Since the last major overhaul (see: T452), newer WiFi standards have been established and hardware is becoming available to the open market.
This feature request shall concentrate on implementing WiFi Access Points on the 6GHz band. To ease development, the focus should be on implementing WiFi-6e (IEEE 802.11ax for 6GHz).
**Reasoning:
**
* Implementing WiFi-6e (IEEE 802.11ax for 6GHz only) would be less complicated than adding yet another set of flags (HE) to the current set of WiFi configurations covering HT and VHT. In hostapd, WiFi-6e is done differently and requires a different set of settings.
* The 6GHz band offers a vast improvement on bandwidth in many countries where the 5GHz bands are severely regulated (such as in Europe). While on 6GHz one may easily achieve throughput of more than 1GBit/sec, this is almost not possible on 5GHz, making development effort for 5GHz questionable.
* Later implementations for WiFi-7 (IEEE 802.11be) would be similar to WiFi-6e. WiFi-7 would also use 6GHz, but is not limited to that band by standard IEEE 802.11be.
**Suggested testbeds:
**
I have done some prior research on what hardware might be available to implement this. These were my results so far:
* Atheros ath11k devices might be available on some places - however, I could not find a source in Europe for a decent device.
* MEDIATEK Filogic 330 (mt7922e) and Filogic 630 (mt7916e) are available and support WiFi-6e AP mode on 6GHz. Sources below. I was able to set up a 6GHz AP based on Debian Trixie (Kernel 6.7) and connect to that AP, however, the connection was instable and only held for a minute or so. This time was enough to run iperf3 which yielded throughput of more than 100 MBytes/sec on that prototype. I used both, a mt7916e and mt7922e module as AP on a PC-Engines APU3.
**Sources:
**
Hardware may be fetched from the sources below.
* MEDIATEK Filogoc 630:
* NGFF M.2 3052 module: https://asiarf.com/product/wi-fi-6e-m-2-ae-key-module-mt7916-aw7916-aed/
* mPCIe 3052 module: https://asiarf.com/product/wi-fi-6e-mini-pcie-module-mt7916-aw7916-npd/
* MEDIATEK Filogic 330:
* NGFF M.2 2230 MEDIATEK MT7922 aka. AMD RZ616 devices are available as builtin OEM modules or from Ebay and Amazon marketplaces.
* PC-Engines APU2 or APU3 boards:
* https://www.apu-board.de/
* https://www.varia-store.com/en/produkt/844582-apu2e4-system-board-3x-lan-4-gb-ram-intel-i211-nic.html
* https://www.varia-store.com/en/produkt/690431-apu3d4-starter-kit-1-ghz-4-gb-ram-3x-lan-intel-i211-nic.html
**TODOs:
**
`[x]` Acquire a suitable NIC and make a testbed
`[x]` Find a stable hostapd.conf for WiFi-6e
`[x]` Implement new settings to vyos-1x
`[x]` Test thoroughly and bugfixes
`[o]` Issue PR against upstream vyos-1x (https://github.com/vyos/vyos-1x/pull/3524)
`[o]` Issue PR againsst upstream vyos-documentation (https://github.com/vyos/vyos-documentation/pull/1471)
where:
`[ ]`: TODO; `[o]` in-the-works; `[x]` complete
**Configurations:
**
While I'll be working on this topic and subsequently adding results to this post, I'd be glad for any help on further stabilizing the 6GHz AP configuration. The config below seems to make a sufficiently stable AP. Throughput remains acceptable and stable even behind one wall and is on par with 5GHz WiFi-5 through two walls (no steel reinforcement).
