Fast Roaming (802.11r) not working on client

The same software is installed on the same board. If I use a computer or mobile phone connect to the AP, the AP can work normally, but if the client also uses such a board, the client does not work.log as this:

Thu Mar 30 20:36:17 wpa_supplicant[1356]: Successfully initialized wpa_supplicant
Thu Mar 30 20:36:40 wpa_supplicant[1356]: wlan0: SME: Trying to authenticate with 07:30:21:b3:19:a4 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:36:40 wpa_supplicant[1356]: wlan0: Trying to associate with 07:30:21:b3:19:a4 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:36:40 wpa_supplicant[1356]: wlan0: Associated with 07:30:21:b3:19:a4
Thu Mar 30 20:36:40 wpa_supplicant[1356]: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Thu Mar 30 20:36:40 wpa_supplicant[1356]: wlan0: Unknown event 37
Thu Mar 30 20:36:41 wpa_supplicant[1356]: wlan0: WPA: Key negotiation completed with 07:30:21:b3:19:a4 [PTK=CCMP GTK=CCMP]
Thu Mar 30 20:36:41 wpa_supplicant[1356]: wlan0: CTRL-EVENT-CONNECTED - Connection to 07:30:21:b3:19:a4 completed [id=0 id_str=]
Thu Mar 30 20:36:41 wpa_supplicant[1356]: wlan0: Unknown event 37
Thu Mar 30 20:41:06 wpa_supplicant[1356]: wlan0: CTRL-EVENT-BEACON-LOSS
Thu Mar 30 20:41:08 wpa_supplicant[1356]: wlan0: WNM: Disassociation Imminent - Disassociation Timer 0
Thu Mar 30 20:41:08 wpa_supplicant[1356]: wlan0: WNM: Preferred List Available
Thu Mar 30 20:41:08 wpa_supplicant[1356]: wlan0: SME: Trying to authenticate with 07:30:21:b3:19:a3 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:41:08 wpa_supplicant[1356]: wlan0: CTRL-EVENT-AUTH-REJECT 07:30:21:b3:19:a3 auth_type=2 auth_transaction=2 status_code=53
Thu Mar 30 20:41:08 wpa_supplicant[1356]: BSSID 07:30:21:b3:19:a3 ignore list count incremented to 2, ignoring for 10 seconds
Thu Mar 30 20:41:08 wpa_supplicant[1356]: wlan0: SME: Trying to authenticate with 07:30:21:b3:19:a3 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:41:08 wpa_supplicant[1356]: wlan0: CTRL-EVENT-AUTH-REJECT 07:30:21:b3:19:a3 auth_type=2 auth_transaction=2 status_code=53
Thu Mar 30 20:41:08 wpa_supplicant[1356]: BSSID 07:30:21:b3:19:a3 ignore list count incremented to 2, ignoring for 10 seconds
Thu Mar 30 20:41:09 wpa_supplicant[1356]: wlan0: SME: Trying to authenticate with 07:30:21:b3:19:a3 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:41:09 wpa_supplicant[1356]: wlan0: CTRL-EVENT-AUTH-REJECT 07:30:21:b3:19:a3 auth_type=2 auth_transaction=2 status_code=53
Thu Mar 30 20:41:11 wpa_supplicant[1356]: wlan0: SME: Trying to authenticate with 07:30:21:b3:19:a4 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:41:12 wpa_supplicant[1356]: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="FTSSID" auth_failures=1 duration=10 reason=CONN_FAILED
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: CTRL-EVENT-SSID-REENABLED id=0 ssid="FTSSID"
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: SME: Trying to authenticate with 07:30:21:b3:19:a3 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: Trying to associate with 07:30:21:b3:19:a3 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: Associated with 07:30:21:b3:19:a3
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: Unknown event 37
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: WPA: Key negotiation completed with 07:30:21:b3:19:a3 [PTK=CCMP GTK=CCMP]
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: CTRL-EVENT-CONNECTED - Connection to 07:30:21:b3:19:a3 completed [id=0 id_str=]
Thu Mar 30 20:41:22 wpa_supplicant[1356]: wlan0: Unknown event 37
Thu Mar 30 20:42:08 wpa_supplicant[1356]: wlan0: WNM: Preferred List Available
Thu Mar 30 20:42:08 wpa_supplicant[1356]: wlan0: SME: Trying to authenticate with 07:30:21:b3:19:a4 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:42:08 2023 daemon.err wpa_supplicant[1356]: nl80211: kernel reports: key not allowed
Thu Mar 30 20:42:08 2023 daemon.warn wpa_supplicant[1356]: FT: Failed to set PTK to the driver
Thu Mar 30 20:42:08 wpa_supplicant[1356]: wlan0: Trying to associate with 07:30:21:b3:19:a4 (SSID='FTSSID' freq=2412 MHz)
Thu Mar 30 20:42:08 wpa_supplicant[1356]: wlan0: Associated with 07:30:21:b3:19:a4
Thu Mar 30 20:42:08 wpa_supplicant[1356]: wlan0: WPA: Key negotiation completed with 07:30:21:b3:19:a4 [PTK=CCMP GTK=CCMP]
Thu Mar 30 20:42:08 wpa_supplicant[1356]: wlan0: CTRL-EVENT-CONNECTED - Connection to 07:30:21:b3:19:a4 completed [id=0 id_str=]
Thu Mar 30 20:42:08 wpa_supplicant[1356]: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0

What ‘client’ is having difficulty connecting?

