Menu
What's new
By:
Filters Better Search

Protected Management Frames???

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

speedingcheetah

speedingcheetah

Senior Member
Saw this new setting(or at least I think its new...I haven't noticed it before :confused:)

Its under Wireless - General on my AC56U.

"Protected Management Frames"

Its disabled...and has the options Capable and Required....

What does it do and does it impact performance to have it enabled?

The pop out help says: "Enable WEP encryption to encrypt data"

I set it to capable....but I have no idea how to test and see if it actually is doing anything.
 
Last edited:
speedingcheetah said:
Saw this new setting(or at least I think its new...I haven't noticed it before :confused:)

Its under Wireless - General on my AC56U.

"Protected Management Frames"

Its disabled...

What does it do and does it impact performance to have it enabled?
Click to expand...

Wireless LANs send system management information in unprotected frames, which makes them vulnerable. This standard will protect against network disruption caused by malicious systems that forge disassociation requests that appear to be sent by valid equipment.
Click to expand...

https://en.wikipedia.org/wiki/IEEE_802.11w-2009
 
Adamm said:
https://en.wikipedia.org/wiki/IEEE_802.11w-2009
Click to expand...

um...quoting the definition from Wikipedia doesn't really help me much....

That article says 2009...yet...I have never seen that setting on any router....

Either way....the description in the Asus Firmware says "Enable WEP encryption to encrypt data"

Anyway.....I gather that it does something to protect from wifi attacks or something...(similar to the DOS protection setting does in the WAN settings).....but does it hurt performance....?

I am the only 5ghz wifi around...so I am not worried about someone trying to fake authenticate or whatever.

Any idea how to even check clients to see if they are using this feature?
 
Last edited:
I don't know, but I would guess it's only for the ancient WEP (G networks) encryption.

I would leave it disabled if you don't have any 'classic' clients that are using WEP encryption.
 
speedingcheetah said:
um...quoting the definition from Wikipedia doesn't really help me much....

That article says 2009...yet...I have never seen that setting on any router....

Either way....the description in the Asus Firmware says "Enable WEP encryption to encrypt data"

Anyway.....I gather that it does something to protect from wifi attacks or something...(similar to the DOS protection setting does in the WAN settings).....but does it hurt performance....?

I am the only 5ghz wifi around...so I am not worried about someone trying to fake authenticate or whatever.

Any idea how to even check clients to see if they are using this feature?
Click to expand...

The link has all the information you need, it's not that hard to browse over a few lines to find the answers your looking for..

Which frames are protected(PMF)

Protection-capable management frames are those which are sent after key establishment and can be protected using existing protection key hierarchy in 802.11 and its amendments Only TKIP/AES frames are protected and WEP/open frames are not protected
Click to expand...
 
Adamm said:
The link has all the information you need, it's not that hard to browse over a few lines to find the answers your looking for..
Click to expand...

Don't u think that was the first thing i did was do a search about it.....I ask here so that folks with real world experience and knowledge can give their explanation and advice about it...(like jumbo frames...what a head-ache that is to research...etc). And anyway....wikipedia is often not a reliable source..... and the references are dead links in that page anyway.......

Adamm said:
Only TKIP/AES frames are protected and WEP/open frames are not protected
Click to expand...

By that quote...it says that you're fine if u use TKIP/AES....which is the only option if u use WPA2. ...so it is only for those who use WEP then? So why is it suddenly showing up when u have WP2 selected. (And who uses WEP anymore!?)

Also....I did not see in that page how to check to see if clients are actively using that feature....(as u can run a special ping to check to see of jumbo frames is working, so should u be able to do something to test this feature) So..i have yet to "find the answers I am looking for".
 
Last edited:
Management Frames are the signaling packets used in 802.11 WiFi to allow a device to negotiate with an AP.

The concept of Protected Management Frames was introduced in 2009, but can apply to all flavors of 802.11 (A,B,G, N, etc). It's support is supposed to be mandated for any WPA2 or TKIP device that wants to use the WiFi Alliance logo.

It works by adding a MIC (Message Integrity Check) to these control packets being sent between your PC and the Access Point (WiFi Router). If a control packet is being spoofed by a malicious device, then the MIC check will fail and the frame will be discarded. This helps keep malicious attackers from bumping you off an AP you're already associated with and exchanging encrypted traffic with.

Asus is making this option because older devices, or really limited ones, may not be able to process this more secure type of traffic.

If you set to Enabled, then it will support the new frame format, but not require it.

If you set it to Enforce, then it will require all devices to use it.

Atoshi
 
Reviving this discussion. I've been trying Protected Management Frames out.

PCs, laptops, tablets and phones (Mac,ios,PC,Android) all switched to 'Capable' and 'Required' with no complaints, no indication anything had changed at the device... 2.4 or 5, which is good.

iot didn't do as well when forcing 'Required': On 5ghz, the Amazon Dot had to be unplugged/replugged to get it to work. The Roku 3 however, would not participate no matter how it was restarted.

On 2.4, Venstar color touch thermostats, harmony hub and Rainmachine sprinkler controller would not connect when this setting was 'Required'.

The point is, use "Required" with care based on what you are connecting.

Paul
 
Protected Management Frames - according to the spec (802.11w) - this is basically tri-stated...

Off - the feature is disable
Optional - if the STA supports the feature
On - PMF is required..

PMF builds on WPA2 (not WPA/WPA2 mixed but specifically WPA2) for PSK and Enterprise - PMF works off the group keying, so the beacon is open (because it has to be), but management frames are protected outside of the beacon and probe request/responses - and then we transition to a protected environs...

Wouldn't worry so much about the feature - it either works (depending on client) or it doesn't - the clients are not required to support this 802.11w feature in many cases - and it's not very useful in most...
 
I tried PMFs out after getting RT-AC68U yesterday.
I set them to "Capable".
As long as setting was on "Capable" i could not connect any of my Android devices to the router, even Honor 8 which is a new model.
Had to set them back to "Disabled"
 
pirx73 said:
As long as setting was on "Capable" i could not connect any of my Android devices to the router"
Click to expand...

Interesting. I have older Android devices; an original galaxy tab 2 10.1 and a google gen 1 nexus. Both work when set to "Capable"... along with everything else, on 2.4 and 5ghz
 
pirx73 said:
As long as setting was on "Capable" i could not connect any of my Android devices to the router, even Honor 8 which is a new model.
Click to expand...

it "should" work, but you might have to disassociate the clients, perhaps even delete the previous AP setting on the Android device...

That's the problem though, however, with certain sections of the 802.11 specs, not everything is supporting on every client.

With Huawei - it gets even more odd... as the core code there is primarily for the Chinese market, and they have some of their own secret sauce...
 
I did remove wireless network from the devices completely. But i forgot to mention that other phone was Huawei too - Ascend P7.
Also my wife's P8 did not liked PMFs. Both phones are 2.4GHz-only capable. I consider moving my phone to 2.4GHz SSID and enabling PMFs for 5GHz SSID only.
I did not test 2 Sony tablets i have (Z2 and Z3) i will check them, just for the sake of experiment. I did not do that on first try because if some devices can't work with PMFs enabled, there is no reason to check the rest.
 
Thanks for the great inputs guys....starting with Atoshi, very educational and useful info (unlike being referred to Wiki)
"Capable" setting Works with my Android and Win7/10 devices, will have to see how smart TVs work
 
I think i found the culprit. PFMs does not work with my devices if SSID is hidden.
EDIT:
Did not help. As soon as i set option to "Required" all Huawei phones dropped off the network.
I can only conclude they do not support PMFs even on Honor 8 which is 2016. model.
As for other devices - PCs worked as expected. On both Sony tablets i noticed performance drop.
I have 100Mbit optic connection, without PMFs i could get 100/100 on Speedtest. After enabling PMFs - arround 60/60. Does PMFs really create ~40% overhead? Hard to believe. Most likely tablet CPU does PFM in software, thus increasing load but even that is hard to believe.
 
Last edited:
pirx73 said:
I think i found the culprit. PFMs does not work with my devices if SSID is hidden.
EDIT:
Did not help. As soon as i set option to "Required" all Huawei phones dropped off the network.
I can only conclude they do not support PMFs even on Honor 8 which is 2016. model.
As for other devices - PCs worked as expected. On both Sony tablets i noticed performance drop.
I have 100Mbit optic connection, without PMFs i could get 100/100 on Speedtest. After enabling PMFs - arround 60/60. Does PMFs really create ~40% overhead? Hard to believe. Most likely tablet CPU does PFM in software, thus increasing load but even that is hard to believe.
Click to expand...
I'm bringing this one back from the grave. Nest had an outage yesterday and my nest connect wouldn't connect at all. I remember about month ago I changed this same setting from disabled to capable and I could not connect the device until I disabled this setting. Very frustrating since I tried resetting the nest connect and turning on/off both router and modem and until I finally disabled brought me back to normal. Sorry but thought I wld comment on this particular setting.
 
You must log in or register to reply here.

Similar threads

H
Bug in Asus firmware - Protected Management Frames not backwards compatible causes 802.11n devices to lose connection
Replies
10
Views
3K
ColinTaylor
C
splendid_koi
Gigabit Tx/Rx rates yet slow transfer speeds over wifi
2 3
Replies
53
Views
4K
TheLostSwede
TheLostSwede
A
Ting-fire device can't get DHCP addr direct from Asus router wifi...can get address from Asus router via TP-Link extender
Replies
14
Views
1K
anastrophe
A
T
About to pull my hair out - RT-AX88U Pro 2.4 Wireless clients dropping
2 3
Replies
40
Views
5K
Viktor Jaep
Viktor Jaep
A
Advice on using old PC as dedicated NAS for security cameras
Replies
5
Views
2K
bbunge
bbunge

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 686 (members: 15, guests: 671)
Top