Kirkwood-linksys_ea4500, OpenWrt 21.02.0-rc1, WiFi problems

I have a Cisco/Linksys EA4500 (Viper) router that was previously running version 19.07.4 for half a year or so and today when I noticed version 21.02.0-rc1 was already out I thought let's give it a try right away.

Because this is a kirkwood target (swconfig -> DSA) the settings were not carried over, so this was a clean install. Later on as part of troubleshooting I still performed another Factory Reset.

At this point there is no software installed on the router bar the firmware image itself (openwrt-21.02.0-rc1-kirkwood-linksys_ea4500-squashfs-sysupgrade.bin).

I configured the two Wi-Fi radios the same way I always do (changed the SSID and enabled WPA2 encryption with CCMP), but during troubleshooting also played with other Wi-Fi related settings.

The problem is that wireless client devices can only "see" the SSIDs of the EA4500 sporadically. When they can see one or both SSIDs and I try to connect, the connection can't be established. My Android smartphone will say connection rejected and Windows says something like "unable to connect". Signal strength is shown as very good by the clients.

Over the years I've gone through several versions with this router beginning from LEDE 17, over OpenWrt 18 to OpenWrt 19 and I've never experienced such problems with the Wi-Fi before.

Any suggestions what I could try?

Did you check if logread provides any useful output around the time your clients try to connect?

Hi,

Thanks for the tip.

If I run "logread && logread -f" and then tried to connect to the SSID of the EA4500 with a wireless client device, no lines were output at all.

However, today, in the process of switching things back and forth while looking at the logread I noticed the following lines:

daemon.err hostapd: Interface initialization failed
daemon.notice hostapd: wlan1: interface state HT_SCAN->DISABLED
daemon.notice hostapd: wlan1: AP-DISABLED
daemon.notice netifd: Network device 'wlan1' link is up
daemon.debug dnsmasq[2824]: listening on wlan1(#33): fe80: ...

And after some more trying I actually found what action introduces the problem.

Things actually only turn bad after I select either "WPA3-SAE", "WPA2-PSK/WPA3-SAE Mixed Mode" or "OWE" as wireless encryption.
However, once the router is in this state, switching encryption to "WPA2-PSK" or "WPA-PSK/WPA2-PSK Mixed Mode" does not clear the problem. It will still give above messages and not enable the AP.
Only by switching encryption to either "WPA-PSK" or "No Encryption" the hostapd will start up successfully.
Thereafter it is actually possible to switch encryption to "WPA2-PSK" or "WPA-PSK/WPA2-PSK Mixed Mode" and the Wi-Fi will keep running fine.

So, as long as I stay away from "WPA3-SAE", "WPA2-PSK/WPA3-SAE Mixed Mode" and "OWE" in the first place, then I don't run into the problem of this topic.
I guess yesterday I just got so tempted by the "WPA2-PSK/WPA3-SAE Mixed Mode" option that I must have tried this first, before settling with "WPA2-PSK".

For the time being I am happy to stay with WPA2-PSK, but I would be great if the WPA2/WPA3 Mixed Mode option could be used on this router model in the future.

You can configure two access points, one with WPA3 and the other one with WPA2, both bridged to the LAN (as OpenWrt does by default).

Ok, I added a second AP to the 2.4 GHz radio. Initially I set both APs to WPA2-PSK and verified both are working fine.
Then I changed the encryption of the second one to WPA3-SAE and after clicking Save & Apply both APs of the 2.4 GHz radio would not start up properly anymore, just like in my previous testing.

Here is a logread from when I click the "Restart" button for the 2.4 GHz radio at the time the WPA3 problem is present.