Many devices don’t work well with 802.11r enabled. Even if they claim to support the standard, it is not uncommon for there to be problems.

It is often best to turn off fast roaming and ensure that you have optimized the APs for traditional roaming (i.e. not using 802.11k/r/v). Once that is known to work well, you can try working with fast roaming to see if you can fix the problem.

Meanwhile, your logs are not readable…

Please use the "Preformatted text </>" button for logs, scripts, configs and general console output.
grafik
Please edit your post accordingly. Thank you! :slight_smile:

How did Tradingal Roaming achieve? I don't know this too much

Traditional roaming means that you are not using 802.11k/r/v. Instead, you simply have multiple APs located around your space, and the client devices will automatically roam from one to the next as they see fit (roaming is actually a client side process).

It is recommended that you spend some effort tuning the APs for best roaming performance. This video from Crosstalk Solutions explains the concepts very well (the concepts apply equally to all wifi APs, but the video explains how to do it in Unifi).

I tried the situation of multiple APs and found that when CLIENT moved from one AP to another AP, there would always be 1S to 10S traffic interruption throughout the process.

1 Like

That is unusually long. Let’s see a diagram of your topology and the configs from each of the APs.

Each AP's SSID is openwrt. The security algorithm is: WPA WPA2 Mixed, no other special configuration anymore

Do you have devices that actually need WPA?

Could you post your wireless configs here for us to review?

Also, is each AP running on a different channel? From your client log it looks like you associated with an AP on channel 1, then 5 seconds (or so) later you moved to another location and then failed to reauth to a second AP, but also on channel 1. Then after 16 seconds it finally associated to the second AP.

Are all APs wired? What are the APs (brand/model)? Are they using the lan or wan ports for their uplink?

Let’s take a look at the configs for the router and ap1

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Each AP uses channel 1, moving AP has been moving one -way from the AP1 AP2 AP3 AP4 path。

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option band '2g'
        option htmode 'HT20'
        option disabled '0'
        option cell_density '0'
        option txpower '6'
        option channel '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'FTSSID'
        option encryption 'psk-mixed'
        option ieee80211r '1'
        option ieee80211k '1'
        option ieee80211v '1'
        option bss_transition '1'
        option wnm_sleep_mode '1'
        option time_advertisement '2'
        option time_zone 'GMT0'
        option ft_psk_generate_local '1'
        option ft_over_ds '0'
        option pmk_r1_push '1'
        option mobility_domain '5555'
        option nasid 'FEE555555555'
        option reassociation_deadline '30000'
        option key '11111111'

NO Wan interface,eth1、eth0 and wlan0 are added to br-lan,route eth1 is wan,eth0 and wlan0 are added to br-lan ,Because it did not work properly, the environment was removed by me.

I should only use WPA2-PSK, right?

Wlan should never be included in the network file.

Please post the complete files as requested earlier.

On the wifi, you’ve got a lot of stuff there with 802.11k,r,v and PSK-mixed. I’m not sure if psk-mixed is compatible with 802.11r. I’d suggest only using wpa2 (psk) or wpa3 (sae). Don’t use wpa2/wpa3 mixed mode (sae-mixed).

I’d highly recommend removing all of the k/r/v related items and starting with the basic roaming as I was describing earlier.

Ouch! In addition to the recommendations @psherman left for you, I would strongly encourage you to re-think your channel strategy. If each AP is using channel 1, you are creating a mess for yourself with channel interference.

For 2.4ghz @ HT20, you will want to stick to channels 1, 6, and 11 to avoid any overlap. However, this is tricky with a fourth AP, so you will need to consider your placement and txpower levels carefully. Your fourth AP will have to share channel 1, 6, or 11 with one of your other APs. If you don't mitigate channel overlap with placement and TX power, you're going to be better off with just three APs.

For more explanation and tips, see here:
https://www.extremenetworks.com/extreme-networks-blog/2-4-ghz-channel-planning/

This graphic from the above link demonstrates what I was explaining above:

Unless you have a device that explicitly needs WPA, you should only use WPA2, or better yet, WPA3. But if your devices don't support WPA3 (sae), then I would change your encryption to psk2+ccmp explicitly.

ROUTER:


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd23:1584:221d::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '11.1.1.1'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth1'```

AP:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd23:1584:221d::/48'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '11.1.1.2'

This will likely cause problems since it is not an RFC1918 address. I’d recommend 10.1.1.1 (not 11.1.1.1)

Same deal here.. use 10.1.1.2

ok,i will modify it,this is a private network,do not connect to internet

Oh… this changes things considerably…

Depending on the device, you may find that the delay in connecting is related to the fact that you’re not actually connected to the intent. Many systems, especially mobile phones, will test for internet connectivity and when it doesn’t find a route to the internet via the wifi network, it may take extra time to connect (and may also prompt you to confirm that you actually want to connect to the (non-internet connected) network.

1 Like

Isn't it also true that (due to lack of connectivity to NTP hosts) @ggsn's APs may be out of sync on time, and this could also be causing issues, especially for 802.11v? I could be mistaken on the impact of time sync on the wireless connectivity.

1 Like