Sorry to revive this topic, but with more than 4k views, I think my solution is worth sharing.
The DIR-868L revision B1 and C1 have a dumbed-down interface where it is not possible to select WPA2 with AES only;
however, this is only a web UI issue and it can be tricked to select this option anyway.
To proceed, go to Settings > Wireless, and open your browser's console (on Chrome, press F12, press Esc a few times to locate the console at the bottom of the screen).
In the console, if you type:
document.getElementById("security_24").value
then press Enter, it should show you:
"WPAORWPA2-PSK"
Now, type:
opt = document.createElement('option');
opt.value = 'WPA2-AES';
s=document.getElementById("security_24");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;
opt = document.createElement('option');
opt.value = 'WPA2-AES';
s=document.getElementById("security_5");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;
then press Enter.
This will "select" WPA2 with AES only for both the 2.4GHz and 5GHz settings.
Toggle and revert any settings to enable the Save button (e.g., add a space to your passphrase and remove it), and click Save.
You will not be able to see the change reflected from the web UI, but if you look at the network requests, you will see that it's effective. One of the requests to /HNAP1/ will return something like:
<GetWLanRadioSecurityResponse xmlns="http://purenetworks.com/HNAP1/">
<GetWLanRadioSecurityResult>OK</GetWLanRadioSecurityResult>
<Enabled>true</Enabled>
<Type>WPA2-PSK</Type>
<Encryption>AES</Encryption>
Enjoy!
----
EDIT: You will need to redo this operation each time you want to change the WiFi settings, as the web interface will default back to WPA+WPA2 when you submit new changes.
Note also that the guest network's wireless security is managed separately.
If you do the procedure above you will end up with only the main network using AES only:
To ensure that the guest network is also WPA2-AES only, the procedure is slightly different. On the Guest WiFi settings page, open the browser's console (see above), then paste this code, and press Enter. It will return you "undefined", this is fine.
function SetResult_3rd(result_xml)
{
HNAP_WLanRadioSecurity = result_xml;
if (result_xml != null)
{
result_xml.Set("SetWLanRadioSecurity/RadioID", "RADIO_2.4GHz_Guest");
if (document.getElementById("password_24g").value != "")
{
result_xml.Set("SetWLanRadioSecurity/Enabled", "true");
result_xml.Set("SetWLanRadioSecurity/Type", "WPA2-PSK");
result_xml.Set("SetWLanRadioSecurity/Encryption", "AES");
result_xml.Set("SetWLanRadioSecurity/KeyRenewal", "3600");
result_xml.Set("SetWLanRadioSecurity/Key", document.getElementById("password_24g").value);
}
else { result_xml.Set("SetWLanRadioSecurity/Enabled", "false"); }
// Send HNAP to DUT
HNAP.SetXMLAsync("SetWLanRadioSecurity", result_xml, function(xml) { SetResult_4th(xml); });
}
else { if (DebugMode == 1) { alert("[!!SetXML Error!!] Function: SetResult_3rd"); } window.location.reload(); }
}
function SetResult_5th(result_xml)
{
var SetResult_5th = result_xml.Get("SetWLanRadioSettingsResponse/SetWLanRadioSettingsResult");
if (SetResult_5th == "OK")
{
var tmpxml = HNAP_WLanRadioSecurity;
tmpxml.Set("SetWLanRadioSecurity/RadioID", "RADIO_5GHz_Guest");
if (document.getElementById("password_5g").value != "")
{
tmpxml.Set("SetWLanRadioSecurity/Enabled", "true");
tmpxml.Set("SetWLanRadioSecurity/Type", "WPA2-PSK");
tmpxml.Set("SetWLanRadioSecurity/Encryption", "AES");
tmpxml.Set("SetWLanRadioSecurity/KeyRenewal", "3600");
tmpxml.Set("SetWLanRadioSecurity/Key", document.getElementById("password_5g").value);
}
else { tmpxml.Set("SetWLanRadioSecurity/Enabled", "false"); }
// Send HNAP to DUT
HNAP.SetXMLAsync("SetWLanRadioSecurity", tmpxml, function(xml) { SetResult_6th(xml); });
}
if (SetResult_5th == "ERROR") { if (DebugMode == 1) { alert("[!!SetXML Error!!] Function: SetResult_5th"); } window.location.reload(); }
}
This will redefine 2 functions to enforce AES only when you submit the new settings.
Next, similar to the main network's page, toggle and revert any settings to enable the Save button (e.g., add a space to your passphrase and remove it), and click Save. Again, do this every time you change something on the Guest WiFi settings page.