802.11r Fast Transition how to understand that FT works?

Tbh, I never checked that way :slight_smile:

I used wifi analyzer to verify the radio advertising FT - it's up to the client to do the actual transition anyway.

2 Likes

What kind of wife analyzer that can shows FT advertise ?
I use this one it is called ping tools pro

com.vrem.wifianalyzer @ Google store.


Can you tell wich one ?
The first one ?

wifianalyzer is one word, that's why you get several hits.
It's the green one (the 1st two are ads).



But where do I see that FT works ? It just shows usual parameters

+FT as an attribute would suggest it works, for an AP point of view.

1 Like

Oh and that is all , I thought it is going to show more , but thank you anyway , this programm shows that AP supports FT , I just wanted to be sure that FT really works after going through all the points once , as I know after rebooting first time handshake is longer than other times , that is why I want to find a way to be sure that FT works perfectly, my log shows 4 way handshake all the time

In the AP logs you should see entries like this:

WPA: FT authentication already completed - do not start 4-way handshake

Walking around with the phone, you should see in Wifi Analizer that the highlighted network (the one the phone is currently associated to) keeps the same SSID, but different MAC address and -possibly- channel.

Starting a Ping from a terminal console to your local gateway (or to a host in your network) you should lose just a few packets while roaming

1 Like


On each router the same SSID but deferent BSSID
Also you can see all 3 signals have the same name (SSID)on the screenshot earlier , but
I don't have

WPA: FT authentication already completed - do not start 4-way handshake

In my log file. What did a wrong I don't know and I don't know how to figure it out

I would try to set "generate pmk locally" on first.
Make sure mobility domain is the same on all APs.
Then you could try to separate the channels.
Apparently the signal levels are pretty close from the screenshot you posted.
It's up to the client choosing if and where to roam to.

1 Like


They are on the same channel (11)
Mobility domane is the same

A Grand Prime also displays + FT and fails to connect.

You may need to increase the log verbosity, see:

Here what a the log would look like:

Fast transition log
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: binding station to interface 'wlan0'
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authentication OK (FT)
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-AUTHENTICATE.indication(xx:xx:xx:xx:xx:xx, FT)
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: association OK (aid 3)
Thu Nov  4 10:37:42 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 3)
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-REASSOCIATE.indication(xx:xx:xx:xx:xx:xx)
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: binding station to interface 'wlan0'
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 6 notification
Thu Nov  4 10:37:42 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: FT authentication already completed - do not start 4-way handshake

(note: I may have extra logs as I have some custom build options)


Edit: after reading your log again, it seems it is not working for you, as it performs a complete handshake:

OP logs
Wed Nov  3 21:48:46 2021 daemon.notice hostapd: wlan0: AP-STA-DISCONNECTED 70:8a:09:df:f1:bc
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: authentication OK (open system)
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: event 0 notification
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-AUTHENTICATE.indication(70:8a:09:df:f1:bc, OPEN_SYSTEM)
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-DELETEKEYS.request(70:8a:09:df:f1:bc)
Wed Nov  3 21:48:46 2021 daemon.info hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: authenticated
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: association OK (aid 1)
Wed Nov  3 21:48:46 2021 daemon.info hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: associated (aid 1)
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-REASSOCIATE.indication(70:8a:09:df:f1:bc)
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc MLME: MLME-DELETEKEYS.request(70:8a:09:df:f1:bc)
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc IEEE 802.11: binding station to interface 'wlan0'
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: event 1 notification
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: sending 1/4 msg of 4-Way Handshake
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: received EAPOL-Key frame (2/4 Pairwise)
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: sending 3/4 msg of 4-Way Handshake
Wed Nov  3 21:48:46 2021 daemon.debug hostapd: wlan0: STA 70:8a:09:df:f1:bc WPA: received EAPOL-Key frame (4/4 Pairwise)
1 Like

On a side note, I believe you should not use same/overlapping channels between your APs, STAs will otherwise compete for air time, and hinder performance.

On the 2 GHz band, spreading your APs between the 1/6/11 channels is a common practice (those 3 channels do not overlap).

