New Xiaomi router AC2100

I believe WPA3 works fine. However I use router as plain AP. ~500 mbit/s are reachable with iperf3 (5 threads) between mobile phone and wired PC.
Does WPA3 even need hardware support in wifi chip? I believe key is derived on CPU and then saved in wifi chip. Encryption algorithm stays same (AES).

The processor MT7621A hasn’t hardware support for WPA3 and it is not necessarily to have it.
Sadly MediaTek MT7615N is not Wi-Fi certified for WPA3.
I don't see many WPA3 wifi adapters announcements yet.

Can i flash openwrt using Windows 10 or i need mac/linux to do it? (Black cylinder router).

Just follow the manual (wiki page). I flashed my router on windows, but linux also should be fine.

Thanks, this guide you mean?

https://openwrt.org/inbox/toh/xiaomi/xiaomi_mi_router_ac2100

1 Like

Intel's AX200 supports WPA3. Sadly they won't update drivers for older adapters.

What advantages WPA3 hardware support provides? Does it offload handshakes somehow? I monitored cpu load while running 10 thread iperf session. It remained close to 0%. I believe traffic does not touch CPU and all encryption happens in wifi chip regardless of authentication method.

WPA3 replaces the WPA2 Pre-Shared Key (PSK) with Simultaneous Authentication of Equals (SAE) to avoid key reinstallation attacks like notorious KRACK. It will keep your network devices safe while connecting to a wireless access point. SAE is also an effective defense against offline dictionary attacks.
The new standard introduces enhanced 128-bit encryption in WPA3-Personal implementation. Using higher bit encryption significantly decreases the odds of compromising the key.

@scp07 I did some more testing over the weekend and did notice that there are still a lot of wifi connection drops when running the router in Bridged AP mode. Is there anything I can send you since you don't own the black AC2100?

Mee too, did some test this weekend and stock firmware seem for now à bit better at throughput and distance.

I will try Openwrt again at holyday with much time to play with.

Nope I was using wpa-psk. And you you mentioned that WPA2-psk was replaced by wpa3. I thought the performance would be better, at least for the testing in WPA only. Do you think it would make a difference?

You can choose yourself the encryption option enable WPA3 using openwrt GUI and try it!

And 160mhz channels, which I may want to try out at some point.

I probably should have clarified that only the key exchange wouldn't get offloaded on 5ghz, which is likely inconsequential in terms of performance. (I can't actually deploy WPA3 in my network without breaking things soooo...)

The use of GCMP in WPA3 should be offloaded on the MT7615, to my understanding.

The MT7603 on the other hand I think will fall back to cpu, since they don't appear advertise it. (Or support it)

Which overall might make roaming a bit messy?

1 Like

Keenetic Giga and Viva with MediaTek MT7621AT with hardware encryption and MT7615DN supports WPA3-192 Enterprise (Suite B).
Xiaomi AC 2100 hasn't hardware encryption (MediaTek MT7621A), the question is if MT7603 and MediaTek MT7615N support it?

Thanks for the advice. But when I'm trying to set this option. I'm getting an error code "requires hosted with SAE Support". There should be another option activated?

You need to install other hostapd package. You can find exact information on openwrt wiki (search for WPA3)

I've got a black AC2100 in the meantime. I'm running it since 22 days without any interruption and until now I had zero connection drops. With which device are you trying to use it as a bridged AP? Do you see anything useful from logread?

Redmi AC 2100 (MT7621A) hasn't hardware encryption, the question is if MT7603 and MediaTek MT7615N support WPA3-192 Enterprise?

Thanks,
I was able to activate it. But unluckily the results from iperf3 didn't changed a lot.


Maybe be I'll get better results on the next release

https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=53a1fede1f9856b61092ce4693e7610a515d562b

1 Like

Having it connected to a Telekom Speedport Smart 3. I'll provide with logs (if any) in the upcoming days.