<div dir="ltr"><font face="monospace">Hi,</font><div><font face="monospace"><br></font></div><div><font face="monospace">I have been working on 802.11r (Fast Transitions) for two weeks and I would like to share with you some doubts.</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">First of all I will describe the test scenario employed:</font></div><div><font face="monospace"><br></font></div><div><font face="monospace"> Channel 1 Channel 11</font></div><div><font face="monospace"> </font><span style="font-family:monospace">--------- </span><span style="font-family:monospace">---------</span></div><div><font face="monospace"> </font><span style="font-family:monospace">| AP1 | --------> </span><span style="font-family:monospace">| AP2 |</span></div><div><font face="monospace"> --------- </font><span style="font-family:monospace">---------</span></div><div><span style="font-family:monospace"> |</span></div><div><div><font face="monospace"> ----</font></div><div><font face="monospace"> | |</font></div><div><font face="monospace"> </font><span style="font-family:monospace">| |</span></div><div><span style="font-family:monospace"> ----</span></div><div> <font face="monospace"> Device</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">The scenario consists on two AP (identical) and a mobile device (iPhone 5 with iOS 7). I try to connect the device to the AP1 and move it to the AP2 using FT. I was able to make it run with PSK authentication but not with EAP.</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">The AP's configurations are the followings (for EAP case)</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">AP1</font></div><div><font face="monospace">---</font></div><div><font face="monospace"><div>bss=wlan0</div><div>ctrl_interface=/var/run/hostapd-phy0</div><div>ap_isolate=1</div><div>disassoc_low_ack=1</div><div>preamble=1</div><div>auth_server_addr=OMITTED_PER_SECURITY</div><div>auth_server_port=OMITTED_PER_SECURITY</div></font><font face="monospace"><div>auth_server_shared_secret=OMITTED_PER_SECURITY</div></font><font face="monospace"><div>disable_pmksa_caching=1</div><div>okc=0</div><div>acct_server_addr=OMITTED_PER_SECURITY</div></font><font face="monospace"><div>acct_server_port=OMITTED_PER_SECURITY</div></font><font face="monospace"><div>acct_server_shared_secret=OMITTED_PER_SECURITY</div></font><font face="monospace"><div>nas_identifier=<a href="http://ap1.example.com">ap1.example.com</a></div><div>eapol_key_index_workaround=1</div><div>ieee8021x=1</div><div>wpa_key_mgmt=FT-EAP</div><div>ft_over_ds=0</div><div>mobility_domain=a1b2</div><div>r0_key_lifetime=10000</div><div>r1_key_holder=000102030405</div><div>reassociation_deadline=1000</div><div>r0kh=BB:BB:BB:BB:BB:BB <a href="http://ap2.example.com">ap2.example.com</a> 000102030405060708090a0b0c0d0e0f</div></font><font face="monospace"><div>r1kh=BB:BB:BB:BB:BB:BB 00:01:02:03:04:06 000102030405060708090a0b0c0d0e0f</div><div>auth_algs=1</div><div>wpa=2</div><div>wpa_pairwise=CCMP</div><div>ssid=TestSSID</div><div>wmm_enabled=1</div><div>bssid=aa:aa:aa:aa:aa:aa</div></font><font face="monospace"><div>ignore_broadcast_ssid=0</div></font></div><div><font face="monospace"><br></font></div><div><font face="monospace"><br></font></div><div><font face="monospace">AP2</font></div><div><font face="monospace">---</font></div><div><font face="monospace"><div>bss=wlan0</div><div>ctrl_interface=/var/run/hostapd-phy0</div><div>ap_isolate=1</div><div>disassoc_low_ack=1</div><div>preamble=1</div><div>auth_server_addr=OMITTED_PER_SECURITY</div><div>auth_server_port=OMITTED_PER_SECURITY</div></font><font face="monospace">auth_server_shared_secret=OMITTED_PER_SECURITY</font><font face="monospace"><div>disable_pmksa_caching=1</div><div>okc=0</div><div>acct_server_addr=OMITTED_PER_SECURITY</div></font><font face="monospace">acct_server_port=OMITTED_PER_SECURITY</font></div><div><font face="monospace">acct_server_shared_secret=OMITTED_PER_SECURITY</font><font face="monospace"><div>nas_identifier=<a href="http://ap2.example.com">ap2.example.com</a></div><div>eapol_key_index_workaround=1</div><div>ieee8021x=1</div><div>wpa_key_mgmt=FT-EAP</div><div>ft_over_ds=0</div><div>mobility_domain=a1b2</div><div>r0_key_lifetime=10000</div><div>r1_key_holder=000102030406</div><div>reassociation_deadline=1000</div><div>r0kh=AA:AA:AA:AA:AA:AA <a href="http://ap1.example.com">ap1.example.com</a> 000102030405060708090a0b0c0d0e0f</div></font><font face="monospace"><div>r1kh=AA:AA:AA:AA:AA:AA 00:01:02:03:04:05 000102030405060708090a0b0c0d0e0f</div><div>auth_algs=1</div><div>wpa=2</div><div>wpa_pairwise=CCMP</div><div>ssid=TestSSID</div><div>wmm_enabled=1</div><div>bssid=bb:bb:bb:bb:bb:bb<br><font face="monospace">ignore_broadcast_ssid=0</font></div><div><font face="monospace"><br></font></div><div><font face="monospace"><br></font></div><div><font face="monospace">With these configurations I can see (in Wireshark) how the mobile device sends authentication messages (with "RSN Information", "Mobility Domain" and "Fast Transition" fileds) to the AP2 when it moves away from the AP1 but the mobile device never starts to send traffic through this AP2.</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">I throw some questions:<br></font></div><div><font face="monospace"><div>- ¿Which could be the problem with 11r and EAP (described scenario/configuration)?</div><div><br></div><div>- ¿There is any dependency of 11r with 11i? That is to say, ¿must be enabled some characteristic of 11i to make 11r run?</div><div><br></div><div>- I have also noticed that old devices are not able to connect to a network working with 11r, ¿that is right? ¿Is there any solution to allow old devices to connect to a SSID which supports 11r?</div></font></div><div><br></div><div><br></div><div>Thank you in advance for the support.</div><div><span style="font-family:arial"><br></span></div><div><span style="font-family:arial">-- </span><br></div></font></div><div><div dir="ltr"><font color="#999999">Adrián Morán Montes<br><i>Research & Development Engineer</i></font><br></div></div>
</div></div>