Question

Security camera won't connect to 5ghz gateway


Badge

I just switched to tmobile and my security camera now will not connect due to needing to be on 2.4ghz. Is the gateway capable of this? The company I switched from had the 2.4 and 5 option.


6 replies

I just switched to tmobile and my security camera now will not connect due to needing to be on 2.4ghz. Is the gateway capable of this? The company I switched from had the 2.4 and 5 option.

Yes, but default TMO router will combine 2.4 and 5 Ghz SSID into one. You likely need to split those into separate SSIDs. Once you do that whatever PC or app you are using for security camera setup needs to be on the 2.4 Ghz SSID in order for your camera to complete setup.

Other option would be temporarily disable the 5 Ghz SSID until after camera setup is complete. However if your house had several devices that only work on 2.4, then it’s a lot easier to manage them if you create separate SSIDs.

Combining SSID into one was meant to be easy setup for devices that have their own UI to select SSID and enter pass phrases. However most internet appliances still use 2.4 Ghz and have no UI, but requires an app to run from your PC or smartphone. Because of the reliance, your PC/Smartphone needs to be already connected to a 2.4 Ghz SSID in order for that appliance to connect.

Userlevel 4
Badge +4

Wi-Fi 6 (802.11ax) radios “should” be backward compatible with 802.11/a/b/g/n/ac radios. The standard is designed for backward compatibility. Are all vendors implementing the software to be 100% compatible? Well, no software solution is perfect 100% of the time. 

Look at the documentation for your camera and determine the authentication it supports. It may be older and only support WPA and not WPA2 or WPA3 authentication. If that is the case then you need to be sure the authentication for the 2.4 GHz radio supports WPA, WPA2 & WPA3 for proper authentication with the WIFI clients that need that frequency. The 802.11ax standard works in both the 2.4 GHz and 5 GHz bands so it is improved over the 802.11ac standard in multiple ways. 

If you have the Nokia GW you could go to the 2.4GHz radio and select SSID 2 and configure it to allow WPA if you do not want your primary SSIDs 1, 5, 9 to only allow WPA2 and or WPA3 authentication. I run two concurrent SSIDs and it works fine. I can be authenticated on the second SSID and disable the other SSIDs on each radio and never miss a beat as I am on the second SSID. I don’t have to be on the Ethernet cable to manage the alternate SSID. The Nokia comes with 4 default SSIDs for each radio. Only 1, 5, & 9 are enabled by default.  

If the authentication of the camera demands WPA only creating a second SSID with WPA authentication in addition to the other SSID could solve the problem for you.

Userlevel 7
Badge +15

Also, set the encryption for the 5GHz to AES instead of auto or TKIP.  

 

If the authentication of the camera demands WPA only creating a second SSID with WPA authentication in addition to the other SSID could solve the problem for you.

The concern with this suggestion is that the second SSID using a lower grade encryption is not on a DMZ or VLan. This means if a bad actor were to compromise that second SSID, they would have access to every single device on your network. This would easily be solved if TMO would just add a guest network feature on their their gateways.

I would also have major concerns with any “security” camera if it does not support the latest encryption standards.

Userlevel 4
Badge +4

TKIP and AES are two different types of encryption that may be used by a Wi-Fi network. TKIP is actually an older encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated. In other words, you shouldn’t be using it.

AES is a more secure encryption protocol introduced with WPA2. If you live in a rural area with less likely hood of someone trying to get into your network WPA2/WPA3 should be sufficient. If you are concerned about someone getting on your WIFI then make your security phrase more complex with no apparent patterns and longer. WPA2-AES sure is going to be stronger. 

If you are concerned about someone hacking into your WIFI using a camera that only supports WEP, WPA or TKIP is an exposure to the security system and the LAN. Maybe a newer camera is better to consider. It is the cost of being secure. 

Userlevel 4
Badge +4

I agree with Cali Cat on the exposure as sure having any SSID with the lesser level of security is not really advised. If you were to run a concurrent SSID and NOT broadcast the SSID so it is hidden then it is much less likely to be attacked. There is usually more than one way to solve a problem. 

Reply