EAP AP/VLAN: multicast not send to client

Sven Eckelmann sven at narfation.org
Mon Feb 1 15:54:35 EST 2021 

Hi,

I was just testing EAP with dynamic_vlan=2 (and a radius server which returns 
the VLANID 112 for this client). This worked perfectly fine with ath9k. But 
for some reason, the client was not able to receive any multicast/broadcast 
packets with ath10k.

The used OpenWrt 19.07 config was:

    config wifi-iface 'eap_radio0'           
        option device 'radio0'           
        option mode 'ap'                
        option ssid 'MyEAPSSID'        
        option encryption 'wpa2'        
        option ieee80211r '1'           
        option server '192.168.178.123'   
        option key 'testing123'
        option dynamic_vlan '2'      
        option vlan_bridge 'br-lan'

Which creates following hostapd configuration:


    driver=nl80211
    logger_syslog=127
    logger_syslog_level=2
    logger_stdout=127
    logger_stdout_level=2
    country_code=DE
    ieee80211d=1
    hw_mode=g
    supported_rates=60 90 120 180 240 360 480 540
    basic_rates=60 120 240
    beacon_int=1000
    dtim_period=2
    channel=acs_survey
    chanlist=11
    
    
    ieee80211n=1
    ht_coex=0
    ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935][DSSS_CCK-40]
    
    interface=wlan0
    ctrl_interface=/var/run/hostapd
    bss_load_update_period=60
    chan_util_avg_period=600
    disassoc_low_ack=1
    skip_inactivity_poll=0
    preamble=1
    wmm_enabled=1
    ignore_broadcast_ssid=0
    uapsd_advertisement_enabled=1
    utf8_ssid=1
    multi_ap=0
    auth_server_addr=192.168.178.123
    auth_server_port=1812
    auth_server_shared_secret=testing123
    eapol_key_index_workaround=1
    ieee8021x=1
    auth_algs=1
    wpa=2
    wpa_pairwise=CCMP
    ssid=MyEAPSSID
    mobility_domain=3bf3
    ft_psk_generate_local=0
    ft_over_ds=1
    reassociation_deadline=1000
    nas_identifier=ac86749f4dc2
    r0_key_lifetime=10000
    pmk_r1_push=0
    wpa_disable_eapol_key_retries=0
    wpa_key_mgmt=WPA-EAP FT-EAP
    okc=0
    disable_pmksa_caching=1
    dynamic_vlan=2
    vlan_naming=1
    vlan_bridge=br-lan
    vlan_file=/var/run/hostapd-wlan0.vlan
    bssid=ac:86:74:9f:4d:c2


The client connected and then following was tested to send some data to the 
client (which had wireshark running to check for incoming packets):

    ping ff02::1%wlan0.112

With the ath9k AP, I could see the packets. With ath10k, I wasn't able to see 
anything in the air. So for some reason something (firmware?) is dropping the 
packets. Btw. unicast seems to work fine - but little bit hard to use when ARP 
or ICMPv6 multicast packets are not working.

And there were various reports already in the past which seem to suggest that 
this a problem since a long time:

* https://forum.openwrt.org/t/802-1x-with-dynamic-vlans-5ghz-and-mdns-strange-behaviour/50180
* https://bugs.openwrt.org/index.php?do=details&task_id=3266&pagenum=3
* https://forum.openwrt.org/t/multicast-not-working-over-bridged-ap/69059

I have also added the output of
`perf ftrace ping -c 1 -I wlan0.112  255.255.255.255` in case somebody wants to
check the trace

Kind regards,
	Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ftrace.log.zip
Type: application/zip
Size: 113524 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/ath10k/attachments/20210201/7c33881e/attachment-0001.zip>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/ath10k/attachments/20210201/7c33881e/attachment-0001.sig>

More information about the ath10k mailing list