I see quite a lot issues reported in forums about ax lineup WiFi issues, lets collect them here whit possible workarounds and fixes.
I have notices these issues:
The mostly known “rejected, can’t find PMKSA”. It affects my Samsung S22 the most, but I have also seen it affecting S10+ and my laptop whit Intel AX210 WNIC. This should be WPA3 related, if you disable it and use WPA2 only this issue should go away.
“association SA Query timed out” - it is 802.11w Protected Management Frame related. Looks like it started when i turned on FT (Fast BSS Transition (802.11r)).
Please don’t post about slow WiFi speeds, that’s another story, post only issues that make WiFi unstable or otherwise are software or hardware related.
Here’s mine. Been meaning to send support an email and supout but keep forgetting to generate it. Gonna do that the next time it dies.
I have had very few “can’t find PMKSA” errors. It’s always “key handshake timeout” when the wifi hangs.
hAP ax3 v7.9
13 May 3:50am. ax3 7.9. Wifi uptime: 7 days 2hrs.
hAP ax3 v7.10beta
14 May 5:00pm. ax3 7.10beta5. Wifi uptime: 1 days 12hrs.
15 May 12:20pm. ax3 7.10beta5. Wifi uptime: 7 hrs 20 mins.
(I had FT turned on. Maybe shouldn’t have done that. Back to off.)
18 May 8:00am. ax3 7.10beta5. Wifi uptime: 3 days 6 hrs.
19 May 9:16am. ax3 7.10beta5. Wifi uptime: 1 days 1 hr.
My current config (since May 5 or 6)
# may/09/2023 04:15:47 by RouterOS 7.9
# model = C53UiG+5HPaxD2HPaxD
/interface wifiwave2
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=disabled .width=20/40/80mhz \
configuration.country=Malaysia .mode=ap .ssid=mtk disabled=no security.authentication-types=wpa2-psk,wpa3-psk \
.disable-pmkid=no .encryption=ccmp,gcmp,ccmp-256,gcmp-256 .wps=push-button
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=disabled .width=20mhz configuration.country=\
Malaysia .mode=ap .ssid=mtk disabled=no mtu=1500 security.authentication-types=wpa-psk,wpa2-psk .disable-pmkid=no \
.encryption=ccmp,gcmp,ccmp-256,gcmp-256 .wps=push-button
I disabled WPA2 and for now I’m only using WPA3 on ax2, and for now it’s working without any problem, uptime 5d 6h. I was getting PMKSA errors only when WPA2/WPA3 was selected. I’m running 7.10beta5
I bought my routers before cap ax was released… So now there is no chance to explain my wife that we need yet another APs…
I was thinking about setting up capsman but i don’t have third device that should act as controller… And that is just another layer of complexity… And just for roaming…
Oh but for learning there is no problem.
It’s just not needed. I have AX2 and AX3 at home, no capsman.
I have toyed with it too (briefly) to see differences with legacy capsman (I used to have a setup with that for another place) but some of the quirks need to be ironed out before I will try it again.
Or is VLAN handling for ether-ports now sorted out properly ?
Last time I tried it, all VLAN handling needed to be disabled on AP-bridge, hence also for ether-ports.
I never had issues whit VLANs in general, but I did had issue whit interface dynamic add to bridge (so I did it manually). As I revisited config its now working as it should, but system is not perfect. Maybe I don’t know how to do it the right way, but now, afaik, I have to tag interface in capsman interface list and on AP datapath. By logic I understand that server does not know APs datapaths, so this have to be set manually per AP, but vlan tagging should be passed from server, only server side configuration required.
When its wifi dies, the ax3 is still running. Switch, ethernet and containers all ok. Just that nothing connects to the wifi anymore. Logs show “handshake key timeout” whenever any device tries to connect. Nothing in the registration table. For both 2.4 and 5Ghz.
