said by SlickEnW:
WPA2 Enterprise Radius Auth w/ Mac Addy filtering and static (or reserved) IP Addys. Problem solved!
Half devices out there are not capable of properly validating certificates. The other half are *never* configured correctly. Worse yet global CA namespace for server authentication is buggered up.
Your best off sticking with WPA2 shared passwords unless many people will be connecting to the access point.
WPA2 Enterprise without proper certificate validation boils down to microsoft chap 2 or much much worse.