group key rotation every hour on one router not the other?

[lgkahn]

i have two gt-axe16000 running in ap mode with the settings for system and 2.4 ghz wifi save differnt ssids)
i have legacy devices connecting to the 2.4ghz and dont understand why on one of the routers i have group key rotations every hour and none on the other?

 

[Tech9]

Just set both the way you want and experiment if it works for your needs. If one of the routers had at some point IoT network with preset compatibility settings key rotation may be 0 for better stability.

 

[Ripshod]

Just set both the way you want

I can't find any relevant settings anywhere in the gui. I'm seeing the group key rotation on my router too, but the only ill effect is the occasional drop of streaming over WiFi. Just happened now as I'm typing.

 

[Tech9]

It was in Wireless, General before. Gone now? The default was 3600, but on some equipment it’s 0.

 

[Ripshod]

Yes, it's gone now. So unless someone comes along with an nvram setting we're stuck with 1hr rotation.
I haven't time now - I'll look when I get back home later.

 

[chris.at]

At least on the AX86U Pro it's still in the gui (set to 86400 in my environment), but these are the nvram variables:

wl0_wpa_gtk_rekey=86400
wl1.1_wpa_gtk_rekey=86400
wl1_wpa_gtk_rekey=86400
wl_wpa_gtk_rekey=86400

wl0 is 2.4 GHz, wl1 is 5 GHz and wl1.1 is the guest ssid on 5 GHz. But what purpose has the wl without the interface identifier behind? This exists for every wifi nvram parameter (wl, wl0, wl1) and I have no idea what wl is used for.

OT: If I test it with the dtim value, wl takes over the value from wl0 or wl1, depending on which one was changed last. Makes no sense to me, so maybe someone can clarify what wl is used for?

setting dtim on wl1 to 3 and wl0 to 2 (all changes done in gui, wl takes over the changed value few seconds after wl0/1 variable changed):
wl0_dtim=2
wl1_dtim=3
wl_dtim=2

changing wl1 to 1:
wl0_dtim=2
wl1_dtim=1
wl_dtim=1

changing wl1 to 4:
wl0_dtim=2
wl1_dtim=4
wl_dtim=4

changing wl0 to 1:
wl0_dtim=1
wl1_dtim=4
wl_dtim=1

 

[Tech9]

ASUS may have decided to hardcode the value. In theory it's security related.

 

[chris.at]

Yes of course it is security related. But why are there 3 different variables for nearly every wifi setting (wl, wl0, wl1) for only 2 wifi interfaces and the one without the interface identifier in the name (wl) changes its value more or less randomly between the value of wl0 and wl1?

 

[Tech9]

Seems normal to me. I see individual settings per SSID on my UniFi equipment and in theory with 4x dual-band APs I can set 64x SSIDs with individual Group Rekey Interval. The default was 0, I have it set at 3600.

 

[dave14305]

But why are there 3 different variables for nearly every wifi setting (wl, wl0, wl1) for only 2 wifi interfaces and the one without the interface identifier in the name (wl) changes its value more or less randomly between the value of wl0 and wl1?

The wl_ variables are usually containing whatever band was last displayed in the gui, when you had to always switch bands between 2.4 and 5.0, like on the Professional page.

 

[chris.at]

The wl_ variables are usually containing whatever band was last displayed in the gui, when you had to always switch bands between 2.4 and 5.0, like on the Professional page.

Thank you very much dave!

 

[lgkahn]

figured it out . in my case one of the routers had wps enabled. once I disabled that it stopped doing hourly key rotations

 

[Ripshod]

Also figured it out for my own setup. WPS was already disabled (SOP). After searching for "rekey" in the nvram.txt file BACKUPMON saves I have this:

nvram set wl0.1_wpa_gtk_rekey=86400
nvram set wl0.2_wpa_gtk_rekey=86400
nvram set wl0_wpa_gtk_rekey=86400
nvram set wl1.1_wpa_gtk_rekey=86400
nvram set wl1.2_wpa_gtk_rekey=86400
nvram set wl1_wpa_gtk_rekey=86400
nvram set wl_wpa_gtk_rekey=86400
nvram commit

Survives a reboot. I'll know in a little under an hour if this is a fix. These are all that showed up in nvram with non-zero values (3600) so don't ask me why there seems to be a 2.4GHz on the main wifi and a 5GHz on the Guest even though I don't use them.