Asus RT-AC3200 Smart Connect Rules Fine Tuning

[civiksi]

Wanted to check in real quick and report some findings of my own regarding Smart Connect settings. I've played with them all for days now and finally found a pretty solid/stable configuration for all of my devices. Both N and AC clients are successfully split between the two 5GHz bands. All clients have been connected without interruption for over an hour now, so no disconnects every 15 minutes or so. Here's my settings, if anyone wants to try them out and report back.


View attachment 3385

So far these settings are working very good for me. Thanks for posting them and all of your time playing with it.

 

[trichard]

This is mine which stable for my devices...

 

[trichard]

I did a test to do a manual 5Ghz grouping into the same SSID (different channel).. but 2.4Ghz is a different SSID.

Looks good that I can do a manual SC on 2x5Ghz channel without using the complex rule ....

Updated - Yes Smart Connect can work on only 2 x 5Ghz channel only using my method !

 

[joe012594]

Wanted to post my current, stable Smart Connect settings and findings. For anyone wanting to separate their N and AC clients between the two 5GHz bands and also cease the routine hourly disconnects, please follow this guide.

1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless

2. Now that the hourly disconnect issue has been solved, let's separate out those N and AC clients between the two 5GHz bands. Replicate each Smart Connect setting provided in the attachment and apply the settings to your router. That's it! Please report back your results after using this guide.

 

[qsyang]

Wanted to post my current, stable Smart Connect settings and findings. For anyone wanting to separate their N and AC clients between the two 5GHz bands and also cease the routine hourly disconnects, please follow this guide.

1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless

2. Now that the hourly disconnect issue has been solved, let's separate out those N and AC clients between the two 5GHz bands. Replicate each Smart Connect setting provided in the attachment and apply the settings to your router. That's it! Please report back your results after using this guide.

View attachment 3676​

Joe - just wanted to double check if you're using stock firmware or RMerlin's .52_2? Thanks!

 

[joe012594]

Joe - just wanted to double check if you're using stock firmware or RMerlin's .52_2? Thanks!

Tested with the latest of both firmwares, stock and Merlin.

 

[qsyang]

Tested with the latest of both firmwares, stock and Merlin.

Smart Connect has been running for almost 24 hours now, so far so good, no disconnect noticed. Thank you!

 

[trichard]

Sharing my latest working setting..

 

[sfx2000]

1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless

wow... that's a major security issue with WPA/WPA2 - the groupwise key should update/spin any time a STA attaches or leave the BSS - and not rolling the pairwise key on a regular basis - say everything 3600 seconds or so, that is another security concern.

This is a signficant bug - someone with contacts at Asus should bring this up...

 

[adampk17]

Wanted to post my current, stable Smart Connect settings and findings. For anyone wanting to separate their N and AC clients between the two 5GHz bands and also cease the routine hourly disconnects, please follow this guide.

1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless

2. Now that the hourly disconnect issue has been solved, let's separate out those N and AC clients between the two 5GHz bands. Replicate each Smart Connect setting provided in the attachment and apply the settings to your router. That's it! Please report back your results after using this guide.

View attachment 3676​

I just loaded up your settings. I will report back my experiences over the next couple days.

Thanks!

 

[jerry6]

wow... that's a major security issue with WPA/WPA2 - the groupwise key should update/spin any time a STA attaches or leave the BSS - and not rolling the pairwise key on a regular basis - say everything 3600 seconds or so, that is another security concern.

This is a signficant bug - someone with contacts at Asus should bring this up...

I

wow... that's a major security issue with WPA/WPA2 - the groupwise key should update/spin any time a STA attaches or leave the BSS - and not rolling the pairwise key on a regular basis - say everything 3600 seconds or so, that is another security concern.

This is a signficant bug - someone with contacts at Asus should bring this up...

i thought WPA2 does not use key rotation ? Look at this linksys setup page WPA2 does not use key rotation only WPA or WPA TKIP
http://www.linksys.com/us/support-article?articleNum=139152

 

[sfx2000]

Keeping things at a very high level...

TLR WPA/WPA2 both roll keys, on the Group and Pair...

The author of the article is trying very hard to explain in a simple way, but they're perhaps over simplifying it, and this perhaps can confuse folks..

WPA/WPA2 Personal use a static Pre-Shared-Key (PSK), which is used to generate a Pairwise Master Key, WPA/WPA2 Enterprise use a dynamic key sent over by the RADIUS function... For Enterprise, the RADIUS sets the timer based on policies defined by the Radius Admin, whereas in Personal, you create the PSK, and you set the timer.

We generate a Pairwise Master Key - see above for WPA2-PSK - this is known by both the AP and the STA - it's never sent over the air - instead, there's the 4-way handshake, and a unicast PTK is generated and used, and it will roll on a periodic basis, or if that timer has not elapsed, it's deleted when the STA disassociates from the BSS...

There's also a GroupWise Key that is used for Broadcast/Multicast traffic, and that rolls any time a STA joins or leaves the BSS - or if STA's don't leave, or no new STA's join the BSS, the GTK stays until it's timer expires, and we generate a new GTK...

Doesn't matter whether it's WPA-TKIP, or WPA2-AES (or any combination) - Transient Keys, whether Group or Personal, should always rotate... That's why WPA/WPA2 can be a challenge to hack...

If an AP that is supporting a BSS explicitly tells the BSS that we're not rolling transient keys, this makes it very easy to get enough information that the PSK can then be derived...

We won't talk about WPS - that's a whole nuther ball of worms...

 

[adampk17]

I just loaded up your settings. I will report back my experiences over the next couple days.

Thanks!

Unfortunately, this didn't help me.

 

[Speedluvver]

how is everyone doing with smart connect ? On the hardware.sg forums, the asus guy said not to use 0 for key rotation as it will 'drown' the router and cause early wear to components.. just wondered if thats still necessary to stop the disconnects

 

[RMerlin]

it will 'drown' the router and cause early wear to components..

Something must have been lost somewhere in the translation, because I don't understand what that's supposed to mean...

 

[Speedluvver]

Something must have been lost somewhere in the translation, because I don't understand what that's supposed to mean...

See here -> http://forums.hardwarezone.com.sg/94094566-post3554.html - he does not say damage to components, but someone else on the thread adds that, I am guessing heat, but that may not be the case, he may just mean instability..

 

[adampk17]

how is everyone doing with smart connect ?

I've abandoned using it, for now. With my iPhones and iPads the frequent disconnects, even after trying suggestions in this thread, were simply intolerable.

 

[scottegos2]

I've abandoned using it, for now. ...the frequent disconnects... were simply intolerable.

Me too. In my case, it was Android tablets, but it was just too annoying. All my clients work fine when I turn off this garbage and just connect everything to the high 5gHz band.

 

[bit curation]

upgraded to the latest firmware, it doesn't have disconnect problem at all but I only used for a week so far.

The Smart connect rule though is touch, when put in AC only in the 5G-2 band, it won't connect Amazon FireTV for some reason no matter how I played with different combination. The VHT value is totally a mystery but is the default value now at least when I bought it. If not for FireTV the default value works the best where all devices are connected correctly in corresponded bands. But I ended up using the reference setting from this thread to leave the VHT to "All" but devices connection are not consistent with the correct band.

Smart connect is a nice feature but desperately needs some best practices guideline.

 

[frostrambler]

I was using the latest stable release of Merlin and the latest beta from Asus and both sets of firmware have newer Smart Connect Rules that do not let my Amazon Echo connect no matter how much I try. Disabling smart connect allows it instantly. I'm using trichard's settings now in the mean time, but I wonder why Amazon devices are having issues with these rules?