Attachment: check WPA2 Personal, uncheck WPA2 Personal with SHA256 your clients likely do not support.
Disabling SSID Broadcast is very pointless and can only create problems, set both back to default enabled.
Set correct Regulatory Domain, Advanced Settings, Save, Reboot. Set correct Wireless Channels, not Auto.
Basic advice stick with defaults after nvram erase, set passwords, keys, channels, slowly test new settings.
Attachment: check WPA2 Personal, uncheck WPA2 Personal with SHA256 your clients likely do not support.
Disabling SSID Broadcast is very pointless and can only create problems, set both back to default enabled.
Disabling the broadcast is a good layer of security in a target rich environment. These settings work just fine on older firmware
blkt wrote:
Set correct Regulatory Domain, Advanced Settings, Save, Reboot.
This was already on the correct setting.
blkt wrote:
Set correct Wireless Channels, not Auto.
Auto works on previous firmware. Manually setting the channel didn't help.
blkt wrote:
Basic advice stick with defaults after nvram erase, set passwords, keys, channels, slowly test new settings.
Both 2.4 GHz and 5 GHz wireless radios and MAC Filter works perfectly with the 36247 version
With the latest DD-WRT version . .
Both radios work perfectly until you turn on the MAC filter then no devices can connect to either radio.
When you turn on the MAC filter . . it's not the case where one radio does NOT work and the other works perfectly i.e. devices can connect to 5 GHz but not 2.4 Ghz.
The MAC filter inputs have been double checked for correct address inputs and are absolutely the devices Wireless MAC addresses and not the devices wired MAC addresses for devices that support wired.
SSID and WPA Shared Key are different on each radio.
Yes. It is connected directly to the router for my ISP.
Monza wrote:
Both 2.4 GHz and 5 GHz wireless radios and MAC Filter works perfectly with the 36247 version
Yes.
Monza wrote:
With the latest DD-WRT version . .
Both radios work perfectly until you turn on the MAC filter then no devices can connect to either radio.
When you turn on the MAC filter . . it's not the case where one radio does NOT work and the other works perfectly i.e. devices can connect to 5 GHz but not 2.4 Ghz.
Let's not worry about the problems I was having in the past. This thread is from last year. Since then every couple months I check for new firmware without finding one that works with all the settings like the old firmware. Today I started over from scratch. I flashed the new firmware. I did the SSH nvram clear. I put in my settings. When none of my 2.4ghz devices worked, I stopped. I didn't try my 5ghz devices until someone suggested I nerf my security. From here, I started messing around using suggestions from the last post. I turned off SHA256 and was able to get my 2.4ghz devices to connect. I'm not happy about losing SHA256 but I need to prioritize my VPN problem from the other thread and I need the new firmware to do that. I am now sacrificing small children on an altar trying to work on the 5ghz. I have still not been able to get those devices to all connect. I even tried copying the settings from my ISP router's 5ghz settings. My final attempt will be to put the old firmware back on and see what settings it uses. But I want to play around with some other things first.
Monza wrote:
The MAC filter inputs have been double checked for correct address inputs and are absolutely the devices Wireless MAC addresses and not the devices wired MAC addresses for devices that support wired.
Yes. To an embarrassingly time consuming OCD level. I have the correct mac addresses saved in a text file that I use whenever I have to do this. Whenever I do this and things go wrong, I check them even though I'm 1000% sure. I also make sure my devices that randomize their addresses don't do that. All of that being said, I haven't even gotten to this point today.
Monza wrote:
SSID and WPA Shared Key are different on each radio.
SSID is unique. Key is not. I'll add that to the list of things to try in combination.
When you turn on the MAC filter . . it's not the case where one radio does NOT work and the other works perfectly i.e. devices can connect to 5 GHz but not 2.4 Ghz.
While messing around with settings, I tried isolating only 5ghz. I got 3/4 devices to work and even got SHA256 to work but when I turned mac filtering on, I had 0/4.
Are you forgetting network after enabling MAC filtering and re-joining?
EDIT: Nevermind, you're still trying to use WPA2 with sha-256. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Are you forgetting network after enabling MAC filtering and re-joining?
Here is the interesting thing about this little troubleshooting step. I always do it on all but one device. If you've been in this game long enough, you know the one company that makes forgetting the network a giant pain in the ass when you can't see it. Forgetting the network has never been the solution for me. That one device always works just fine when everything else works.
I was pondering what to try next and since you asked, I'll try turning off SHA256.
EDIT: Nevermind, you're still trying to use WPA2 with sha-256.
Without SHA256 or MAC filtering I had 4/4 devices connected. With MAC filtering on, 0/4
Edit:
WPA3 2/4, 0/4
I turned on SSID broadcast and got WPA2/SHA256 to work with MAC filtering. However, I need that layer of security so now I guess I need to figure out a way to install enterprise keys if I want to keep trying different security algorithms. I don't think WEP is even worth messing with.
Disabled SSID broadcast is not a layer of security,
I don't need to protect my network from an informed attacker. I just need an extra hurdle. The more hurdles I have in place than my neighbors, the less likely my network will be picked by some kid with a script.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Jun 23, 2022 6:20 Post subject:
MAC addresses are easily spoofed it is no security measure to speak off but if it puts your mind at ease use it and be happy
Only sensible thing if you want better security then WPA2-PSK AES-128 is using WPA3 with a strong password.
Not all your clients might work with WPA3 in that case make VAPS
For normal usage WAP2-PSK AES-128 is still good enough, WEP is broken do not use it
Not a hurdle for any kidz, with a small amount of research you will realize all very pointless.
By disabling SSID broadcast you are only shooting yourself in the foot or creating problems.
No need to reconfigure anything again, only after some years old builds as you were before.
I always mention new builds no pressure to upgrade there is always another down the road.
Not a hurdle for any kidz, with a small amount of research you will realize all very pointless.
By disabling SSID broadcast you are only shooting yourself in the foot or creating problems.
I did the "research". It is obviously written from the point of view of people trying to prevent an expert attack. Not a scripted attack. I know you don't think it's worth anything. I also know what I need to protect myself from is not covered in the "research" you listed. I don't need my network to be unhackable. Just less mechanically hackable than my neighbors. The only real downside is that it's harder to maintain. I can accept that.
MAC addresses are easily spoofed it is no security measure to speak off but if it puts your mind at ease use it and be happy
It's an extra step. Just like SSID. It's not a real security measure but it is a hurdle for automated attackers. With these problems existing in the firmware for so long, I would think the fact that all these things together are a more complex problem is pretty self evident.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Jun 23, 2022 7:51 Post subject:
JediMaster666 wrote:
egc wrote:
MAC addresses are easily spoofed it is no security measure to speak off but if it puts your mind at ease use it and be happy
It's an extra step. Just like SSID. It's not a real security measure but it is a hurdle for automated attackers. With these problems existing in the firmware for so long, I would think the fact that all these things together are a more complex problem is pretty self evident.
You mean the ones with cars parking for your door and equipped with special equipment to crack your WPA2-PSK AES-128 password?