Try adding
option disassoc_low_ack β0β
for 2.4 ghz into /etc/config/wireless like in post 6 here
https://forum.openwrt.org/viewtopic.php?id=43188
1 Like
Just found this r3g firmware.
http://downloads.pandorabox.com.cn/pandorabox/17.09/targets/ralink/mt7621/
Have not found flashing instruction yet. Don't know if it uses open or closed source mt76 driver.
Thanks for the assistance with this @dissent1, but issue is still reproducing after setting option disassoc_low_ack β0β in /etc/config/wireless and reboot the router which results with new settings propagation to /var/run/hostapd-phy0.conf
Any other idea?
I have done some more experiments and noticed the following:
- Issue is reproducing with the 2.4GHz only
- Issue is not reproducing when I'm at the same room as the router
- Issue is reproducing in my bedroom which is very close to the room of the router
3.1 The signal strength in time of failure (according to wifi analyzer) is -56dBm for the 2.4GHz and -64dBm for the 5GHz - Issue is reproducing with both android phones (Lineage os) and my IPAD
- After I'm already connected, the connection is not dropping at the same room which the issue happens
- After I'm connected, if I decide to re-login at the room which the issue is reproducing - behavior is undefined - sometimes it succeed, and sometimes not
This pandorabox seems to be a chinese openwrt fork with closed source drivers.
https://forum.openwrt.org/viewtopic.php?id=59341
I have the same
daemon.notice hostapd: wlan0: STA XX:XX:XX:XX:XX:XX IEEE 802.11: did not acknowledge authentication response
error for the 2.4 Ghz frequency. The 2.4 Ghz wifi is not usable at all with my WiFi Router 3G.
At least 5Ghz works but not really good.
Will try pandorabox but have fear that it has a bigger possibility to have a backdoor. Do I need to fear at all?
Oh no flashed pandorabox like an update for lede. Now my router is bricked... first, led is orange for 10sec than the led blinks one time blue to get orange again for 5 sec than led turns off for less than a sec and the whole process begins from the beginning... 
I need a serial cable now?
Yes,nothing without serial.
Please do not flash Pandorabox or Padavan in that way because they have different partition tables
I have successfully built and flashed Padavan for R3G using Prometheus Script. I have also got back to stock firmware using Prometheus Script following steps from this page http://miui.vn/forum/threads/mi-3-quay-ve-rom-goc-khi-da-flash-rom-padavan.31113/. It's in Vietnamese, use Google to translate.
I have also flashed PandoraBox successfully. First I flashed Breed bootloader for R3G then used Breed to flash PandoraBox. I also flashed back stock firmware using recovery option in Breed. The Breed bootloader is in Chinese. There is a Chrome extension called Translator for Breed Bootloader which is very useful.
Breed bootloader is good solution for install anothers ROMs ? pandorabox, stok or padavan ?
or padavan only install with prometheus ?
Padavan is not licensed to be binary distributable. I built and flashed it within Prometheus Script. Breed for R3G has just been released. I just experimented to see what works. I have partition backups of the original firmware and a serial cable ready.
so I understand, in padavan has no way to generate an image for sharing with other users, it allows only on the local router.
My understanding is that you can build and copy a Paravan image but you can't distribute it.
what will happen if you distribute it ?? the SWAT, the FBI and the Mossad will knock to your door at 5 AM ?
Our little device now has hardware watchdog support https://github.com/lede-project/source/commit/3fbf3ab44f5cebb22e30a4c8681b13341feed6a6 so @dissent1 I guess kmod-softdog should be removed from target/linux/ramips/image/mt7621.mk
I just did a compile with kmod-softdog removed and it seems like I still have a running and functional watchdog in the router 
My device is running stable both on 2.4Ghz and 5Ghz with all kind of different wireless devices connected (TV, android, iOS, printer, Sonos ...). I'm using the following config for reference.
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option country 'DK'
option channel '13'
option log_level '4'
option txpower '17'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid '...'
option key '...'
option encryption 'psk2+ccmp'
option wpa_group_rekey '1800'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'VHT80'
option channel '128'
option country 'DK'
option log_level '4'
option txpower '17'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid '...'
option key '...'
option encryption 'psk2+ccmp'
option wpa_group_rekey '1800'Hi there. I posted a few days ago saying that my router was bricked and I was going to try UART. The router was stuck in a boot loop after a failed flash.
EDIT.....
I have now successfully recovered my router. What I did was to flash the kernel0.bin file that was kindly provided to me using option 2 flash using TFTP option in the U-Boot menu. When the router rebooted I was prompted (in the putty serial session) to press the reset button and the router flashed itself from the miwifi.bin file I had in my USB stick. Thanks for everyones help again.
I have now successfully connected a putty session using a UART cable, but I am stuck as to what commands to use. I've tried to flash a lede sys upgrade bin, using option 2 Load system code then write to Flash using TFTP, but when the router reboots it goes back into a boot loop.
I originally deleted the kernel0 partition, and I do have a copy of kernel0.bin that someone kindly made available.Is there some way to restore this onto the router, so that I can use the USB restore method?
Or is there some way to use the TFTP flash to reset my router correctly?
Any help would be much appreciated
>===================================================================
MT7621 stage1 code 10:33:11 (ASIC)
CPU=50000000 HZ BUS=12500000 HZ
==================================================================
Change MPLL source from XTAL to CR...
do MEMPLL setting..