Rough throughput measurements for 6GHz at 160MHz bandwidth:
| no walls | 100 - 150 MByte/s |
| one wall | 60 - 100 MByte/s |
| two walls | 30 - 60 MByte/s |
My /etc/hostapd/hostapd-wifi6e.conf - start AP using `hostapd -t -d -P /var/run/wlan0.pid /etc/hostapd/hostapd-wifi6e.conf`
```
###################################################################
# HostAPd configuration for WiFi-6e for a MEDIATEK mt7916 NIC #
# #
# Requirements for WiFi-6e (ieee80211ax) on 6GHz: #
# - WPA3 for authentication #
# - SAE key management required for WPA3 #
# - Management Frame Protection required for WPA3 #
# - Radar awareness required for some RegDomains on 5GHz and 6GHz #
# - WME/WMM required #
###################################################################
#
# Posix Socket - (i.e. for hostapd_cli)
ctrl_interface=/var/run/hostapd
# driver interface
driver=nl80211
# NIC to be configured
interface=<wlan0..n>
device_name=802.11ax 6GHz
# This WiFi NIC is a bridge slave...
bridge=<br0..n>
wds_sta=1
# Logging
logger_stdout=-1
logger_stdout_level=0
logger_syslog=-1
logger_syslog_level=0
# Registry Domain configured by Country Code
country_code=<2-LETTER-COUNTRY-CODE>
ieee80211d=1
# Fulfill requirements for AP operation on 6GHz -- This is an INDOOR ONLY AP
he_6ghz_reg_pwr_type=0
# Expect this AP not to change its position and antenna alignment
stationary_ap=1
he_6ghz_rx_ant_pat=1
# Activate beamforming capabilities
he_mu_beamformer=1
he_su_beamformee=1
he_su_beamformer=1
# Limit number of concurrent "clients" (stations) and do not restrict them by MAC address
max_num_sta=24
macaddr_acl=0
# Frequency band and channel selection for 6GHz WiFi-6e using 160MHz bandwidth
hw_mode=a
op_class=134
channel=1
he_oper_centr_freq_seg0_idx=15
# Configure for WiFi-6e protocol (AX mode) and set a BSS color
ieee80211ax=1
he_bss_color=<1..63>
# Enable Radar detection and DFS support if available
ieee80211h=1
enable_background_radar=1
# Enforce Management Frame Protection (MFP) as required for WPA3
ieee80211w=2
beacon_prot=1
# Configure Ciphers, Re-Keying Intervals and Authentication Protocols for WPA3
wpa=2
wpa_key_mgmt=SAE
auth_algs=1
wpa_pairwise=CCMP CCMP-256 GCMP GCMP-256
rsn_pairwise=CCMP CCMP-256 GCMP GCMP-256
group_mgmt_cipher=AES-128-CMAC
extended_key_id=1
wpa_gmk_rekey=86400
wpa_group_rekey=86400
wpa_group_update_count=4
# Configure SSID and Passphrase
ssid=<SSID>
sae_password=<PASSPHRASE>
#
# Wireless Multimedia Extensions (WME) and Wi-Fi Multimedia (WMM)
wme_enabled=1
wmm_enabled=1
#
# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
# These parameters are used by the access point when transmitting frames to the clients.
# Low priority / AC_BK = background
tx_queue_data3_aifs=7
tx_queue_data3_cwmin=15
tx_queue_data3_cwmax=1023
tx_queue_data3_burst=0
# Normal priority / AC_BE = best effort
tx_queue_data2_aifs=3
tx_queue_data2_cwmin=15
tx_queue_data2_cwmax=63
tx_queue_data2_burst=0
# High priority / AC_VI = video
tx_queue_data1_aifs=1
tx_queue_data1_cwmin=7
tx_queue_data1_cwmax=15
tx_queue_data1_burst=3.0
# Highest priority / AC_VO = voice
tx_queue_data0_aifs=1
tx_queue_data0_cwmin=3
tx_queue_data0_cwmax=7
tx_queue_data0_burst=1.5
# Quality of Service (QoS) parameters
# Low priority / AC_BK = background
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
# Normal priority / AC_BE = best effort
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
# High priority / AC_VI = video
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
# Highest priority / AC_VO = voice
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
```
I directly used wpa_supplicant to connect as NetworkManager mostly failed at first to detect and connect to the AP. With the more stable hostapd-wifi6e.conf and a DHCPd service in background, NetworkManager reliably connects to this AP.
