EAP AP/VLAN: multicast not send to client

Sebastian Gottschall s.gottschall at dd-wrt.com
Tue Feb 2 02:04:56 EST 2021 

the standard ath10k firmware für qca988x chipsets does filter vlans.
the only option for you is using the CT firmware by candelatech, which
does not suffer from this issue.

Sebastian

Am 01.02.2021 um 21:54 schrieb Sven Eckelmann:
> Hi,
>
> I was just testing EAP with dynamic_vlan=2 (and a radius server which returns
> the VLANID 112 for this client). This worked perfectly fine with ath9k. But
> for some reason, the client was not able to receive any multicast/broadcast
> packets with ath10k.
>
> The used OpenWrt 19.07 config was:
>
>      config wifi-iface 'eap_radio0'
>          option device 'radio0'
>          option mode 'ap'
>          option ssid 'MyEAPSSID'
>          option encryption 'wpa2'
>          option ieee80211r '1'
>          option server '192.168.178.123'
>          option key 'testing123'
>          option dynamic_vlan '2'
>          option vlan_bridge 'br-lan'
>
> Which creates following hostapd configuration:
>
>
>      driver=nl80211
>      logger_syslog=127
>      logger_syslog_level=2
>      logger_stdout=127
>      logger_stdout_level=2
>      country_code=DE
>      ieee80211d=1
>      hw_mode=g
>      supported_rates=60 90 120 180 240 360 480 540
>      basic_rates=60 120 240
>      beacon_int=1000
>      dtim_period=2
>      channel=acs_survey
>      chanlist=11
>      
>      
>      ieee80211n=1
>      ht_coex=0
>      ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935][DSSS_CCK-40]
>      
>      interface=wlan0
>      ctrl_interface=/var/run/hostapd
>      bss_load_update_period=60
>      chan_util_avg_period=600
>      disassoc_low_ack=1
>      skip_inactivity_poll=0
>      preamble=1
>      wmm_enabled=1
>      ignore_broadcast_ssid=0
>      uapsd_advertisement_enabled=1
>      utf8_ssid=1
>      multi_ap=0
>      auth_server_addr=192.168.178.123
>      auth_server_port=1812
>      auth_server_shared_secret=testing123
>      eapol_key_index_workaround=1
>      ieee8021x=1
>      auth_algs=1
>      wpa=2
>      wpa_pairwise=CCMP
>      ssid=MyEAPSSID
>      mobility_domain=3bf3
>      ft_psk_generate_local=0
>      ft_over_ds=1
>      reassociation_deadline=1000
>      nas_identifier=ac86749f4dc2
>      r0_key_lifetime=10000
>      pmk_r1_push=0
>      wpa_disable_eapol_key_retries=0
>      wpa_key_mgmt=WPA-EAP FT-EAP
>      okc=0
>      disable_pmksa_caching=1
>      dynamic_vlan=2
>      vlan_naming=1
>      vlan_bridge=br-lan
>      vlan_file=/var/run/hostapd-wlan0.vlan
>      bssid=ac:86:74:9f:4d:c2
>
>
> The client connected and then following was tested to send some data to the
> client (which had wireshark running to check for incoming packets):
>
>      ping ff02::1%wlan0.112
>
> With the ath9k AP, I could see the packets. With ath10k, I wasn't able to see
> anything in the air. So for some reason something (firmware?) is dropping the
> packets. Btw. unicast seems to work fine - but little bit hard to use when ARP
> or ICMPv6 multicast packets are not working.
>
> And there were various reports already in the past which seem to suggest that
> this a problem since a long time:
>
> * https://forum.openwrt.org/t/802-1x-with-dynamic-vlans-5ghz-and-mdns-strange-behaviour/50180
> * https://bugs.openwrt.org/index.php?do=details&task_id=3266&pagenum=3
> * https://forum.openwrt.org/t/multicast-not-working-over-bridged-ap/69059
>
> I have also added the output of
> `perf ftrace ping -c 1 -I wlan0.112  255.255.255.255` in case somebody wants to
> check the trace
>
> Kind regards,
> 	Sven
>
> _______________________________________________
> ath10k mailing list
> ath10k at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/ath10k

More information about the ath10k mailing list