Roaming/FT unexpected behaviour on 7.13.3

ips · Tue Jan 30, 2024 1:10 pm

Not sure if "Wireless Networking" is the right forum.
However, I've recently posted (viewtopic.php?p=1052092#p1051984) about a strange behaviour that happened when roaming a couple of Android smartphones between hAP ax3 and hAP ax lite (on 7.13.3, not tested before). Basically, the smartphone successfully roams from one AP to the other one but, after exactly 10s it disconnects and reconnects after 2-3s. (Please see that post, and the following ones for details and full config of the APs.) My impression was that the connection was not working well/at all after roaming and before disconnection/reconnection (but I was not able to thoroughly test that). In any case, my user experience was not satisfactory.
After those messages I tried to explicitly disable FT to see if the user experience was acceptable without fast transition and, to my great surprise, roaming now works perfectly.

For the user point of view, I am satisfied with the current situation, but I am curious to delve deeper into the question to understand why it works.

Current config (CAPsMAN and /interface/wifi only):

/interface wifi security
add authentication-types=wpa2-psk connect-priority=0/1 disable-pmkid=no disabled=no ft=no ft-over-ds=\
    no name=wifisec_FT wps=disable
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ac .frequency=5170-5250 .skip-dfs-channels=all \
    .width=20/40mhz-Ce configuration=wificonf_FT configuration.mode=ap .ssid=ssid5 disabled=no
set [ find default-name=wifi2 ] configuration=wificonf_FT configuration.mode=ap disabled=no
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=bridge require-peer-certificate=no upgrade-policy=none
/interface wifi configuration
add channel.band=2ghz-n .width=20mhz country=Italy datapath=datapath1 disabled=no mode=ap name=\
    wificonf_FT security=wifisec_FT ssid=ssid24
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=wificonf_FT name-format=wifi%I \
    slave-configurations=""

Additional detail:

also my laptop (with an Intel Wireless 8265 / 8275) roams with the current configuration. I did not tested it with the old config. But it does not roam if I do not set connect-priority=0/1.
also a vacuum robot and (happened only once, by chance, for obvious reasons) an AC split now are able to roam (I never saw them roaming when FT was enabled)

accarda · Wed Jan 31, 2024 12:35 pm

I have just tried to disable FT and I had the same good unexpected result like you.
Actually for me FT has worked fine for almost all mobile devices (iPhone, iPad etc) except one specific iPhone (the only WiFi6 phone that I have) by setting FT as indicated in MT docs.
To fix that issue with iPhone I had to set Access list with signal threshold.
But now after disabling FT and removing that access list, all my phones can roam easily.
Good catch on this, now I will be curious to see whether newer version will change this behavior and fix the issue.
I'm currently using latest Ros 7.13.3.

whatever · Wed Jan 31, 2024 4:30 pm

I remember reading that some devices have issues with FT-over-DS. You may want to do some tests with FT-over-DS disabled and only FT (over the air) enabled.

However, even if working correctly, the advantages of using FT with PSK authentication are marginal. Windows will not even attempt to use FT unless you are using EAP.

infabo · Wed Jan 31, 2024 4:45 pm

I was curious and disabled FT too. I don't see as good results. E.g. my smartphone (Google Pixel 3a, Android 12) sticks on 2.4ghz like a gum. With FT enabled it roams very quickly to 5ghz once the signal is good enough.

ips · Wed Jan 31, 2024 4:49 pm

I remember reading that some devices have issues with FT-over-DS. You may want to do some tests with FT-over-DS disabled and only FT (over the air) enabled.

If FT is enabled and FT-over-DS is explicitly disabled, then my phone still roams but it disconnects after 10s. The only config I found so far that allows to successfully roam to all my devices able to do so is the one I reported in the first post (or to leave unset, since the default is "no")

However, even if working correctly, the advantages of using FT with PSK authentication are marginal. Windows will not even attempt to use FT unless you are using EAP.

I see. I was reporting since, at least on my experience, enabling FT does not allow to successfully roam (which is a bit counter-intuitive). Maybe my experience is useful also to others.

ips · Wed Jan 31, 2024 4:51 pm

I was curious and disabled FT too. I don't see as good results. E.g. my smartphone (Google Pixel 3a, Android 12) sticks on 2.4ghz like a gum. With FT enabled it roams very quickly to 5ghz once the signal is good enough.

I did not try roaming between bands (my SSIDs are separated). I will try it as soon as I can.

Wed Jan 31, 2024 4:56 pm

FWIW I have the mentioned settings enabled in a capsman setup and clients (mostly Win CE handgun scanners) roam quite nicely, both intra-AP (from 5Ghz to 2.4Ghz and vice versa) and inter-AP (from AP to AP).
Even when I move around in the warehouse with my laptop, I can see it in the logs.
Cell phones (android and iPhone) do the same.

For now (touch head ... errm, wood) it all works as expected.

whatever · Wed Jan 31, 2024 11:03 pm

at least on my experience, enabling FT does not allow to successfully roam (which is a bit counter-intuitive).

