Hi
How to enable PMF (Protected Management Frames) in LuCI?
I still not understand really what it is, but it seems more secure 
You're looking for the "802.11w Management Frame Protection" option that appears under the Wireless Security tab of a SSID.
I think you're gonna need to remove the wpad-basic/wpad-mini package and install wpad (the full package) or something like wpad-openssl for that. Since wireless relies on that package to function, you need to do this from a wired connection. Best to disable all wireless interfaces before you remove the package.
Take note some older devices don't support PMF, so start with "required" which forces it's use and check if all your devices can connect. If you have issues, go back to optional and that should allow each device to decide if it wants to use PMF or not.
Also, LUCI shows this under the option:
Requires the 'full' version of wpad/hostapd and support from the wifi driver
(as of Jan 2019: ath9k, ath10k, mwlwifi and mt76)
4 Likes
thanks. That sounds complicated. What is the security benefit of it in simple words?
In simplified terms when you're using wireless with WPA/WPA2, your traffic is encrypted, but management frames which are used to signal association/disassociation and etc (https://wifibond.com/2017/07/20/understanding-of-802-11-management-frames/) aren't.
A few different annoyances/attacks on wireless are possible without PMF. Hence why WPA3 requires PMF.
2 Likes
Is client side support necessary / usually available?
Yes, it is necessary and not always available, so if you notice devices not being able to connect, change it from required to optional.
4 Likes
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.