2 Likes

I did these commands to set up the level of log to 1

root@ap10:~# cat /var/run/hostapd-phy0.conf                                            driver=nl80211                                                                         logger_syslog=127                                                                      logger_syslog_level=1                                                                  logger_stdout=127                                                                      logger_stdout_level=1                                                                  country_code=RU                                                                        ieee80211d=1                                                                           hw_mode=g
beacon_int=100
channel=11



ieee80211n=1
ht_coex=0
ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
nas_identifier=78a3517bfa54
wpa_passphrase=1225612256
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=AvngMesh
bridge=br-lan
mobility_domain=aaaa
ft_psk_generate_local=1
ft_over_ds=0
reassociation_deadline=1000
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK FT-PSK
okc=0
disable_pmksa_caching=1
bssid=78:a3:51:7b:fa:54

This is my config
Can you compare to your config say if there is some difference in parameters .
But why it always makes full handshake can it be because of my phone I have android 7

diff hostapd-phyX.conf
3a4
> basic_rates=60 120 240
5c6
< bridge=br-lan
---
> bridge=br-IoT
8a10
> chanlist=11
9a12,13
> config_id=ec24c2e360794d3055db2516551624fc
> country_code=<REDACTED>
13c17,21
< ft_over_ds=0
---
> driver=nl80211
> dtim_period=2
> dynamic_vlan=0
> ft_iface=br-IoT
> ft_over_ds=1
15c23,24
< ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]
---
> group_mgmt_cipher=AES-128-CMAC
> ht_capab=[HT40-][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935][DSSS_CCK-40]
16a26,27
> hw_mode=g
> ieee80211d=1
17a29
> ieee80211w=1
19c31,35
< interface=wlan0
---
> interface=wlan1
> logger_stdout=127
> logger_stdout_level=1
> logger_syslog=127
> logger_syslog_level=1
24a41
> radio_config_id=e73a97bcf552b8f445f7ae1d9f0d395a
25a43,44
> skip_inactivity_poll=0
> snoop_iface=br-IoT
26a46
> supported_rates=60 90 120 180 240 360 480 540
28a49,52
> vlan_file=/var/run/hostapd-wlan1.vlan
> vlan_naming=1
> vlan_no_bridge=1
> wds_bridge=
31,32c55,56
< wpa_disable_eapol_key_retries=0
< wpa_key_mgmt=WPA-PSK FT-PSK
---
> wpa_disable_eapol_key_retries=1
> wpa_key_mgmt=WPA-PSK FT-PSK WPA-PSK-SHA256
34a59
> wpa_psk_file=/var/run/hostapd-wlan1.psk
uci show wireless.radio1
wireless.radio1=wifi-device
wireless.radio1.type='mac80211'
wireless.radio1.hwmode='11g'
wireless.radio1.path='soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
wireless.radio1.country='<REDACTED>'
wireless.radio1.htmode='HT40'
wireless.radio1.txpower='8'
wireless.radio1.channel='11'
wireless.radio1.cell_density='0'
wireless.radio1.log_level='1'
uci show wireless.default_radio1
wireless.default_radio1=wifi-iface
wireless.default_radio1.device='radio1'
wireless.default_radio1.mode='ap'
wireless.default_radio1.encryption='psk2+ccmp'
wireless.default_radio1.ft_over_ds='1'
wireless.default_radio1.ft_psk_generate_local='1'
wireless.default_radio1.ieee80211r='1'
wireless.default_radio1.ieee80211w='1'
wireless.default_radio1.wpa_disable_eapol_key_retries='1'
wireless.default_radio1.key='<REDACTED>'
wireless.default_radio1.ssid='<REDACTED>'
wireless.default_radio1.network='IoT'
1 Like

Obviously in your hostapd config ft_over_ds is switched off.

My config is more complex, as I use radius authentication, but the setup in the ui should be as described here:

well i am starting to think maybe my smartphone doesnt support 802.11r
it is huawei nonor 6A
it roams good even if 802.11r is disabled but have the same SSID

Can it be possible that 802.11r simply doesnt work without RADIUS server ?
I don't have one I just use wpa-psk