I've done some cursory research around the topic and have not come up with a definitive answer. This was even looked into on this forum back in 2019 and it was determined that multiple SSIDs and 802.11r on a single radio were not yet possible. Does anyone know if multiple SSIDs running 802.11r is now possible on a single radio? If so, does each SSID need it's own Mobility Domain? Or should they be the same on a common radio?
i have the exact same question now in 2024 with Version 23.05.2 … so many tutorials are misleading and its hard to wrap the head around
My Situation:
Router7530 with DSL
AP1200a eth backbone to Router
AX6000 eth backbone to Router AND batman mesh to AP1200b (2.4Ghz)
AP1200b mesh backbone to AX6000 (2.4Ghz)
Every device has VLANs, 2.4 Ghz and 5Ghz active, and the SSIDs are the following:
2.4Ghz
SSID: Black (goes to VLAN lan)
SSID: White (goes to Guest lan)
SSID: IOT (goes to IoT lan)
5Ghz
SSID: Black (goes to VLAN lan)
SSID: White (goes to Guest lan)
SSID: IOT (goes to IoT lan)
All have WPA2 and WPA3 mixed mode, each SSID Group (Black+Black times 4) has it the same password of course
everything is kept or reverted to default other than:
- KRACK enabled
- 802.11r Fast Transition enabled
(FT protocol: FT over the Air, still default)
(802.11w Management Frame Protection still default on Optional)
The questions:
do we need still need to set the following things and if so, HOW? per SSID Group or Radio Frequency Group?
- NAS ID
- Mobility Domain
- Reassociation Deadline
- anything else?
My Problem:
2 iPhones, 2 MacBooks, 1 AppleTV, 3 Homepods, 2 Watches, 1 iPad etc are working fine
But 1 Pad doesn't want to connect anymore…
resetting the network or restarting everything incl. iPad didn't help
I really want to understand 802.11r and test it out, monitor and optimize my network
thanks in advance
the "newest" information I could find:
TLDR: starting with OpenWrt 22.03, when not using WPA3, all you need to do to make FT work is to enable 802.11r from LuCI (
option ieee80211r '1'in/etc/config/wireless). With WPA3, including mixed mode, you must disable "Generate PMK locally" in LuCI (option ft_psk_generate_local '0'in/etc/config/wireless).
With current snapshots, the Generate PMK locally option will be automatically disabled when using WPA3, and will not even show up in LuCI.
Did this start after you implemented WPA2 and WPA3 mixed mode?
no, I had mixed mode from the beginning, when dived into the rabbit hole of openwrt and flashed my first router
everything was fine, I extended more and more and suddenly its not working, last day I could go to AX6000 room and connect successfully, maybe its working, will try now…
update nope, not working anymore, iPad can't connect to any of the 4 APs, everything else is connected during the same time
update2 I deactivated 802.11r on AP1200a, for SSID Black on 2.4&5Ghz, standing next to it, the iPad connected!
Any chance you changed the cipher?
How old is the Ipad?
I had issues with a 5 year old iPad when using mixed mode.
And some, really old, Apple products cannot handle long passwords.
iPad 9. Gen, modern enough
when I deactivate FT on AP1200a its working, see update above
And the cipher?
untouched! double and tripled checked
So, it is having trouble with roaming on that AP.
See if it connects when far enough it should choose another AP.
i walked through the house, no AP could connect, so if I deactivate FT everywhere, I think It will work, will investigate further
any idea how to track monitor read this debugging session?
You can look at the system log of the AP1200a and look at the handshake, then enable fast transition and watch it fail.
You might get somewhere if you forget the APs and try to connect to them with FT on.
1 Like
You can have multiple SSIDs running 802.11r with 23.05. There is no need to set mobility domain IDs or key holders, or anything else. The defaults should just work. The only thing you need to check is that if you are using WPA3/SAE (or WPA3-mixed), you must disable "Generate PMK locally" in LuCI (option ft_psk_generate_local '0' in /etc/config/wireless).
Edit:
I missed Reassociation Deadline issue.
There is a recommendation--from Cisco documentation--to set Reassociation Deadline to 20000, to mitigate problems with Apple devices. This is not related to multiple SSIDs, but it may help connectivity problem with Apple devices. Another thing that may be useful, not really related to 802.11r, is to enable WNM Sleep Mode.
1 Like
this is not in my wireless config, I checked, where exactly should I put it?
the one post from above that I quoted stated, that this option isn't visible through Luci, but I still have to set it manually?
Are you running snapshot or 23.05?
23.05.02, i don't think its snapshot
Answering your question now: under config wifi-iface, along with your SSID configuration.
1 Like
so I put this on all 4 APs, activate 802.11r everywhere again and keep EVERYTHING at default, because it just should work 
right?
config wifi-iface 'wifinet3'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'xx'
option encryption 'sae-mixed'
option key '#################'
option ieee80211r '1'
option ft_generate_local '0'
option reassociation_deadline '20000'
option wnm_sleep_mode '1'
option disassoc_low_ack '0'
Disabling dissassoc_low_ack is another thing to try. I usually turn it off outside of the guest wifi.
1 Like
I put this into the config under every wifi-iface on every AP and save the config. how to apply? reboot or restart something?
ok i will start with setting by setting, not everything all at once