share key and "enterprise" requires a radius server and certificate.

*** Please rate helpful posts ***