They use the 2.4GHz wifi network (ath1 interface) which I have an issue with. It got disconnected every 5 min for 60 seconds.
Code:
May 5 22:36:31 DD-WRT daemon.info hostapd: ath1: STA c4:4f:33:XX:XX:XX WPA: received EAPOL-Key Error Request (STA detected Michael MIC failure (group=1))
May 5 22:36:31 DD-WRT daemon.info hostapd: ath1: STA dc:4f:22:XX:XX:XX WPA: received EAPOL-Key Error Request (STA detected Michael MIC failure (group=1))
May 5 22:36:31 DD-WRT daemon.info hostapd: ath1: IEEE 802.11 TKIP countermeasures initiated
May 5 22:37:31 DD-WRT daemon.info hostapd: ath1: IEEE 802.11 TKIP countermeasures ended
May 5 22:41:32 DD-WRT daemon.info hostapd: ath1: STA 2c:f4:32:XX:XX:XX WPA: received EAPOL-Key Error Request (STA detected Michael MIC failure (group=1))
May 5 22:41:32 DD-WRT daemon.info hostapd: ath1: STA 2c:f4:32:XX:XX:XX WPA: received EAPOL-Key request with invalid MIC
May 5 22:41:32 DD-WRT daemon.info hostapd: ath1: STA c4:4f:33:XX:XX:XX WPA: received EAPOL-Key Error Request (STA detected Michael MIC failure (group=1))
May 5 22:41:32 DD-WRT daemon.info hostapd: ath1: IEEE 802.11 TKIP countermeasures initiated
May 5 22:42:32 DD-WRT daemon.info hostapd: ath1: IEEE 802.11 TKIP countermeasures ended
This TKIP countermeasure thing basically drops my WiFi network for 60 seconds and then, all my devices re-authenticate.
Code:
May 5 21:14:58 DD-WRT user.info : bridge : interface ath1 successfully deleted from bridge br0
May 5 21:14:59 DD-WRT user.info : bridge : interface ath1 successfully deleted from bridge br0
May 5 21:15:19 DD-WRT user.info : bridge : interface ath1 successfully added to bridge br0
Code:
root@DD-WRT:~# dmesg | grep -i ath1
[128360.843642] device ath1 left promiscuous mode
[128360.849177] br0: port 3(ath1) entered disabled state
[128376.620505] br0: port 3(ath1) entered blocking state
[128376.625607] br0: port 3(ath1) entered disabled state
[128376.630815] device ath1 entered promiscuous mode
[128381.781517] br0: port 3(ath1) entered blocking state
[128381.786597] br0: port 3(ath1) entered forwarding state
When I check who is sending the EAPOL-Key Error Request, it is those smart outlets.
Weird thing I have also noted, on their description with the app "Smart Life", each smart outlet declare its IP as a public IP from my ISP (different for each smart outlet and belonging to my ISP) which I thought was impossible. How could they have an public IP from my ISP?
Anyways, I wanted to disable the tkip_countermeasures to see if it solve the connection drops issue but I saw that our firmware does not have the "wl" command implemented (https://wiki.dd-wrt.com/wiki/index.php/Wl_command#tkip_countermeasures)
I need those smart outlets and I can't bring myself to just give up on them.
It's a known issue with the mwlwifi driver and will likely never be resolved (Marvell sold WiFi/BT to NXP, Linksys to Foxconn).
Use WPA2 Personal and CCMP-128 (AES) only (wireless security, save and reboot) and it might be good enough if you can configure the switches to not use TKIP. Or not as IoT, home automation or smart devices are Marvell WRT's worst enemy.
If you have another router to connect via Ethernet and configure as an access point, the issue can by most easily bypassed by offloading the problematic devices.
Some repeaters have an Ethernet port and can be set into AP mode as well.
Unfortunately, some of my IoT (including one of my camera) used TKIP and when I switched to AES only, they don't connect to WiFi anymore.
That's too bad this will never be solved.
"If you have another router to connect via Ethernet and configure as an access point, the issue can by most easily bypassed by offloading the problematic devices"
This was my alternate solution but I need to buy an access point because I bricked my other router by playing too much with it.
"Key Renewal interval"
I will give it a try and let you guys know.
Thanks again for reading and bringing your light on my issue!
I just tested the "Key Renewal interval=0" solution but it didn't work out. Still getting the TKIP countermeasures which basically disconnect all client from the WiFi.
This was my alternate solution but I need to buy an access point because I bricked my other router by playing too much with it.
What is the other router that is bricked... and have you looked up how to de-brick it, or did you fry it completely?
It was a Netgear WNR3500 V2. The LEDs don't light up as they should to initiate anything so I can't update the firmware with the means I have right now at home.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Wed May 06, 2020 16:56 Post subject:
cedgex wrote:
kernel-panic69 wrote:
cedgex wrote:
This was my alternate solution but I need to buy an access point because I bricked my other router by playing too much with it.
What is the other router that is bricked... and have you looked up how to de-brick it, or did you fry it completely?
It was a Netgear WNR3500 V2. The LEDs don't light up as they should to initiate anything so I can't update the firmware with the means I have right now at home.
Recovery mode and/or nmrpflash. Worst case is you have to use serial recovery, and that isn't all that difficult. Those should already have the header pins, but if not, pretty easy to make it work if you aren't capable of soldering the header to the board. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Recovery mode and/or nmrpflash. Worst case is you have to use serial recovery, and that isn't all that difficult. Those should already have the header pins, but if not, pretty easy to make it work if you aren't capable of soldering the header to the board.
Thanks kernel-panic69, I will check that.
If, in the meantime, you can point me to documents/websites, etc. where they explain how to do that, that would be nice.
Most of my problems over the past couple of years has been with Smart devices (Sonoff) which are a known problem with the wrt series routers as noted in other posts.
As can be seen from my profile I am running fairly current builds successfully.
My point here is I have never setup any camera or other device with TKIP and have seen the problem you are experiencing.
All my cameras have GUI access and I have set them up as static IP and WPA2-PSK Personal (AES).
As for my Sonoff devices which also likely would support TKIP, I ensure that the router is set for AES only before doing the initial connection.
I may be wrong or out of line but have you tried setting the router to AES only and then doing a setup on your smart plugs?
My thought here is that when you did the initial setup you had TKIP active on the router and your smart plugs think that is the way they should connect.
_________________
WRT3200acm Master WDS 5GHz 80Mhz CH 100 (+6) r43055
Ath1 2.4Ghz AP G only wmm Disabled Ch 6 - Three Sonoff Devices and anything else that wants to connect.
WRT3200acm r43028 WDS 5Ghz
5Ghz VAP
Ath1 AP N only Channel 11
WRT1900Ac V1 5Ghz r43028 WDS Station
(Defective, no 2.4Ghz but 5Ghz works great)
WRT1900AC V1 5Ghz AC 80Mhz WDS Station r43028
2.4Ghz AP Ch1 20Mhz N/G mode
I have soldered the pin as recommended and use a USB to Serial cable but although, I see the router LED light being solid (which means, at least it is powered), I can't communicate with it. Putty remains silent.
I am using a cable that is exactly like this one but bought on AliExpress long time ago for another router:
https://www.adafruit.com/product/954
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Wed May 06, 2020 19:43 Post subject:
TX and RX and GND are only required and you may have to check connections and make sure they are indeed on the correct pins. Also, with the latest version of PuTTY, you have to have everything configured correctly:
Quote:
First and foremost, run putty 0.73 or newer as older versions do not have this option.
Set up your correct com port, then under the connection serial settings make sure to use: