RT-AC88U (384.7_2): WEP "Gremlin"

[backport]

Firstly, WEP… no. This one is interesting; I call it a Gremlin more than a Bug

I have the full config dumps exported as well as syslog if required to provide - nothing abnormal. This makes me think it is something in the BCM firmware itself


Symptoms

1. Selecting the “WPA2-Personal” setting applies WEP security for both 2.4GHz and 5GHz SSID’s on my RT-AC88U, when using firmware 384.7_2. This should not be possible to start with
2. When selecting “WPA-Auto-Personal”, it applies this setting correctly and 2.4GHz operates correctly. 5GHz is also able to connect but no traffic is seen via trace between a client or the router and via dummy method, the client isn’t able to see the gateway
3. The router is able to apply “WPA2-Personal” to both 2.4GHz and 5GHz Guest Networks in parallel to pt. 1, that works perfectly for all clients mentioned in the Test Devices mentioned below
   1. Note: Guest networks are not normally in use and were just a workaround / trial and error for the problem mentioned above

(Initial) Diagnosis

1. There is a problem applying “WPA2-Personal” security in firmware 384.7_2 on the RT-AC88U
2. There is a potential second problem relating to 5GHz, which is less likely / not confirmed as they are both using the BCM4366 chipsets and same driver version

Test Devices

The determination of this Gremlin comes from multiple different angles, eliminating everything but the router

Operating Systems;

1. macOS Mojave 10.14.2 Beta (18C48a) <-- shows as a WEP network (guest shows as WPA2-Personal)
2. Ubuntu 18.10 <-- shows as a WEP network (guest shows as WPA2-Personal)
3. Windows 10.0.17134 <-- shows as a WEP network (guest shows as WPA2-Personal)
4. Windows 10.0.18092 (Insider) <-- doesn’t allow connections to a WEP network (guest shows as WPA2-Personal)

Network Adapters;

1. AirPort Extreme (7.77.61.1)
2. Alfa AWUS051NH (5.1.25.0)
3. Broadcom 4360 (7.21.190.32)
4. Marvel AVASTAR Wireless-AC Network Controller (15.68.9125.57)
5. Qualcomm Atheros QCA61x4A (12.0.0.722)

Config Delta Analysis

The below two tables (sorry for the formatting, they can be taken as CSV) show the delta between when selecting “WPA-Auto-Personal” and “WPA2-Personal”

1. Output of “nvram show” shows only two relevant deltas, the first two are expected

WPA-Auto-Personal, WPA2-Personal, Delta
cfg_ver=47493560, cfg_ver=21455560, Delta
login_timestamp=22857, login_timestamp=23272, Delta
wl1_akm=psk psk2, wl1_akm=psk2 Delta
wl1_auth_mode_x=pskpsk2, wl1_auth_mode_x=psk2, Delta

1. Output of “nvram show |grep wl1”, shows only two deltas overall for wl1 and all sub-interfaces

WPA-Auto-Personal, WPA2-Personal, Delta
wl1_akm=psk psk2, wl1_akm=psk2, Delta
wl1_auth_mode_x=pskpsk2, wl1_auth_mode_x=psk2, Delta


Standard Troubleshooting

1. Has been applied;
   1. Reflash
   2. Factory Reset
   3. Factory Initialize
   4. Revert to earlier versions
   5. Try turning it off and then back on again

Other Information

I own a RT-AC87U running the same firmware. The behaviour is not replicated on this device. It was replaced by the 88U due to the Quantenna QT3840BC / QT2518B 5Ghz chipsets causing sometimes issues with Apple devices... but now it seems I have another incompatible device

 

[sfx2000]

Interesing - can you walk thru the steps to reproduce?

Not making excuses - the WebGUI is getting more and more brittle over time, this might be one of those quirks...

 

[backport]

Unfortunately (for me) this isn't a WebGUI bug

I can reproduce / explain what I am experiencing doing the following;
- Select "WPA-Auto-Personal" in the dropdown of either 2.4GHz or 5GHz non-guest SSID's. The result is the network security is seen as WPA-Personal from the clients mentioned above some basic tool like inSSIDer . nvram shows "wl1_akm=psk psk2" (replace with wl0 for 2.4GHz)
- Select "WPA2-Personal" in the dropdown of of either 2.4GHz or 5GHz non-guest SSID's. The result is the network security is seen as WEP ***not expected*** from the clients mentioned above some basic tool like inSSIDer. nvram shows "wl1_akm=psk2" (replace with wl0 for 2.4GHz)

It gets further interesting if the same steps are completed for the guest SSID's, which produce the expected results
- Select "WPA-Auto-Personal" in the dropdown of either 2.4GHz or 5GHz guest SSID's. The result is the network security is seen as WPA-Personal from the clients mentioned above and some basic tool like inSSIDer. nvram shows "wl1.1_akm=psk psk2" (replace with wl0.1 for 2.4GHz)
- Select "WPA2-Personal" in the dropdown of either 2.4GHz or 5GHz guest SSID's. The result is the network security is seen as WPA2-Personal from the clients mentioned above and some basic tool like inSSIDer. nvram shows "wl1.1_akm=psk2" (replace with wl0.1 for 2.4GHz)


I'm wondering if there is the remotest chance there is any difference in the implementation of the Guest SSID's or if this is something really special with my device. I should mention as well this is done in isolation (full recovery > nvram reset) and no other config applied

I'm hoping maybe someone sees this and suggest I might have a defective or failing device. WPA is not such a great compromise

 

[sfx2000]

That's odd - on your Mac, if you have WiFi Explorer (great app, and well worth the price), take a look at the RSN Info stanza on the Beacon frame - if that epigram is not present, then yep, it could be WEP, otherwise if it is present, then some sort of WPA is in place...

 

[john9527]

My memory is a bit sketchy, but I seem to remember that there are some dependencies between the main wifi and guest networks that share the same radio. There were some cases where it didn't like different authentication schemes and force them to be the same.

 

[backport]

I've analysed, it was definitely WEP... aside from annihilating the config / nvram several times, I resorted to the firmware restoration utility of ASUS (which is also on Mac via the App Store, but not mentioned on their site if anyone comes across this thread)

- Using the latest ASUS out-of-the-box version 3.0.0.4.384.32799, the issue mentioned above was no longer present
- Moving straight back to Merlin's 384.8, the issue above was also not present

Conclusion ?
Not 100%, but from what is described I can only suspect somewhere along the line I did a dirty upgrade and the rest is history...


p.s. sorry for wearing out the pixels on your monitor, but appreciate the responses