Here is my wpa_supplicant.conf. Connect using `sudo wpa_supplicant -d -i wlp1s0 -c /etc/wpa_supplicant/wpa_supplicant.conf`.
```
ctrl_interface=/run/wpa_supplicant
update_config=1
#ap_scan=0
country=<COUNTRY-CODE>
network={
scan_freq=5955 5975 5995 6015 6035 6055 6075 6095 6115 6135 6155 6175 6195 6215 6235 6255 6275 6295 6315 6335 6355 6375 6395 6415
ssid="<SSID-IDENTIFIER>"
key_mgmt=SAE
auth_alg=OPEN
ieee80211w=2
sae_password="<PASSPHRASE>"
}
```
**Proposed VyOS configuration:
**
Here is what a proposed VyOS config for 802.11ax at 6GHz would look like. Mechanics have been implemented but need work on some details.
**Note:** Regulatory Domain configuration has been moved back to `system wireless`. Details are in T6318.
```
vyos@vyos# show system wireless
country-code de
[edit]
vyos@vyos# show interfaces wireless wlan1
address 10.255.6.254/24
beacon-frame-protection enabled
capabilities {
he {
beamform {
multi-user-beamformer
single-user-beamformee
single-user-beamformer
}
bss-color 37
center-channel-freq {
freq-1 15
}
channel-set-width 134
}
}
channel 1
description "6GHz 802.11ax"
mgmt-frame-protection required
mode ax
security {
wpa {
cipher CCMP
cipher CCMP-256
cipher GCMP
cipher GCMP-256
group-cipher CCMP
group-mgmt-cipher BIP-GMAC-256
mode wpa3
passphrase secretpassphrase123
}
}
ssid 80211ax-6GHz
type access-point
[edit]
vyos@vyos#
```
**Quirks and Workarounds:
**
**6GHz band is completely disabled in `iw list`.** This may be the case if you try to use a MEDIATEK card on Linux 6.6.30 or 6.7.x or newer. There seems to be a lot going on in the Kernel's WiFi section right now. A new feature called "CLC (Country Location Control)" which must be disabled in the `mt7921_common` module to use the 6GHz band. Make a file `/etc/modprobe.d/mt7921.conf` containing `options mt7921_common disable_clc=1`. Source: https://community.frame.work/t/responded-amd-rz616-wifi-card-doesnt-work-with-6ghz-on-kernel-6-7/43226
**Wireless Regulation Domain would not apply correctly.** There seem to be issues with the current `wireless-regdb` packages delivered with VyOS. As of now, 5GHz channels would not allow access point operation (`iw list` showing `no-ir` on all channels) and 6GHz channels would be completely disabled. Also, switching country codes (`iw reg set DE`) would not have any effect. For now, I have this workaround:
* Download and install `wireless-regdb` from the [[ https://packages.ubuntu.com/jammy/all/wireless-regdb/download | Ubuntu Packages ]] page, and
* (not needed anymore with newest 1.5-rolling) manually configure your regulatory domain as option for the `cfg80211` module by editing `/etc/modprobe.d/cfg80211.conf` and adding this line: `options cfg80211 ieee80211_regdom=DE`
**Throughput jitters on MT7922 cards.** You might try to disable power management for that card by adding the line `options mt7921e disable_aspm=Y` to the file `/etc/modprobe.d/mt7921.conf`. This setting flattened out the valleys in my throughput graphs.
**The NIC from [[ https://asiarf.com/product/wi-fi-6e-mini-pcie-module-mt7916-aw7916-npd/ | AsiaRF ]] would not fit into the standard APU2/3 case.** The NIC comes with a heatsink of 10mm height. You //must// add this to your NIC, otherwise it will overheat quickly, especially when transmitting. Using a piece of sandpaper, take of 1mm off the heatsink pins to allow a nice fit. Be sure to have some 0.5mm thermal pad at hand. I used a 40mm x 40mm x 0.5mm piece of thermal pad and applied it between the NIC's shortened heatsink pins and the APU enclosure's cover, which then nicely serves as a heat spreader. This keeps the NIC nice and cool.