I forgot to add that if enabling wpa_disable_eapol_key_retries does cause interoperability issues on a Wi-Fi network, then one can create a guest VLAN with this parameter disabled, and enable this parameter on a secure non-guest VLAN. This is not difficult to achieve with OpenWrt, and I will be happy to provide details in a separate thread if there is some interest.