Wed May  5 00:12:37 2021 daemon.info : 09[KNL] interface wlan0 deleted
Wed May  5 00:12:38 2021 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy0.conf (phy wlan0) --> new PHY
Wed May  5 00:12:38 2021 daemon.info : 14[KNL] interface wlan0 activated
Wed May  5 00:12:38 2021 kern.info kernel: [ 4612.159725] br-lan: port 6(wlan0) entered blocking state
Wed May  5 00:12:38 2021 kern.info kernel: [ 4612.165073] br-lan: port 6(wlan0) entered disabled state
Wed May  5 00:12:38 2021 kern.info kernel: [ 4612.170728] device wlan0 entered promiscuous mode
Wed May  5 00:12:38 2021 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.405537] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.412110] br-lan: port 6(wlan0) entered blocking state
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.417446] br-lan: port 6(wlan0) entered forwarding state
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.456439] br-lan: port 7(wlan0-1) entered blocking state
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.462000] br-lan: port 7(wlan0-1) entered disabled state
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.467757] device wlan0-1 entered promiscuous mode
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.527872] br-lan: port 7(wlan0-1) entered blocking state
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.533425] br-lan: port 7(wlan0-1) entered forwarding state
Wed May  5 00:12:39 2021 daemon.info : 08[KNL] interface wlan0-1 activated
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.671307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0-1: link becomes ready
Wed May  5 00:12:39 2021 daemon.err hostapd: nl80211: kernel reports: key setting validation failed
Wed May  5 00:12:39 2021 daemon.info : 06[KNL] interface wlan0-1 deactivated
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.725078] br-lan: port 7(wlan0-1) entered disabled state
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.736097] device wlan0-1 left promiscuous mode
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.740817] br-lan: port 7(wlan0-1) entered disabled state
Wed May  5 00:12:39 2021 daemon.info : 12[KNL] interface wlan0-1 deleted
Wed May  5 00:12:39 2021 daemon.notice hostapd: nl80211: Failed to remove interface wlan0-1 from bridge br-lan: No such device
Wed May  5 00:12:39 2021 daemon.err hostapd: Interface initialization failed
Wed May  5 00:12:39 2021 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->DISABLED
Wed May  5 00:12:39 2021 daemon.notice hostapd: wlan0: AP-DISABLED
Wed May  5 00:12:39 2021 daemon.err hostapd: wlan0: Unable to setup interface.
Wed May  5 00:12:39 2021 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Wed May  5 00:12:39 2021 daemon.info : 16[KNL] interface wlan0 deleted
Wed May  5 00:12:39 2021 daemon.info : 05[KNL] interface wlan0 activated
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.817474] device wlan0 left promiscuous mode
Wed May  5 00:12:39 2021 kern.info kernel: [ 4612.822202] br-lan: port 6(wlan0) entered disabled state
Wed May  5 00:12:39 2021 daemon.info : 08[KNL] interface wlan0 deactivated
Wed May  5 00:12:39 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING
Wed May  5 00:12:39 2021 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started
Wed May  5 00:12:39 2021 daemon.notice hostapd: wlan0-1: CTRL-EVENT-TERMINATING
Wed May  5 00:12:39 2021 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0-1 wasn't started
Wed May  5 00:12:39 2021 daemon.notice netifd: radio0 (15818): Command failed: Invalid argument
Wed May  5 00:12:39 2021 daemon.notice netifd: radio0 (15818): Device setup failed: HOSTAPD_START_FAILED

Can you share your /etc/config/wireless? Please use code tags (the < / > on the edit bar) to wrap your logs and config files, for better readability.

Thanks for pointing me towards the wireless config file.

Below my text are two /etc/config/wireless files, one with encryption set to WPA2 and another one with encryption set to WPA3. I did change the SSID names and passwords to something else beforehand.

When looking at the files myself I noticed that switching to WPA3-SAE via the Luci interface adds the line "option ieee80211w '2'" to /etc/config/wireless.
So I did some testing and found that if I change the value to '0' via an editor and then restart the radio, then it will start up fine without all those hostapd errors.
(Btw, there is possibly also a bug in Luci, as switching "802.11w Management Frame Protection" to "Disabled" didn't change "option ieee80211w" to '0')

However, if I now try to connect to this AP with my Windows 10-PC with built-in Intel AX200 card (latest official Windows 10 build and latest AX200 drivers), it refuses to connect altogether if I set encryption on the EA4500 to "WPA3-SAE". If I set encryption on the EA4500 to "WPA2-PSK/WPA3-SAE Mixed Mode" it does connect, but using WPA2 encryption. I have no other WPA3 compatible client devices to test this with, but I can confirm WPA3 works fine when connecting this PC to a Huawei router that supports WPA3 and WPA2/WPA3 mixed.
I read in a Wikipedia article that 802.11w is enforced by the WPA3 specifications. So perhaps this may be the reason why Windows 10 refuses to connect via WPA3 if 802.11w is disabled on the router?

By the way, switching the encryption from WPA3 back to WPA2-PSK via Luci apparently doesn't remove the line "option ieee80211w '2'" from /etc/config/wireless, which might explain why the AP still wouldn't start working again after I switched back straight from WPA3 to WPA2-PSK.

Initial /etc/config/wireless file with encryption set to WPA2-PSK for all APs and everything working fine:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:01.0/0000:01:00.0'
	option cell_density '0'
	option country 'DE'
	option htmode 'HT40'
	option noscan '1'
	option channel '13'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option key 'eeeeefffff'
	option ssid '12345678'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11a'
	option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0'
	option cell_density '0'
	option country 'DE'
	option htmode 'HT40'
	option channel '40'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '4500_50'
	option encryption 'psk2'
	option key 'eeeeefffff'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'OpenWrt'
	option network 'lan'
	option encryption 'psk2'
	option key 'eeeeefffff'

/etc/config/wireless after switching one AP to WPA3-SAE encryption via Luci (both APs of radio0 stop working):


config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:01.0/0000:01:00.0'
	option cell_density '0'
	option country 'DE'
	option htmode 'HT40'
	option noscan '1'
	option channel '13'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option key 'eeeeefffff'
	option ssid '12345678'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11a'
	option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0'
	option cell_density '0'
	option country 'DE'
	option htmode 'HT40'
	option channel '40'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '4500_50'
	option encryption 'psk2'
	option key 'eeeeefffff'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'OpenWrt'
	option network 'lan'
	option key 'eeeeefffff'
	option encryption 'sae'
	option ieee80211w '2'

Good catch. I recall there being some issues with the Marvell wireless concerning WPA3 and the additional features it requires compared to WPA2. It boils down to them not supporting full WPA3.