MEMPLL Config : 0x11100000
3PLL mode + External loopback
=== XTAL-40Mhz === DDR-1200Mhz ===
PLL4 FB_DL: 0xe, 1/0 = 573/451 39000000
PLL3 FB_DL: 0x10, 1/0 = 665/359 41000000
PLL2 FB_DL: 0x17, 1/0 = 628/396 5D000000
do DDR setting..[00320381]
Apply DDR3 Setting...(use customer AC)
0 8 16 24 32 40 48 56 64 72 80 88 96 104 112 120
--------------------------------------------------------------------------------
0000:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0001:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0002:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0003:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0004:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0005:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0006:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0007:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0008:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0009:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000A:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000B:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000C:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000D:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
000E:| 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1
000F:| 0 0 0 0 1 1 1 1 1 1 1 1 1 1 0 0
0010:| 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0
0011:| 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0
0012:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0013:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0014:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0015:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0016:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0017:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0018:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0019:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001A:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001B:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001C:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001D:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001E:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
001F:| 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rank 0 coarse = 15
rank 0 fine = 72
B:| 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0
opt_dle value:11
DRAMC_R0DELDLY[018]=0000201F
==================================================================
RX DQS perbit delay software calibration
==================================================================
1.0-15 bit dq delay value
==================================================================
bit| 0 1 2 3 4 5 6 7 8 9
\--------------------------------------
0 | 9 6 7 9 6 6 7 5 6 6
10 | 7 7 7 10 7 7
\--------------------------------------
\
\==================================================================
2.dqs window
x=pass dqs delay value (min~max)center
y=0-7bit DQ of every group
input delay:DQS0 =31 DQS1 = 32
==================================================================
bit DQS0 bit DQS1
0 (1~62)31 8 (1~59)30
1 (1~58)29 9 (2~62)32
2 (1~58)29 10 (1~60)30
3 (1~58)29 11 (0~58)29
4 (1~60)30 12 (1~60)30
5 (1~60)30 13 (1~60)30
6 (1~62)31 14 (1~62)31
7 (0~62)31 15 (1~59)30
==================================================================
3.dq delay value last
==================================================================
bit| 0 1 2 3 4 5 6 7 8 9
\--------------------------------------
0 | 9 8 9 11 7 7 7 5 8 6
10 | 9 10 9 12 8 9
==================================================================
==================================================================
TX perbyte calibration
==================================================================
DQS loop = 15, cmp_err_1 = ffff0000
dqs_perbyte_dly.last_dqsdly_pass[0]=15, finish count=1
dqs_perbyte_dly.last_dqsdly_pass[1]=15, finish count=2
DQ loop=15, cmp_err_1 = ffff0000
dqs_perbyte_dly.last_dqdly_pass[0]=15, finish count=1
dqs_perbyte_dly.last_dqdly_pass[1]=15, finish count=2
byte:0, (DQS,DQ)=(8,8)
byte:1, (DQS,DQ)=(8,8)
20,data:88
[EMI] DRAMC calibration passed
\
\===================================================================
MT7621 stage1 code done
CPU=50000000 HZ BUS=12500000 HZ
===================================================================
\
\
\-Boot 1.1.3 (Apr 17 2017 - 17:00:02)
\
Board: Ralink APSoC DRAM: 256 MB
Power on memory test. Memory size= 256 MB...OK!
relocate_code Pointer at: 8ffac000
\
Config XHCI 40M PLL
\******************************
Software System Reset Occurred
\******************************
Allocate 16 byte aligned buffer: 8ffdffd0
Enable NFI Clock
\# MTK NAND # : Use HW ECC
NAND ID [C8 D1 80 95 42]
Device not found, ID: c8d1
Not Support this Device!
chip_mode=00000001
Support this Device in MTK table! c8d1
select_chip
[NAND]select ecc bit:4, sparesize :64 spare_per_sector=16
Signature matched and data read!
load_fact_bbt success 1023
load fact bbt success
[mtk_nand] probe successfully!
mtd->writesize=2048 mtd->oobsize=64, mtd->erasesize=131072 devinfo.iowidth=8
..============================================
Ralink UBoot Version: 5.0.0.0
\--------------------------------------------
ASIC MT7621A DualCore (MAC to MT7530 Mode)
DRAM_CONF_FROM: Auto-Detection
DRAM_TYPE: DDR3
DRAM bus: 16 bit
Xtal Mode=5 OCP Ratio=1/4
Flash component: NAND Flash
Date:Apr 17 2017 Time:17:00:02
============================================
icache: sets:256, ways:4, linesz:32 ,total:32768
dcache: sets:256, ways:4, linesz:32 ,total:32768
\
\##### The CPU freq = 880 MHZ ####
estimate memory size =256 Mbytes
\#Reset_MT7530
set LAN/WAN LWLLL
\
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP. 4
You choosed 4
0
\
\
\: System Enter Boot Command Line Interface.
\
U-Boot 1.1.3 (Apr 17 2017 - 17:00:02)
MT7621 #hello,
in the snapshot there is a file mir3g-initramfs-kernel.bin, what is it for ?
http://downloads.lede-project.org/snapshots/targets/ramips/mt7621/
in the hammer tutorial here: Xiaomi WiFi Router 3G
we never use that file ?
Is the tutorial still ok to follow ?
At last I got the serial connection running, had to swap the tx pin with the rx pin.
I now have one unnecessay line in the uboot configuration storage.
flag_last_succes=0
instead of
flag_last_success=0
because I mistyped and saved the change. Can I get rid of the line somehow?
NVM I had to do "setenv flag_last_succes" without a varaiable.
Now I have build a padavan firmware with the prometheus script on a physically different network/location.
Someone knows how I can flash the trx file manually?
https://git.lede-project.org/?p=source.git;a=commit;h=f2107fc328ff7f9817fe9ca64f84bba9e32abfc6
Thanks! Just ordered one device.
What about wifi quality? Is it stable?