WPA2 Enterprise on DrayTek Routers


"WPA2 Enterprise" (also known as WPA-802.1X) is an enhanced wireless (WiFi) security method. It is considered more secure than standard WPA2 (also known as WPA2-PSK).

With WPA2-PSK (the PSK stand for 'Pre-shared-Key'), all users share a simple security key -the WiFi password you enter into your client device. Anyone with that key can then access your network, meaning that if people are sloppy with protecting passwords, or share them with others, those 'others' have access to your network until you change your WPA2 key.

With WPA2-Enterprise, each user of the wireless network has either their own unique username and password (PEAP mode) or a certificate installed on the device (EAP-TLS mode). WPA2-Etnerprise uses enhanced security methods compared to WPA2-PSK and also because each user has a unique logon, it's easier to revoke the permission of individual users or devices without having to change the common password for everyone. WPA2-Enterprise uses the 802.1x protocol, which can also be used for wired connections to authenticate connections. WPA2-Enterprise is supported by all modern operating systems, including mobile platforms (Android/iOS).


To use WPA2-Enterprise, you require a RADIUS server. That is a database which can store each users' credentials (whether that's passwords or certificated). It is therefore more complex to use WPA2-Enterprise which is why most smaller networks stick with WPA2-PSK.

Most DrayTek routers have a built-in RADIUS server which can serve wireless clients on the router's own wireless interface as well as any connected DrayTek access points which support WPA2-Enterprise.