Tbh, I never checked that way 
I used wifi analyzer to verify the radio advertising FT - it's up to the client to do the actual transition anyway.
2 Likes
com.vrem.wifianalyzer @ Google store.
wifianalyzer is one word, that's why you get several hits.
It's the green one (the 1st two are ads).
+FT as an attribute would suggest it works, for an AP point of view.
1 Like
Oh and that is all , I thought it is going to show more , but thank you anyway , this programm shows that AP supports FT , I just wanted to be sure that FT really works after going through all the points once , as I know after rebooting first time handshake is longer than other times , that is why I want to find a way to be sure that FT works perfectly, my log shows 4 way handshake all the time
In the AP logs you should see entries like this:
WPA: FT authentication already completed - do not start 4-way handshake
Walking around with the phone, you should see in Wifi Analizer that the highlighted network (the one the phone is currently associated to) keeps the same SSID, but different MAC address and -possibly- channel.
Starting a Ping from a terminal console to your local gateway (or to a host in your network) you should lose just a few packets while roaming
1 Like
On each router the same SSID but deferent BSSID
Also you can see all 3 signals have the same name (SSID)on the screenshot earlier , but
I don't have
WPA: FT authentication already completed - do not start 4-way handshake
In my log file. What did a wrong I don't know and I don't know how to figure it out
I would try to set "generate pmk locally" on first.
Make sure mobility domain is the same on all APs.
Then you could try to separate the channels.
Apparently the signal levels are pretty close from the screenshot you posted.
It's up to the client choosing if and where to roam to.
1 Like
A Grand Prime also displays + FT and fails to connect.
You may need to increase the log verbosity, see:
Here what a the log would look like:
Fast transition log
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: binding station to interface 'wlan0'
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authentication OK (FT)
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-AUTHENTICATE.indication(xx:xx:xx:xx:xx:xx, FT)
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: association OK (aid 3)
Thu Nov 4 10:37:42 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 3)
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-REASSOCIATE.indication(xx:xx:xx:xx:xx:xx)
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: binding station to interface 'wlan0'
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 6 notification
Thu Nov 4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: FT authentication already completed - do not start 4-way handshake
(note: I may have extra logs as I have some custom build options)
Edit: after reading your log again, it seems it is not working for you, as it performs a complete handshake:
OP logs
Wed Nov 3 21:48:46 2021 daemon.notice hostapd: wlan0: AP-STA-DISCONNECTED 70:8a:09:df:f1:bc
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: authentication OK (open system)
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: event 0 notification
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-AUTHENTICATE.indication(70:8a:09:df:f1:bc, OPEN_SYSTEM)
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-DELETEKEYS.request(70:8a:09:df:f1:bc)
Wed Nov 3 21:48:46 2021 daemon.info hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: authenticated
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: association OK (aid 1)
Wed Nov 3 21:48:46 2021 daemon.info hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: associated (aid 1)
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-REASSOCIATE.indication(70:8a:09:df:f1:bc)
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-DELETEKEYS.request(70:8a:09:df:f1:bc)
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: binding station to interface 'wlan0'
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: event 1 notification
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: sending 1/4 msg of 4-Way Handshake
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: received EAPOL-Key frame (2/4 Pairwise)
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: sending 3/4 msg of 4-Way Handshake
Wed Nov 3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: received EAPOL-Key frame (4/4 Pairwise)
1 Like
On a side note, I believe you should not use same/overlapping channels between your APs, STAs will otherwise compete for air time, and hinder performance.
On the 2 GHz band, spreading your APs between the 1/6/11 channels is a common practice (those 3 channels do not overlap).
2 Likes
I did these commands to set up the level of log to 1
root@ap10:~# cat /var/run/hostapd-phy0.conf driver=nl80211 logger_syslog=127 logger_syslog_level=1 logger_stdout=127 logger_stdout_level=1 country_code=RU ieee80211d=1 hw_mode=g
beacon_int=100
channel=11
ieee80211n=1
ht_coex=0
ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]
interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
nas_identifier=78a3517bfa54
wpa_passphrase=1225612256
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=AvngMesh
bridge=br-lan
mobility_domain=aaaa
ft_psk_generate_local=1
ft_over_ds=0
reassociation_deadline=1000
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK FT-PSK
okc=0
disable_pmksa_caching=1
bssid=78:a3:51:7b:fa:54
This is my config
Can you compare to your config say if there is some difference in parameters .
But why it always makes full handshake can it be because of my phone I have android 7
diff hostapd-phyX.conf
3a4
> basic_rates=60 120 240
5c6
< bridge=br-lan
---
> bridge=br-IoT
8a10
> chanlist=11
9a12,13
> config_id=ec24c2e360794d3055db2516551624fc
> country_code=<REDACTED>
13c17,21
< ft_over_ds=0
---
> driver=nl80211
> dtim_period=2
> dynamic_vlan=0
> ft_iface=br-IoT
> ft_over_ds=1
15c23,24
< ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]
---
> group_mgmt_cipher=AES-128-CMAC
> ht_capab=[HT40-][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935][DSSS_CCK-40]
16a26,27
> hw_mode=g
> ieee80211d=1
17a29
> ieee80211w=1
19c31,35
< interface=wlan0
---
> interface=wlan1
> logger_stdout=127
> logger_stdout_level=1
> logger_syslog=127
> logger_syslog_level=1
24a41
> radio_config_id=e73a97bcf552b8f445f7ae1d9f0d395a
25a43,44
> skip_inactivity_poll=0
> snoop_iface=br-IoT
26a46
> supported_rates=60 90 120 180 240 360 480 540
28a49,52
> vlan_file=/var/run/hostapd-wlan1.vlan
> vlan_naming=1
> vlan_no_bridge=1
> wds_bridge=
31,32c55,56
< wpa_disable_eapol_key_retries=0
< wpa_key_mgmt=WPA-PSK FT-PSK
---
> wpa_disable_eapol_key_retries=1
> wpa_key_mgmt=WPA-PSK FT-PSK WPA-PSK-SHA256
34a59
> wpa_psk_file=/var/run/hostapd-wlan1.psk
uci show wireless.radio1
wireless.radio1=wifi-device
wireless.radio1.type='mac80211'
wireless.radio1.hwmode='11g'
wireless.radio1.path='soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
wireless.radio1.country='<REDACTED>'
wireless.radio1.htmode='HT40'
wireless.radio1.txpower='8'
wireless.radio1.channel='11'
wireless.radio1.cell_density='0'
wireless.radio1.log_level='1'
uci show wireless.default_radio1
wireless.default_radio1=wifi-iface
wireless.default_radio1.device='radio1'
wireless.default_radio1.mode='ap'
wireless.default_radio1.encryption='psk2+ccmp'
wireless.default_radio1.ft_over_ds='1'
wireless.default_radio1.ft_psk_generate_local='1'
wireless.default_radio1.ieee80211r='1'
wireless.default_radio1.ieee80211w='1'
wireless.default_radio1.wpa_disable_eapol_key_retries='1'
wireless.default_radio1.key='<REDACTED>'
wireless.default_radio1.ssid='<REDACTED>'
wireless.default_radio1.network='IoT'
1 Like
Obviously in your hostapd config ft_over_ds is switched off.
My config is more complex, as I use radius authentication, but the setup in the ui should be as described here:
well i am starting to think maybe my smartphone doesnt support 802.11r
it is huawei nonor 6A
it roams good even if 802.11r is disabled but have the same SSID
Can it be possible that 802.11r simply doesnt work without RADIUS server ?
I don't have one I just use wpa-psk