802.11w weird behaviours?

Just wondering if anyone noticed this:

running OpenWrt SNAPSHOT r24054-fe10f97439 / LuCI Master git-23.266.27574-7744ad0 on Xiaomi AX3600

originally i had 802.11w set to optional, everything connected fine except one of the work laptop (connecting through Cisco AnyConnect) and gets stuck at the "Acquiring IP address" stage, i guess it is the same as the old topic where it is "deauthenticated due to local deauth request" Debugging issues with 802.11w while trying to enable WPA2/WPA3 mixed mode

i turned the 802.11w off, the work laptop connects fine and almost everything else, but now my Pixel 7 Pro (Android 14, lUP1A.231005.007) does not even SEE the wifi, i tried to scan the channels with Wifi analyzer and it didn't even see the hotspot. Works fine with 802.11w set to optional. Took me a few hours of pulling my hair out to figure that out

my current solution is to create two SSID one with 802.11w on and the other off.

Thank you!

1 Like

okay, answering my own question:

802.11w, Protected Management Frame / Management Frame Protection i required in WPA3, since my access point is configured to WPA3/WPA2 mixed with 802.11w my phone just ignored it.

somewhat related Cisco Anyconnect support WPA3 in version 5, but not much luck to pestering IT to deploy upgrades. Haven't drilled down to see what was the problem when disabling 802.11w works.

1 Like

I also had this issue with a work laptop with Cisco Anyconnect / Secure Client:

image

802.11w seems to be causing this behavior. On OpenWRT I got this logs:

Mon May  6 21:58:21 2024 daemon.info hostapd: phy0-ap0: STA 40:XXXXXXXXX:d0 IEEE 802.11: authenticated
Mon May  6 21:58:21 2024 daemon.info hostapd: phy0-ap0: STA 40:XXXXXXXXX:d0 IEEE 802.11: associated (aid 3)
Mon May  6 21:58:25 2024 kern.info kernel: [470221.546201] ath10k_pci 0000:01:00.0: mac flush vdev 0 drop 0 queues 0x1 ar->paused: 0x0  arvif->paused: 0x0
Mon May  6 21:58:30 2024 daemon.info hostapd: phy0-ap0: STA 40:XXXXXXXXX:d0 IEEE 802.11: deauthenticated due to local deauth request

Yeah seems to be an implementation issue with anyconnect, I was using 4.10 branch previously, haven't checked if work has pushed any updates

1 Like

Well yeah, but this is annoying because if I disable 802.11w then iOS clients will not roam properly to the AP in question. Seems they prefer to stay in 802.11w capable APs even if the signal is worse.