Some devices would not connect to an AP with 11r enabled

I enabled 11r on a single AP in preparation to deploy a second one, but then immediately noticed that a few Samsung devices would no longer connect to it. I assumed that 11r is just an addition, so if a device does not support 11r then it would still be able to connect the old away. Is my experience expected? Just a single AP with 11r enabled and a Samsung phone does not connect any more with an authentication error. An Apple device has no issues connecting. No actual roaming is involved yet, because there is not second AP.

That is a known interoperability issue (such as WPA3/WPA2 mixed mode often being problematic) on the client side. It's a bug, but not fixable on the AP side - if you are faced with affected devices, you won't be able to use 802.11r until the affected clients are either updated/ fixed or replaced.

Commercial mesh systems usually avoid 802.11r for exactly this reason.


Thx, so if 11r is not an option for me, what is then an alternative protocol/approach to make several AP's behave mesh-like?

1 Like

There isn't really any (except for 802.11r). Commercial mesh systems usually use a proprietary dæmon deauthenticating clients connected to the 'wrong' (in the mind of the mesh system) band or AP, similar to what luci-app-dawn is claiming to do (details are left to implementation, it's merely a policy decision).

802.11r only reduces handover times, avoiding the full handshake by handing over the existing authentification. For interactive (soft realtime-) tasks this is working, if all involved APs and clients support it, it is an opt-in feature on both ends. Sadly quite a few client implementations break badly if they see something they don't understand (such as 802.11r, 802.11w or SAE), despite those features being optional and clearly covered by the specifications (often for years already, just not very commonly found in the wild).

Seems like a trip down a rabbit hole to make it work. Probably buying a set of eero’s to handle the task.

With WPA3 802.11r is becoming even more of a problem (many clients really don't like that combination, even if they deal with wpa2+802.11r well).

Interesting: I do have wpa2/wpa3 mode enabled and everything was working fine until 11r was added. I will try wpa2 with 11r later.

So I had a chance to try 11r with WPA2 only and the same devices connected happily (those that could not connect to 11r with WPA2/WPA3) to an R7800.
Having said that, I cannot rule out OpenWrt as the source of the issue here. I have a toy ipq40xx (GL-B1300) and when I set it up with WPA2/WPA3 (non-ct) only (no 11r) then none of my devices could connect to it. There are still issues with WPA3 support in OpenWrt, which might be interfering with 11r on some devices or not working properly on others.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.