Hey there!
Sorry for not responding earlier, I was a little busy over last view days.
The syslog contains lots of "kernel reports: key addition failed", which "the internet" claims as "is showing up but seems to work anyway, so don't care". This is basically what I wanted to confirm by tcpdumping.
I was trying "Ubiquiti Inc. WiFiman" on android while running around. There's a distinction between "disconnected" and "roaming" when switching from one AP to another within this app. I can run a constant ping command from one of my non-wifi devices that barely uses a single ping when switching form one AP to another. Roaming is noticable slower (read: takes time to reconnect) when 802.11r is turned off in all my APs. That's why I suspect 802.11r is running and used.
Walking through the house
This morning I turned on my smart phone and walked around in order to get some coffee. This is how things connected.
Here's my my AP number 7.
This is the one I was next to when I turned on my phone.
There's a 4-way handshake happening.
Wed Mar 2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: authenticated
Wed Mar 2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar 2 08:51:14 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7
Wed Mar 2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 RADIUS: starting accounting session FF555B1E6F651B18
Wed Mar 2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 WPA: pairwise key handshake completed (RSN)
Wed Mar 2 08:51:14 2022 daemon.notice hostapd: wlan1-2: EAPOL-4WAY-HS-COMPLETED 01:a1:a1:27:1a:c7
Wed Mar 2 08:56:00 2022 daemon.notice hostapd: wlan1-2: AP-STA-DISCONNECTED 01:a1:a1:27:1a:c7
Wed Mar 2 08:56:01 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar 2 08:56:01 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar 2 08:56:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
On my road to coffee I passed AP number 5. No 4-way handshake here.
Wed Mar 2 08:52:15 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar 2 08:52:15 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar 2 08:52:15 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7
The AP number 11 is close to the coffee machine. No 4-way here as well.
Wed Mar 2 08:52:25 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar 2 08:52:25 2022 daemon.info hostapd: wlan0-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar 2 08:52:25 2022 daemon.notice hostapd: wlan0-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7
The my travel back passing AP number 5 once again.
Wed Mar 2 08:55:10 2022 daemon.notice hostapd: wlan1-2: AP-STA-DISCONNECTED 01:a1:a1:27:1a:c7
Wed Mar 2 08:55:10 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar 2 08:55:10 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar 2 08:55:10 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7
I started workings close to my access point number 1.
Wed Mar 2 08:56:01 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar 2 08:56:01 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 2)
Wed Mar 2 08:56:01 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7
Configuration
All access points share a common vlan 1 where every AP has an individual IP but no wireless is attached.
All access points share a common vlan 72 where no AP has an IP but where equally configured wireless networks are attached.
Router
That's a banana PI with no wifi.
/etc/config/network
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.254.0'
option delegate '0'
config interface 'stephan'
option ifname 'eth0.72'
option type 'bridge'
option proto 'static'
option ipaddr '10.72.0.1'
option netmask '255.255.255.0'
AP 7
This one is a Belkin RT3200 running SNAPSHOT r18953-b9251e3b40.
/etc/config/network
config interface 'lan'
option proto 'static'
option gateway '10.0.0.1'
list dns '10.0.0.1'
option device 'br-lan.1'
option delegate '0'
option netmask '255.255.254.0'
option ipaddr '10.0.1.7'
config interface 'stephan'
option device 'br-lan.72'
option proto 'none'
option force_link '1'
option defaultroute '0'
option peerdns '0'
option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option channel '5'
option country 'DE'
option distance '10'
option beacon_int '300'
option logger_syslog_level '1'
option log_level '1'
option txpower '9'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option htmode 'HE80'
option country 'DE'
option cell_density '0'
option channel '124'
option logger_syslog_level '1'
option log_level '1'
config wifi-iface 'wifinet2'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio0'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid '81a5fb6eaf9d360b619c0704fc63eb82'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
config wifi-iface 'wifinet8'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio1'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid 'f8e0d11599b1a8a5f3d042076ac6901f'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
AP 5
This one is a TP-Link 4900 running 21.02.1 r16325-88151b8303.
/etc/config/network
config interface 'lan'
option proto 'static'
option gateway '10.0.0.5'
list dns '10.0.0.1'
option device 'br-lan.1'
option delegate '0'
option netmask '255.255.254.0'
option ipaddr '10.0.1.11'
config interface 'stephan'
option device 'br-lan.72'
option proto 'none'
option force_link '1'
option defaultroute '0'
option peerdns '0'
option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0'
option cell_density '0'
option htmode 'HT40'
option country 'DE'
option channel '44'
option logger_syslog_level '1'
option log_level '1'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0'
option htmode 'HT20'
option cell_density '0'
option country 'DE'
option distance '10'
option beacon_int '300'
option channel '9'
option logger_syslog_level '1'
option log_level '1'
option txpower '9'
config wifi-iface 'wifinet2'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio0'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid '93dbc85f871be4ae7f079a963e8059b6'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
config wifi-iface 'wifinet8'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio1'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid '69b27a9a3b41e7936e9d18df92744cd4'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
AP 11
This one is a TP-Link 4900 running 21.02.1 r16325-88151b8303.
/etc/config/network
config interface 'lan'
option proto 'static'
option gateway '10.0.0.1'
list dns '10.0.0.1'
option device 'br-lan.1'
option delegate '0'
option netmask '255.255.254.0'
option ipaddr '10.0.1.11'
config interface 'stephan'
option device 'br-lan.72'
option proto 'none'
option force_link '1'
option defaultroute '0'
option peerdns '0'
option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0'
option cell_density '0'
option country 'DE'
option htmode 'HT40'
option logger_syslog_level '1'
option channel '136'
option log_level '1'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0'
option htmode 'HT20'
option country 'DE'
option cell_density '0'
option beacon_int '300'
option channel '13'
option distance '5'
option logger_syslog_level '1'
option log_level '1'
option txpower '9'
config wifi-iface 'wifinet2'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio0'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid '056cfa288e0e450325c756bee76cb795'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
config wifi-iface 'wifinet8'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio1'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid '2bf39786782d30017b3abbf3f3a3eab0'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
AP 1
This one is a Belkin RT3200 running SNAPSHOT r18953-b9251e3b40.
/etc/config/network
config interface 'lan'
option proto 'static'
option gateway '10.0.0.1'
list dns '10.0.0.1'
option device 'br-lan.1'
option delegate '0'
option netmask '255.255.254.0'
option ipaddr '10.0.1.1'
config interface 'stephan'
option device 'br-lan.72'
option proto 'none'
option force_link '1'
option defaultroute '0'
option peerdns '0'
option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option country 'DE'
option beacon_int '300'
option distance '5'
option disabled '0'
option logger_syslog_level '1'
option log_level '1'
option txpower '9'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option htmode 'HE80'
option country 'DE'
option cell_density '0'
option channel '112'
option disabled '0'
option logger_syslog_level '1'
option log_level '1'
config wifi-iface 'wifinet2'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio0'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid 'd87d64420cb4c5fc2fde22769bed615c'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
config wifi-iface 'wifinet8'
option ssid 'stephan-wifi'
option key 'redacted-key'
option network 'stephan'
option device 'radio1'
option hidden '0'
option mode 'ap'
option encryption 'psk-mixed'
option short_preamble '1'
option disassoc_low_ack '1'
option ieee80211k '1'
option rrm_neighbor_report '1'
option rrm_beacon_report '1'
option ieee80211r '1'
option mobility_domain '0c62'
option nasid '5870c6e77ebf73c9b492748a04514c6f'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option time_advertisement '1'
option bss_transition '1'
Regards,
Stephan.