I'm setting up a new router and taking the opportunity to revise and update my settings, WiFi being among them.
First, I'm wondering if I should keep the SSID on both bands identical to allow for roaming. Did some searching but opinions seem to be evenly divided.
Next, there is the issue of WPA3. I need to install the hostapd-openssl package to make that work? And is it recommended to use WPA2/WPA3 mixed mode instead?
Then there is the KRACK checkbox. I don't think I have any devices old enough to still have that vulnerability.
Choosing a channel or setting it to auto is another question. And how about the width of the band (20/40/80). Have not checked recently but I'm guessing I have a headache-inducing amount of WiFi in my neighborhood.
I have a couple of devices, like my Nest Hub and my smart thermostat which appear to have difficulty maintaining a stable connection. Also have a phone always complaining about having no Internet even when the WiFi is up, which is odd.
My idea was to create 2 SSIDs on each band, one with identical names and one with a 2/5 at the end. That way I can pick and choose. I could also enable WPA3 on one and WPA2 on the other.
I'd love some suggestions since I definitely think there's room for improvement.
Yes, both bands need to have same AP parameters, for example mandated by idevices, but , yes, easy roaming keeps clients connected seamlessly. Do not use mixed mode, clean wpa2 or clean wpa3 are significantly more compatible and stable.
You dont have to change wpad for wpa3, default one is fine
KRACK checkbox - read the wifi page carefully, does not prevent krck alone
Set channel widht to 80 and select auto channel, make sure to set country code first.
Make wpa2-ccmp additional 2.4ghz-only AP for (not so) smart devices.
You can enable optional 11w / pmf, if some device supports it it can protect from external deauthentications.
Do you mean for the router? So that it regularly changes BSSID? That is an interesting idea, and thanks for bringing this to my attention, the option is pretty hidden in luci (you need to open the drop down to see that random is an option).
So clients will go back to the 5Ghz band? They won't fall back to 2.4Ghz and never go back up?
The help message in Luci states "This workaround might cause interoperability issues and reduced robustness of key negotiation..."
Since I do have some of those weird issues I figured I might have to turn it off.
Does this refer to the hostapd-openssl? It states " To use the WPA3 modes as access point, it is required to install the hostapd-openssl package." on the wiki page.
I have heard that when you set it high and there's a lot of interference the speed slows down a lot because it can not allocate the full bandwidth. I also heard that setting the channel to auto will cause it to switch which some clients can not handle and results in them disconnecting. Given how that Nest Hub keeps going back to the setup mode because it thinks my WiFi no longer exists, I figured I might need to set a static channel.
Should I set that to optional then? What about 11r? Does that serve a purpose with only 1 AP?
Roeaming from client depends, something like usteer or dawn can help them decide (non-basic wpad required to actually give out the roam hints)
Reduced robustness means that near border of coverage you will not be able to connect
wpad-basic-mbedtls , or wpad-mbedtls , changing ssl framework is no longer required.
You can use "cell density" parameter to treat weak/slow signals as a noise. You need like 10 competing idle wifi clients+aps to notice saturation.
Not only nest, sometimes chromebooks and droid tvs disable wifi after updates.
11w is management frame protections, making connections immune to deauth flood attack. Imprortant for like security cameras and fireplace controllers.
11r is not required to roam between your TWO access points. It is just how fast is reconnection <.3s or ~1.3s
Random MAC - you make wifi location less accurate in your proximity, no other drawbacks.