What's new

Asus RT-AC3200 Smart Connect Rules Fine Tuning

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wanted to check in real quick and report some findings of my own regarding Smart Connect settings. I've played with them all for days now and finally found a pretty solid/stable configuration for all of my devices. Both N and AC clients are successfully split between the two 5GHz bands. All clients have been connected without interruption for over an hour now, so no disconnects every 15 minutes or so. Here's my settings, if anyone wants to try them out and report back.


View attachment 3385
So far these settings are working very good for me. Thanks for posting them and all of your time playing with it.
 
pCLC7rB.png


This is mine which stable for my devices...
 
I did a test to do a manual 5Ghz grouping into the same SSID (different channel).. but 2.4Ghz is a different SSID.

Looks good that I can do a manual SC on 2x5Ghz channel without using the complex rule ....

Updated - Yes Smart Connect can work on only 2 x 5Ghz channel only using my method !
 
Last edited:
Wanted to post my current, stable Smart Connect settings and findings. For anyone wanting to separate their N and AC clients between the two 5GHz bands and also cease the routine hourly disconnects, please follow this guide.

1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless


2. Now that the hourly disconnect issue has been solved, let's separate out those N and AC clients between the two 5GHz bands. Replicate each Smart Connect setting provided in the attachment and apply the settings to your router. That's it! Please report back your results after using this guide. :)



SmartConnect_N_AC.PNG
 
Wanted to post my current, stable Smart Connect settings and findings. For anyone wanting to separate their N and AC clients between the two 5GHz bands and also cease the routine hourly disconnects, please follow this guide.

1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless


2. Now that the hourly disconnect issue has been solved, let's separate out those N and AC clients between the two 5GHz bands. Replicate each Smart Connect setting provided in the attachment and apply the settings to your router. That's it! Please report back your results after using this guide. :)



Joe - just wanted to double check if you're using stock firmware or RMerlin's .52_2? Thanks!
 
1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless

wow... that's a major security issue with WPA/WPA2 - the groupwise key should update/spin any time a STA attaches or leave the BSS - and not rolling the pairwise key on a regular basis - say everything 3600 seconds or so, that is another security concern.

This is a signficant bug - someone with contacts at Asus should bring this up...
 
Wanted to post my current, stable Smart Connect settings and findings. For anyone wanting to separate their N and AC clients between the two 5GHz bands and also cease the routine hourly disconnects, please follow this guide.

1. Disable "Network Key Rotation Interval" by setting it to "0" via the router's GUI or SSH.

1A. For the GUI method, be sure Smart Connect is disabled first and all 3 bands are in manual mode then set, in each radio's page, "Network Key Rotation Interval" to "0". Re-enable Smart Connect and, again, set "Network Key Rotation Interval" to "0" if still set to "3600".

1B. For the SSH method, enter the following commands:

nvram set wl_wpa_gtk_rekey=0
nvram set wl0_wpa_gtk_rekey=0
nvram set wl1_wpa_gtk_rekey=0
nvram set wl2_wpa_gtk_rekey=0
nvram commit
service restart_wireless


2. Now that the hourly disconnect issue has been solved, let's separate out those N and AC clients between the two 5GHz bands. Replicate each Smart Connect setting provided in the attachment and apply the settings to your router. That's it! Please report back your results after using this guide. :)





I just loaded up your settings. I will report back my experiences over the next couple days.

Thanks!
 
wow... that's a major security issue with WPA/WPA2 - the groupwise key should update/spin any time a STA attaches or leave the BSS - and not rolling the pairwise key on a regular basis - say everything 3600 seconds or so, that is another security concern.

This is a signficant bug - someone with contacts at Asus should bring this up...
I

wow... that's a major security issue with WPA/WPA2 - the groupwise key should update/spin any time a STA attaches or leave the BSS - and not rolling the pairwise key on a regular basis - say everything 3600 seconds or so, that is another security concern.

This is a signficant bug - someone with contacts at Asus should bring this up...
i thought WPA2 does not use key rotation ? Look at this linksys setup page WPA2 does not use key rotation only WPA or WPA TKIP
http://www.linksys.com/us/support-article?articleNum=139152
 
Keeping things at a very high level...

TL:DR WPA/WPA2 both roll keys, on the Group and Pair...

The author of the article is trying very hard to explain in a simple way, but they're perhaps over simplifying it, and this perhaps can confuse folks..

WPA/WPA2 Personal use a static Pre-Shared-Key (PSK), which is used to generate a Pairwise Master Key, WPA/WPA2 Enterprise use a dynamic key sent over by the RADIUS function... For Enterprise, the RADIUS sets the timer based on policies defined by the Radius Admin, whereas in Personal, you create the PSK, and you set the timer.

We generate a Pairwise Master Key - see above for WPA2-PSK - this is known by both the AP and the STA - it's never sent over the air - instead, there's the 4-way handshake, and a unicast PTK is generated and used, and it will roll on a periodic basis, or if that timer has not elapsed, it's deleted when the STA disassociates from the BSS...

There's also a GroupWise Key that is used for Broadcast/Multicast traffic, and that rolls any time a STA joins or leaves the BSS - or if STA's don't leave, or no new STA's join the BSS, the GTK stays until it's timer expires, and we generate a new GTK...

Doesn't matter whether it's WPA-TKIP, or WPA2-AES (or any combination) - Transient Keys, whether Group or Personal, should always rotate... That's why WPA/WPA2 can be a challenge to hack...

If an AP that is supporting a BSS explicitly tells the BSS that we're not rolling transient keys, this makes it very easy to get enough information that the PSK can then be derived...

We won't talk about WPS - that's a whole nuther ball of worms...
 
how is everyone doing with smart connect ? On the hardware.sg forums, the asus guy said not to use 0 for key rotation as it will 'drown' the router and cause early wear to components.. just wondered if thats still necessary to stop the disconnects
 
it will 'drown' the router and cause early wear to components..

Something must have been lost somewhere in the translation, because I don't understand what that's supposed to mean...
 
I've abandoned using it, for now. ...the frequent disconnects... were simply intolerable.
Me too. In my case, it was Android tablets, but it was just too annoying. All my clients work fine when I turn off this garbage and just connect everything to the high 5gHz band.
 
upgraded to the latest firmware, it doesn't have disconnect problem at all but I only used for a week so far.

The Smart connect rule though is touch, when put in AC only in the 5G-2 band, it won't connect Amazon FireTV for some reason no matter how I played with different combination. The VHT value is totally a mystery but is the default value now at least when I bought it. If not for FireTV the default value works the best where all devices are connected correctly in corresponded bands. But I ended up using the reference setting from this thread to leave the VHT to "All" but devices connection are not consistent with the correct band.

Smart connect is a nice feature but desperately needs some best practices guideline.
 
I was using the latest stable release of Merlin and the latest beta from Asus and both sets of firmware have newer Smart Connect Rules that do not let my Amazon Echo connect no matter how much I try. Disabling smart connect allows it instantly. I'm using trichard's settings now in the mean time, but I wonder why Amazon devices are having issues with these rules?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top