I've tried the values 0 (zero) and 99999 to try to stop key renewal but the key renews every 12 hours regardless. I want to turn it off because it disrupts all my users on my WDS network when it happens. It takes about 2 minutes for the wireless network to come back up everytime this happens. How can this be fixed? Doesn't matter which firmware I use.
Doesn't matter which "firmware" you use, or doesn't matter which "dd-wrt firmware" you use?
WDS is notorious for a number of known problems/issues, many of which prevented it from being adopted as a wifi standard. And the problematic nature of propagating key changes is one of them. In fact, it was so bad, many implementations (which are all proprietary btw) don't even support it. It may lead you to believe it's regenerating keys based on the fact it offers the option, but sometimes it isn't actually implemented for this very reason. That's why I'm a bit surprised if in fact key renewal is even happening, let alone NOT being able to disable it.
Of course, one way to avoid the problem is to NOT use WPA/WPA2, but either WEP or no security at all (I know, NOT what you're looking for). But NOT regenerating the key on a regular basis introduces its own risks (not nearly as bad as WEP or no security at all, but at least some).
I suppose it could be a bug in dd-wrt, or perhaps a wireless driver issue.
I guess the only option is to turn off the WPA connections between the WDS AP and the WDS Stations and then find a way to keep other clients from connecting to the WDS AP. I'll have to try that next time I can get people off the network. But last time I tried to use the wlan0-WDS MAC addresses I could still connect to the WDS AP with devices other than the WDS Stations.
I guess the only option is to turn off the WPA connections between the WDS AP and the WDS Stations and then find a way to keep other clients from connecting to the WDS AP. I'll have to try that next time I can get people off the network. But last time I tried to use the wlan0-WDS MAC addresses I could still connect to the WDS AP with devices other than the WDS Stations.
Using FT (FreshTomato), you have the option to configure the wireless as WDS or WDS+AP, suggesting the former will NOT allow anything other than WDS clients. So it's clearly possible to prevent arbitrary wifi clients from accessing the wireless network. But dd-wrt seems to force you to define AP mode, then decide if you optionally want to include WDS. At least the way it's laid out in the GUI suggests that's your only option.
Just a guess, but maybe using Adhoc mode will prevent arbitrary wifi access yet still allow WDS. IOW, maybe Adhoc mode is enough to *activate* the wireless even though it actually won't be used for those purposes.
I ended up turning off WPA for the WDS radios plus create a wireless MAC address filter on the WDS AP to allow only the WDS routers to connect to the WDS AP (aka ACL) and prevent all others (i.e. laptops, cell phones, etc) from being able to connect to the WDS AP. I setup the wlan0-WDS for PtP instead of LAN. A strange effect occurred when I did all of this where none of the wired connections to these routers would pass traffic but it turned out that by setting up a VAP on each router allowed the wired ports to pass traffic. I wish I had an explanation for this. Anyway, I hope my backups will restore when needed so that I won't have to manually reconfigure (especially the WDS AP).