What's new

AiMesh creates Open System connection on 6GHz range

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

pierzogad

New Around Here
My setup is:
TUF GAMING AX6000 as primary router and RT-AXE7800 as node (connected by 2.5G ethernet) - both updated to latest firmware version.

TUF GAMING AX6000 supports only 2.4 and 5 GHz and RT-AXE7800 has 2.4, 5 and 6 GHz.
I've created SSID "Home-Wifi" with WPA2-Personal authentication - and it works fine on 2.4 and 5 GHz bands. However, even though I've disabled 6GHz radio in web UI for RT-AXE7800 node I can see the "Home-Wifi" network on 6GHz band with no password! Anyone can join that network and gain full access to my home network with no password at all!.

Have anyone seen such behaviour? How to disable it?
 
AIMesh has a reputation for not handling node configuration very well if the node has radios that the primary doesn't. This sounds like just another one in a long line of bugs of that ilk.

Plausible solutions include swapping the primary and node, or removing the node from the mesh and configuring it as an independent AP. (You could still have it broadcast the same SSIDs as the primary.)

It's possible that you could configure it as you want standalone, then put it back into the mesh, and not have AIMesh mess with the extra radio's settings. I wouldn't trust that though.
 
I've disabled 6GHz radio in web UI for RT-AXE7800 node
How, pray tell, did you access the web UI on an Aimesh node and through it make node configuration changes (or /attempt/ to, rather unsuccessfully as it seems)?

Or was this something within the controlling router's UI?
 
I've disabled 6GHz radio in web UI for RT-AXE7800 node

Nodes have no Web UI. Your second router is perhaps in AP Mode.

Perhaps another TUF AX6000 is a better and cheaper match for your network.
 
Nodes have no Web UI. Your second router is perhaps in AP Mode.

Perhaps another TUF AX6000 is a better and cheaper match for your network.
Nodes have no web UI.
But router's webUI allows to manage bands of each node. Except - that it doesn't work - i.e. I see all bands of node, I can switch it on and off. But - even though it claims to be off - it's still on and allows connection :(
 
This is AiMesh bug then and nothing you can do about it.

I would send this RT-AXE7800 back and get another TUF AX6000.
 
TUF GAMING AX6000 as primary router and RT-AXE7800 as node (connected by 2.5G ethernet) - both updated to latest firmware version.

TUF GAMING AX6000 supports only 2.4 and 5 GHz and RT-AXE7800 has 2.4, 5 and 6 GHz.

Have you tried flipping them around - letting the RT-AXE7800 device be the main router and root AIMESH node?

I can see how in your config that 6E goes Open, as Aimesh doesn't know what to do with 6E - recall that 6E has specific requirements regarding authentication - It's WPA3 only or Open - it can't do WPA2 or WPA2/3 for 6Ghz...
 
I had the same problem -- not cool ASUS, please fix in a future firmware update.

My main router is the RT-BE88U (WiFi 7 5Ghz) and my node is the RT-AXE7800 (WiFi 6e 6Ghz). I came accross this thread looking for an answer. I don't want to reverse them because the BE88U is overall more capable despite the 5Ghz limitation, and I refuse to accept there's nothing I can do about it.

I was able to fix it using the SSH CLI. If you are comfortable modifying NVRAM, you will need to enable SSH admin in the Web UI then log into the 6Ghz node to make the changes. Otherwise, please don't proceed and brick your router.

First, do an 'nvram dump' to compare the settings of your secured 5Ghz interface (wl1.1 in my case) to the unsecured 6Ghz interface (wl2.1):
Code:
ssh 192.168.100.2 -l adminusername -p 2222 "nvram dump" > dump.txt

Use something like Notepad++ to compare all the settings in each of the wlx.x sections.

Then ssh into the router to make the necessary changes to the unsecured network:
Code:
ssh 192.168.100.2 -l adminusername -p 2222
adminusername@RT-AXE7800-BEEF:/tmp/home/root# nvram set wl2.1_akm="psk2 sae"
adminusername@RT-AXE7800-BEEF:/tmp/home/root# nvram set wl2.1_auth_mode_x=psk2sae
adminusername@RT-AXE7800-BEEF:/tmp/home/root# nvram set wl2.1_mfp=1
adminusername@RT-AXE7800-BEEF:/tmp/home/root# nvram set wl2.1_ssid=yourssid
adminusername@RT-AXE7800-BEEF:/tmp/home/root# nvram set wl2.1_wpa_psk=yourpasskey
adminusername@RT-AXE7800-BEEF:/tmp/home/root# nvram commit

You might need to toggle the radio or reboot the node for the changes to take effect.
 
Last edited:
I saw something similar on 5GHz when I switched the WPS on.
(when WPS is off, there is the entry Configured on a very confusing status "Enabled"....)
Switching off the WPS and rebooting the router the open WiFi is gone!
 
Unfortunately my workaround did not survive the latest firmware update. Now when I change the 6Ghz SSID in nvram it just reverts back to the auto generated one after reboot or toggling the radio. Asus seems to have also changed something such that the 6Ghz PSK is set to a long string of number and letters, so at least it's not "open". I can use the PSK found in the nvram dump to sign on to the network. Although from a security perspective I wonder if it is unique/random to my network or if it is common? This could be a vulnerability.
 
OK. So I have a new fix that survives reboots. Again, this is because I do in fact want the 6Ghz channel enabled on my aimesh node(s), but the ASUS web UI does not allow me to configure or control it because the main aimesh router does not have the 6Ghz feature itself. ASUS should fix this. Also, creating a guest network profile with the 6Ghz channel enabled does not work even though it is implied that it is attempting to assign it to the aimesh node that supports 6Ghz -- it doesn't though.

Instead of modifying the nvram on the aimesh node (see my previous workaround above) I am now modifying it on the main aimesh router. As it turns out the default 6Ghz SSID and PSK is now being configured from the aimesh router even though the web UI does not allow me to edit this information.

Again, first dump the nvram and examine the configuration:
Code:
ssh MYUSERNAME@192.168.0.1 -p 22 "nvram dump" >> out.txt

If you are not comfortable with what you are looking at please don't proceed.

The default SSID and PSK for the 6Ghz channel is configured in 4 separate locations: apm1, wl0, wl1, and wl. Admittedly I don't completely understand why myself, but I went ahead and changed it in all 4 locations. I'm assuming this has to do with simultaneous tri-band or the fact that I have 3 nodes in my aimesh.

Change it like so (at your own risk):
Code:
ssh MYUSERNAME@192.168.0.1 -p 22
nvram set apm1_ssid=MYSSID
nvram set "apm1_security=<3>psk2sae>aes+gcmp256>MYPSK>0<13>psk2sae>aes+gcmp256>MYPSK>0<16>sae>aes+gcmp256>MYPSK>0<96>sae>aes+gcmp256>MYPSK>0"
nvram set wl0_ssid=MYSSID
nvram set wl0_wpa_psk=MYPSK
nvram set wl1_ssid=MYSSID
nvram set wl1_wpa_psk=MYPSK
nvram set wl_ssid=MYSSID
nvram set wl_wpa_psk=MYPSK
nvram commit
nvram save
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top