I just upgraded one of my APs from 19.07.7 to 21.02.1.
Now I am facing connectivity issues with iOS clients. They sometimes can't connect or randomly disconnect whenever I am using option encryption 'sae-mixed'.
As soon as I switch it back to option encryption 'psk2+ccmp' the issues are gone.
Model TP-Link Archer C7 v2
Architecture Qualcomm Atheros QCA9558 ver 1 rev 0
Firmware Version OpenWrt 21.02.1 r16325-88151b8303 / LuCI openwrt-21.02 branch git-21.357.58218-b3cd473
Kernel Version 5.4.154
Tue Jan 11 22:10:13 2022 daemon.info hostapd: wlan1: STA MA:C0:AD:DR:ES:S0 IEEE 802.11: authenticated
Tue Jan 11 22:10:13 2022 daemon.info hostapd: wlan1: STA MA:C0:AD:DR:ES:S0 IEEE 802.11: associated (aid 1)
Tue Jan 11 22:10:13 2022 daemon.notice hostapd: wlan1: AP-STA-CONNECTED MA:C0:AD:DR:ES:S0
Tue Jan 11 22:10:13 2022 daemon.info hostapd: wlan1: STA MA:C0:AD:DR:ES:S0 WPA: pairwise key handshake completed (RSN)
Tue Jan 11 22:10:18 2022 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED MA:C0:AD:DR:ES:S0
Tue Jan 11 22:10:18 2022 daemon.info hostapd: wlan1: STA MA:C0:AD:DR:ES:S0 IEEE 802.11: disassociated
Tue Jan 11 22:10:19 2022 daemon.info hostapd: wlan1: STA MA:C0:AD:DR:ES:S0 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
It seems to only affect an iPhone X the same generation iPad is working fine.
What I also noticed is that sometimes devices (iOS and Android) don't automatically connect to the SSID once in range. This also happended before upgrading to the latest version of OpenWrt.
Here is my entry on a totally different device for reference. I do not experience these issues with an iPhone X. Again, I think the issue could be unrelated the settings and perhaps something in a driver or firmware.
I'm seeing this too. I noticed that switching to just sae (WPA3) or pure WPA2 makes the respective Apple phones and tablets connect without any issues.
Some googling hints that this is only problematic when WPA2/WPA3-mixed mode is combined with enabling extensions like 802.11r/802.11k/802.11v. These are needed to implement Wi-Fi steering (aka seamless roaming). You'd normally enable them when you have several WiFi APs. So it's understandable why not everybody is able to reproduce this issue.
FWIW I blame Apple as there seem to be other AP firmwares/vendors having this same problem with portable Apple devices.
Alright... So I've now verified that having 802.11k, 802.11v and 802.11w enabled does not influence the situation. Having them enabled, I've confirmed that a combination of wireless.default_radio0.encryption='sae-mixed' + wireless.default_radio0.ieee80211r='1' causes problems. Changing any of them makes everything work.
So the workarounds are:
If you have a single AP and don't need Wi-Fi steering/roaming β just disable 802.11r and you can keep sae-mixed.
If you do need Wi-Fi steering, you'll have to choose either WPA2 or WPA3. If you don't have ancient devices, go for later. Otherwise, stick with the former for the time being.
P.S. Interesting observation: when I had an iPad connected with sae-mixed + 802.11r disabled, and then enabled 802.11r (causing the AP Wi-Fi interface reload), the iPad stayed connected (well, I guess re-connected almost instantly) and toggling its Wi-Fi switch off and on again keeps it connected. But if I disconnect for a while and its internal state resets/times out, then it won't be able to connect back at all, reporting the infamous Unable to join the network "***". This seemingly obvious nuance makes troubleshooting a bit more troubling. Beware.
Also see Apple's list of which devices support WPA3: https://support.apple.com/guide/security/secure-access-to-wireless-networks-sec8a67fa93d/web
In particular, older iPads don't support WPA3 so they'll try only WPA2.
I had trouble myself with mixed WPA2/WPA3, some iOS devices were fine and some iOS devices were not. Only the ones with WPA3 support hit the problems.
I've also started seeing this and I also have sae-mixed + 802.11r enabled. To add to the workarounds list- I added another wifi network with wpa2 only and connected the ios devices to that ssid. I know it's not ideal either but for me it works better than reverting everything to wpa2 or disabling 11r.
FWIW... I've experimented w mixed mode in the house, to see if I could go full WPA3, and there's ONE item that's not compatible! An older Tivo, 2-3 gen back, thats still used, just won't connect on mixed mode. Im just using just basic mixed mode, no other features.
There's always something.. I also tried the protect the management frames feature, and ONE of my music player boxes wasnt happy with that...
I am also facing this issue, it happens even on new macbook air (m1). Strange is that on macbook pro with same processor (m1 pro) this isnβt happening as well as on very old iPhone SE everything works. Hopefully it will be fixed soon.
I've encountered this issue too with firmware 22.03.1 and iPhone X or 8 (fully updated). They won't connect at all when I choose WPA2/WPA3 mixed mode in combination with Fast Roaming enabled. Works fine on an iPhone SE 2022.
I've seen different error messages from the iPhones that won't connect. "This network is operating on Wi-Fi channels in use by several other nearby networks. Restarting the router may allow it to automatically chose the best channel to use, and may resolve this problem." Which is nonsense since my iPhone SE 2022 which I had sitting besides it would connect just fine and I was using free channels. Other messages are (translated) "Cannot connect, come closer and try again" and "Cannot connect".
Yes, I just had the issue today with both a MAC and an iPhone. I haven't verified the MAC 100% yet, but I did with the iPhone on both a C7 as well as a Belkin RT3200.
The iPhone could not connect to WPA2/3 mixed mode at all on both 2.4 or 5ghz bands. I also tried changing 802.11w to see if that would make a difference, just as a test. However, the iPhone could connect to just WPA2 or just WPA3. Very odd indeed.
Every other device connects. Ring. Cameras. Samsung watch. Oculus. Multiple TV's. Firesticks. Alexa. I even have a Suvie cooking device that connects no problem.
Mixed mode tends to cause problems with lots of devices, as does protected management frames (802.11w). It's one of the first things I look for when people have difficulty connecting -- turning off 802.11w and/or moving to pure WPA2 or WPA3 will usually resolve the problem.
I did try turning 802.11w on while in just wpa2 or wpa3, and that did work.
Someone mentioned 802.11r. I do have that on, and haven't tried wpa2/wpa3 with 802.11r turned off.
That's odd. Maybe try forgetting the network on both your phone and watch and then re-adding it (when the network is using PSK2). My watch connects without issue to PSK2 networks.