You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I did an upgrade on a WRT1900acs v2 router (my backup router) that was running 18.06.4 (I think) via LuCI using the image "openwrt-19.07.0-rc1-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin" keeping the old configuration. Everything seemed good except the clients could not connect or ping each other. The router could reach/ping the clients. This was the case whether or not "Isolate Clients" is set in the LuCI Wireless -> Edit -> Advanced Settings.
I noticed that if I connect an ethernet wire to one of the clients (a Raspberry Pi) and hook it to the router that I could connect/ping the Pi using either the IP associated with the ethernet connection or the IP associated with the WiFi connection from another client. When I disconnect the ethernet on the Pi I can no longer connect to the Pi's wireless IP
address.
I decided to reinstall 19.07.0-rc1 to see where the isolated client behavior starts. After I reinstalled 19.07.0-rc1 I restored the configuration using LuCI System -> Backup / Flash Firmware -> Restore Backup. After it rebooted it was working, clients were not isolated. I installed a few packages that I wanted, here's the list:
Everything still working. I changed the 5 Ghz wifi from WPA2-SPK to WPA3-SAE. Everything still working. I changed the 2.4 Ghz wifi from WPA2-SPK to WPA2-SPK/WPA3-SAE mixed. This is when it stopped working. I don't know if this last step actually caused the problem since setting both wifi networks back to WPA2-SPK and rebooting (and unplugging for 5 minutes) does not fix the problem, clients are still isolated. Pretty much all clients are on the 2.4 Ghz network.
Here are a couple bits of diagnostic which may or may not be helpful:
-------------> when everything is working (clients not isolated):
I was running into the same problem. As I could not ping other wifi clients on my network. Disabling 802.11w helped here.
However this was only possible when having a WPA2-PSK network. Disabling 802.11w for WPA2-PSK/WPA3-SAE always resetted it to "Optional" and thus again to isolation of wifi clients.
sljansen:
I did an upgrade on a WRT1900acs v2 router (my backup router) that was running 18.06.4 (I think) via LuCI using the image "openwrt-19.07.0-rc1-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin" keeping the old configuration. Everything seemed good except the clients could not connect or ping each other. The router could reach/ping the clients. This was the case whether or not "Isolate Clients" is set in the LuCI Wireless -> Edit -> Advanced Settings.
I noticed that if I connect an ethernet wire to one of the clients (a Raspberry Pi) and hook it to the router that I could connect/ping the Pi using either the IP associated with the ethernet connection or the IP associated with the WiFi connection from another client. When I disconnect the ethernet on the Pi I can no longer connect to the Pi's wireless IP
address.
I decided to reinstall 19.07.0-rc1 to see where the isolated client behavior starts. After I reinstalled 19.07.0-rc1 I restored the configuration using LuCI System -> Backup / Flash Firmware -> Restore Backup. After it rebooted it was working, clients were not isolated. I installed a few packages that I wanted, here's the list:
ca-bundle_20190110-1_all.ipk
ca-certificates_20190110-1_all.ipk
kmod-tun_4.14.151-1_arm_cortex-a9_vfpv3.ipk
liblzo2_2.10-2_arm_cortex-a9_vfpv3.ipk
libmbedtls12_2.16.3-1_arm_cortex-a9_vfpv3.ipk
libopenssl1.1_1.1.1d-2_arm_cortex-a9_vfpv3.ipk
libustream-mbedtls20150806_2019-11-05-c9b66682-2_arm_cortex-a9_vfpv3.ipk
openvpn-mbedtls_2.4.7-2_arm_cortex-a9_vfpv3.ipk
Everything still working. I wanted WPA3 so I removed wpad-basic and installed
wpad-openssl_2019-08-08-ca8c2bd2-1_arm_cortex-a9_vfpv3.ipk
Everything still working. I changed the 5 Ghz wifi from WPA2-SPK to WPA3-SAE. Everything still working. I changed the 2.4 Ghz wifi from WPA2-SPK to WPA2-SPK/WPA3-SAE mixed. This is when it stopped working. I don't know if this last step actually caused the problem since setting both wifi networks back to WPA2-SPK and rebooting (and unplugging for 5 minutes) does not fix the problem, clients are still isolated. Pretty much all clients are on the 2.4 Ghz network.
Here are a couple bits of diagnostic which may or may not be helpful:
-------------> when everything is working (clients not isolated):
cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode
0
cat /sys/devices/virtual/net/eth0.1/brport/isolated
0
cat /var/run/hostapd-phy0.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36
tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]
interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f3
cat /var/run/hostapd-phy1.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7
ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f2
-------------> when it's not working (clients isolated)
cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode
0
cat /sys/devices/virtual/net/eth0.1/brport/isolated
0
cat /var/run/hostapd-phy0.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36
tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN
][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]
interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
sae_require_mfp=1
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=SAE
okc=1
ieee80211w=2
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f3
cat /var/run/hostapd-phy1.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7
ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
okc=0
disable_pmksa_caching=1
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f2
The text was updated successfully, but these errors were encountered: