Community discussions

MikroTik App
 
gammy69er
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Sun May 18, 2014 3:01 am

hap AX3, WifiWave2 and Legacy clients.

Wed Feb 22, 2023 1:53 pm

Have had a bit of a dig, but come up empty - so am putting it out there.

Have a new AX3, 2nd time messing with WifiWave2 - and am having issues with an older client devices connecting to the AP/Router.

Have set up wifi fully "AX" mode, but using wpa2 and ccmp (aes) encryption in conjunction with wpa3 (also just ccmp so I don't have to go around and reconnect all my device)

The legacy device is a Nintendo New 3DS. It does not see the 2ghz wifi at all. If I drop the 2ghz to "N" wireless and lose the wpa3, it shows up and is connect able, while keeping the ccmp as is... I may have even left the wpa3 on in one test, it may have just been ignored.
I also attempted making a VAP with a lower "Band" (selecting n or g instead of AX), but obviously the VAP works it's channels at the same as the Master Interface (was hoping for a stepdown spoof or something).

Anywho - my question - is this expected behavior, not being able to connect legacy devices to AX wifi.
Old Wifi driver with AC let you select a/n/ac or b/g/n, but now you can't select multiple.

I know I have had this 3DS connected to Wifi6 aps before (however one of those may have had wifi4 2ghz radios like Wifi5 units did). I am pretty sure the consumer grade wifi6 stuff can do g/n/ax also, but it appears that my router, for the moment, can either do g/n OR ax (I say g/n as the 3DS apparently only has g wireless). More testing to go on, but any info anyone can put forward would be appreciated.

I'll have to crack out a few old lappies and see what shakes out.

As for the 5ghz can confirm AC/AX working, but again need to test N and A for connectivity.

In the meantime, I was replacing a Unifi AC/ER-X combo, so will put the Unifi back on with different SSID for legacy (small home so all g, but for work, moving forward, need to know these things)
 
gammy69er
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Sun May 18, 2014 3:01 am

Re: hap AX3, WifiWave2 and Legacy clients.

Wed Feb 22, 2023 2:05 pm

Oh, and sorry, forgot to mention...

I don't particularly want to drop the 2ghz wifi back to"n" permanently either, as sometimes my AX devices will connect to 2ghz, for better range and whatnot. 2ghz AX is Amazing, honestly thought 2ghz was dead with AC not getting an update - but here we are.
Yes I run single ssid across bands. If you have a problem with that, there's likely tissues next to the lotion on your "homework desk" :p (sorry, am really tired now - have fun all)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11452
Joined: Thu Mar 03, 2016 10:23 pm

Re: hap AX3, WifiWave2 and Legacy clients.

Wed Feb 22, 2023 3:21 pm

In principle wifiwave2 setting of, say, band="2GHz-ax", will support older technology generations (b, g, n). In legacy driver it was possible to disable older technologies, but this doesn't seem to be possible (for now) in wifiwave2. It's best to leave "supported-rates" at defaults, trying to optimize that for too good performance actually drops support for legacy devices.

Support for legacy security settings: most probably b devices only support WEP and g devices may only support WPA/TKIP or they may support newer. n devices (and newer) should support WPA2/AES-CCMP. However sometimes devices panic if they see security profile which they don't understand. Possibly some also panic if they encounter channel parameters they don't recognize. But the former is easier solvable: run virtual interface with separate SSID and legacy security settings (e.g. WPA+TKIP). This should make legacy clients happy.

The other thing is that making hybrid WPA2/WPA3 security profile is not exactly trivial. Some time ago I found an article (which I can't find now) explaining how such setup should look like on Mikrotik (which involved virtual AP with WPA2-only support and configuring it as kind of fall back channel for hybrid one or some such). I tried and my WPA2-only devices plain ignored such WiFi AP channel. So I quit trying in hope for Mikrotik to come back with simpler way of doing things backwards compatible.
 
gammy69er
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Sun May 18, 2014 3:01 am

Re: hap AX3, WifiWave2 and Legacy clients.

Fri Feb 24, 2023 9:20 am

In principle wifiwave2 setting of, say, band="2GHz-ax", will support older technology generations (b, g, n). In legacy driver it was possible to disable older technologies, but this doesn't seem to be possible (for now) in wifiwave2. It's best to leave "supported-rates" at defaults, trying to optimize that for too good performance actually drops support for legacy devices.

Support for legacy security settings: most probably b devices only support WEP and g devices may only support WPA/TKIP or they may support newer. n devices (and newer) should support WPA2/AES-CCMP. However sometimes devices panic if they see security profile which they don't understand. Possibly some also panic if they encounter channel parameters they don't recognize. But the former is easier solvable: run virtual interface with separate SSID and legacy security settings (e.g. WPA+TKIP). This should make legacy clients happy.

The other thing is that making hybrid WPA2/WPA3 security profile is not exactly trivial. Some time ago I found an article (which I can't find now) explaining how such setup should look like on Mikrotik (which involved virtual AP with WPA2-only support and configuring it as kind of fall back channel for hybrid one or some such). I tried and my WPA2-only devices plain ignored such WiFi AP channel. So I quit trying in hope for Mikrotik to come back with simpler way of doing things backwards compatible.
Hey, Thanks for the info - but I'm not sure you picked up what I was laying down.

The AX "Should", as you say, run back to versions prior, and also, as you say, certain versions of wifi started with specific security, and evolved to others throughout their lifespan.

In the case that I have before me (the New 3DS), is a strange one as everywhere I have seen states it is "g" wireless, however ONLY supports WPA2 - AES encryption. It does not even see the wifi of the AX3 when set to AX mode... It is not just "not connecting".

Either way, it would not work on the AP until I set the 2.4ghz wifi to "n" and disabled wpa3. This supports your theory of "step down to below selected" but also begs the question as to why it was not showing on the client at all.

However I don't know that you actually have to select the "Band" setting anyway. I discovered this the other day, but have not had a chance to test fully. I did try your suggestion of a test VAP with lower security prior to my post, but it was fruitless at the time.

Have just had the wife go out for the evening, so am going to have a play with some settings and report back with any results later. The hope is to be able to get legacy device support in some capacity while keeping the latest, but we'll see how we go.
 
gammy69er
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Sun May 18, 2014 3:01 am

Re: hap AX3, WifiWave2 and Legacy clients.

Fri Feb 24, 2023 10:18 am

ok, so first round of testing done with New 3DS.
Here are the base settings - nothing special
/interface wifiwave2 channel
add frequency=2412-2472 name=2ghz-channel width=20/40mhz
add band=5ghz-ax frequency=5150-5895 name=5ghz-channel width=20/40/80mhz
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk group-encryption=ccmp management-protection=allowed name=sec-LAN wps=push-button
/interface wifiwave2 configuration
add name=wifi-cfg security=sec-LAN ssid=internets
/interface wifiwave2
set [ find default-name=wifi1 ] channel=5ghz-channel configuration=wifi-cfg configuration.mode=ap disabled=no security=sec-LAN
set [ find default-name=wifi2 ] channel=2ghz-channel configuration=wifi-cfg configuration.mode=ap disabled=no mtu=1500 security=sec-LAN
add configuration.mode=ap .ssid=tes3ds disabled=no master-interface=wifi2 name=wifi3 security.authentication-types=wpa2-psk .encryption=ccmp
as noted previosly I have yet to enable GCMP - but not important for this testing (I presume - but having it on means I need to re-setup several devices at home that I CBF with atm)

So - with these settings - 3DS does not see the intewrnets or test3ds wifi at all. you will note that I have not set "band" in 2ghz "channel" - is not required as will default to highest - as I have now found

If I set "band" on channel or Master device (wifi2) directly to "2ghz-ax" - stil nothing. If I set to "2ghz-n" or "2ghz-g" (g also requires stepping to 20nhz) - then it works. Security was the same in all of those tests (WPA2 and WPA3 - CCMP). Also along with g, n also worked @ 20mhz - whereas ax still did not.

Strangely - when disabling security - the 3DS COULD see the SSID at all "bands"and channel widths. This I find to be very odd - considering the security was the same between "band" changes.

When dropping the Security to a lower level - basically the same as above - on ax, nothing visible, but on g and n - all the internet.

Even on the VAP with the above security settings, it is no longer visible - Dropping to WPA2 only, again nothing...I have however found that WPA with AES does actually appear to work (along with no security)... how strange. The 3DS does support WPA2 - but when the mikrotik is in ax mode - it does not show - however when WPA is selected it does.
NOTE - this is using WPA CCMP ONLY - if any additional are selected - still does not work (why my initial checks fasiled in my initial post) (n.b. not testing EAP)

Not entirely Ideal - but something for the moment.
Here is the code for the VAP -
/interface wifiwave2
add configuration.mode=ap .ssid=tes3ds disabled=no master-interface=wifi2 name=wifi3 security.authentication-types=wpa-psk .encryption=ccmp
Hope this helps someone.
I'm gonna check in with Support - see if this is intended/expected. While I wait for them, have a few other legacy devices to confirm the same issues. Will report back when I know more
 
gammy69er
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Sun May 18, 2014 3:01 am

Re: hap AX3, WifiWave2 and Legacy clients.

Fri Feb 24, 2023 12:56 pm

One Final note for the Evening.

I tested 3 more "legacy" devices. A Wii U (b/g/n) - a PS3 (B/G) and a hAP AC

Wii U - Worked Fine
PS3 - worked fine - annoying as I was hoping this would bee like the 3DS - potentially proving the bug

the hAP AC was an odd one. While in b/g/n mode - worked
while in b/g or b or g - would not connect
in any mode - would scan and find the SSID in question - but IDK if the mikrotik can restrict the radio band for scan as the radio is the radio...

Anywho - part of a win. Have a UBNT pico2 (not M2) floating about that I may try - but at this stage I suspect there is something wrong in the radio driver to cause some devices to not work. Could be H/W too - but while in lower modes it works... all speculation.

Will hand this info on to Mikrotik Support also
 
PeterXC
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Fri Feb 10, 2023 7:51 pm

Re: hap AX3, WifiWave2 and Legacy clients.

Fri Feb 24, 2023 6:20 pm

The other thing is that making hybrid WPA2/WPA3 security profile is not exactly trivial. Some time ago I found an article (which I can't find now) explaining how such setup should look like on Mikrotik (which involved virtual AP with WPA2-only support and configuring it as kind of fall back channel for hybrid one or some such). I tried and my WPA2-only devices plain ignored such WiFi AP channel. So I quit trying in hope for Mikrotik to come back with simpler way of doing things backwards compatible.
Hi,
In my case, setting up a common security profile fixed it and both WPA2 and WPA3 work fine
interface/wifiwave2/security/print detail  
Flags: X - disabled 
 0   name="common-auth" authentication-types=wpa2-psk,wpa3-psk passphrase="xxx" wps=disable 
What I hate in ax3 is poor 2Ghz performance. Radio only supports g/n/ax, no ac. It is good for IoT devices, not real traffic :(
If you have a mixed network with ac and ax devices, stay away from ax3
 
gammy69er
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Sun May 18, 2014 3:01 am

Re: hap AX3, WifiWave2 and Legacy clients.

Wed Mar 08, 2023 11:20 am

Hi,
In my case, setting up a common security profile fixed it and both WPA2 and WPA3 work fine
interface/wifiwave2/security/print detail  
Flags: X - disabled 
 0   name="common-auth" authentication-types=wpa2-psk,wpa3-psk passphrase="xxx" wps=disable 
What I hate in ax3 is poor 2Ghz performance. Radio only supports g/n/ax, no ac. It is good for IoT devices, not real traffic :(
If you have a mixed network with ac and ax devices, stay away from ax3
Hey - well - this throws up a whole other kettle of fish.
You have not set a Encryption Type. Back in the day when I had an old router and didn't understand what this was for - i used to have TKIP and AES selected. Later down the track - I got a new router and knew that AES was significantly faster that TKIP, so I switched to that. Low and behold - almost all of my devices needed to forget the network and re-connect - as although they were capable of AES - thy had saved the link to the network as TKIP. I honestly thought that the key was the only important part - but appears the encryption type is saved on devices in the back end - and most cannot update (and none I have seen auto update encryption).

This may be different with WPA3 GCMP from CCMP - but I doubt it (will have to test another time).

This means 2 things...
1. I am making the same mistake again with CCMP/GCMP - but I can live with that.
2. Your settings above don't have a selection for encryption so "may" default back to TKIP - hence the performance loss - but the possible reason for the connection of the legacy device

I can get upwards of 160mbps on 2ghz devices - I was shocked the first time I realized - as I went to switch to 2ghz - then realized I was on 2ghz. This was with GCMP at the time - and I have not the capacity at home to test CCMP to full - but it likely won't be that far off.

It would be nice to think you devices can negotiate the highest settings - but is rarely the case in my line of work (WISP/ISP/Hotspot Services).

On the Unifi AC Lite - WPA2 and AES work with the 3DS... On the AX @ AX - it don't (I tried multiple iterations).

The fact the hAP AC did exactly the same as te 3DS would lead me to think there is a specific cicumstance where things are not working correctly - the PS3 however does rebuke that - but am still waiting for support to get back - and since it only took a day for them to respond the last time - I might have found something...

Anywho - thanks for the potential fix - it is absolutely viable for some - but the performance hit of legacy encryption coyboying around my devices is not what I was looking for (don't @ me on CCMP - I know - but it is still "required" in some cases)

Gonna hit up 7.8 and see if anything sneaky made it in - but not holding my breath.
 
vizcsap
just joined
Posts: 1
Joined: Thu Dec 14, 2023 9:04 pm

Re: hap AX3, WifiWave2 and Legacy clients.

Thu Dec 14, 2023 9:13 pm

I know this is an old topic, but @gammy69er were you eventually able to connect the 3ds to the AX wifi? I'm having the same problem as you with the hap AX3 and I don't want to drop my 2GHz AX wifi to N if I don't have to.

Also I don't know if you've noticed but if I switch the band on wifi2 to N, connect the 3ds and then switch the band back to AX the 3ds stays connected to wifi2. The 3ds remains connected to wifi2 even after I rebooted the handheld.

Who is online

Users browsing this forum: No registered users and 8 guests