Problem with PMKSA cache usage when roaming
tilman.schoop at dsa-ac.de
Mon Sep 17 07:48:37 EDT 2007
I have seen a strange behaviour when examining the roaming in
a WPA2 environment.
There are two phenomena:
1) no pmkid is sent during roaming reassociation telegram
2) the same pmkid (appearing in log as pmkid of one of the
two access points) is sent with both (Re)association requests
to the different APs.
I can reconstruct this behaviour in the following environment:
There are 2 Cisco access points and I test the roaming with a
client using ipw driver (alternatively using a laptop with
hostap driver in host_roaming=0 mode) and a wpa2 configuration
(wpa_supplicant is V0.5.7).
The access points are located so close to eachother that
I can see both access points in the scan_results.
To replay the first case of the above mentioned:
I start wpa_supplicant when radio is in range and
roam between the APs without loosing the connection.
=> every roaming leads to a full WPA2 authentication
To replay the second case of the above mentioned:
When I leave the radio area and get disconnected, then
going back to reconnect to AP1, afterwards
I see that pmkid is sent in the Reassociation telegrams,
but every roaming the sent pmkid is the same. So then,
the roaming from AP2 to AP1 goes fast (because the pmkid
pertains to AP1), but when going from AP1 to AP2, this
one does not accept the pmkid (of course, it is pmkid
of AP1) and does a full authentification.
=> every roaming from AP1 to AP2 leads to a full WPA2 authentication
If I test with only one AP and get disconnected and connected again
the pmksa caching is used to do a fast reauthentication.
Has anyone seen this behaviour?
is it a problem on the client side or with the AP configuration?
how can I configure this to get a smart/fast/lossless roaming?
I suspect a wrong cache behavior of wpa_supplicant, when
there is no CTRL-EVENT-DISCONNECTED, and driver asyncronically
signals "Associated to new AP". Any ideas?
More information about the HostAP