That shouldn't be the case. Wild guess: Are you maybe using different vlan configurations on your APs? In that case your issue might be related to ft-preserve-vlanid setting.

ips · Wed Jan 31, 2024 11:19 pm

No, I'm not using vlans in my setup.
And I see the same behavior when roaming from 5ghz to 2.4ghz (on the same AP): if ft is enabled, then it roams but it disconnects after 10s.

ips · Wed Jan 31, 2024 11:22 pm

FWIW I have the mentioned settings enabled in a capsman setup and clients (mostly Win CE handgun scanners) roam quite nicely, both intra-AP (from 5Ghz to 2.4Ghz and vice versa) and inter-AP (from AP to AP).
Even when I move around in the warehouse with my laptop, I can see it in the logs.
Cell phones (android and iPhone) do the same.

For now (touch head ... errm, wood) it all works as expected.

May I ask if they roam with ft disabled? Did you check?

accarda · Thu Feb 01, 2024 6:42 am

I have also tried to keep FT disabled and FT over DS enabled, but roaming stops to work on some device (1 iPhone, windows and mac laptops).
When I disable both, all my devices have roaming working properly.
I have a different setup than what was described by OP, as I use multiple VLAN within single SSID without setting these through datapath, but instead via Access-List.
At this point, when FT and FToverDS are both off, also my windows 11 laptop can roam even though I use only WPA3 PSK.

ips · Mon Feb 05, 2024 10:07 am

Just to share my experience, I tried different configurations but the best I found so far is:

/interface wifi security
add authentication-types=wpa2-psk connect-priority=0/1 disable-pmkid=no disabled=no ft=no ft-over-ds=\
    no management-protection=disabled name=wifisec_FT wps=disable
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ac .frequency=5500,5220 .skip-dfs-channels=10min-cac \
    .width=20/40mhz-Ce configuration=wificonf_FT configuration.mode=ap
set [ find default-name=wifi2 ] configuration=wificonf_FT configuration.mode=ap disabled=no
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=bridge require-peer-certificate=no upgrade-policy=none
/interface wifi configuration
add channel.band=2ghz-n .width=20mhz country=Italy datapath=datapath1 disabled=no mode=ap name=\
    wificonf_FT security=wifisec_FT ssid=MYSSID
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=wificonf_FT name-format=wifi%I \
    slave-configurations=""

But roaming from 2.4Ghz to 5Ghz does not work well. (In my case, I prefer good coverage and fast roaming between floors than wifi speed).

ToTheFull · Mon Feb 05, 2024 11:58 am

I have no Roaming problems on 7.14Beta9. Happy to share my config. Notice that one Radio is split at the top which shows that Radio is configured with no FT and seperate SSID/password for stuff that doesn't like FT. The next 3 Radios are sharing Security/Sec1.

/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180 \
    .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.country=\
    "United Kingdom" .mode=ap .ssid=002 disabled=no \
    security.authentication-types=wpa2-psk .encryption=ccmp \
    .management-protection=allowed .wps=disable

/interface wifi security
add authentication-types=wpa2-psk disabled=no encryption=ccmp ft=yes \
    ft-over-ds=yes management-protection=allowed name=sec1 wps=disable

/interface wifi
add channel.band=5ghz-ax .frequency=5500 .skip-dfs-channels=10min-cac .width=\
    20/40/80mhz configuration.country="United Kingdom" .mode=ap .ssid=001 \
    disabled=no name=cap-wifi1 radio-mac=48: security=sec1 \
    security.authentication-types=wpa2-psk .encryption=ccmp

add channel.band=2ghz-ax .frequency=2412 .skip-dfs-channels=10min-cac .width=\
    20mhz configuration.country="United Kingdom" .mode=ap .ssid=001 \
    disabled=no name=cap-wifi2 radio-mac=48: security=sec1 \
    security.authentication-types=wpa2-psk .encryption=ccmp

set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2462 \
    .skip-dfs-channels=10min-cac .width=20mhz configuration.country=\
    "United Kingdom" .mode=ap .ssid=001 disabled=no security=sec1 \
    security.authentication-types=wpa2-psk .encryption=ccmp
    
-------------------------Another View----------------------------------------------
/interface/wifi/actual-configuration/print              
 0 name="cap-wifi1" mac-address=48 arp-timeout=auto radio-mac=48
   configuration.mode=ap .ssid="001" .country=United Kingdom 
   security.authentication-types=wpa2-psk .encryption=ccmp .passphrase="1234" 
   .management-protection=allowed .wps=disable .ft=yes .ft-over-ds=yes 
   channel.frequency=5500 .band=5ghz-ax .width=20/40/80mhz .skip-dfs-channels=10min-cac 

 1 name="cap-wifi2" mac-address=48 arp-timeout=auto radio-mac=48 
   configuration.mode=ap .ssid="001" .country=United Kingdom 
   security.authentication-types=wpa2-psk .encryption=ccmp .passphrase="1234" 
   .management-protection=allowed .wps=disable .ft=yes .ft-over-ds=yes 
   channel.frequency=2412 .band=2ghz-ax .width=20mhz .skip-dfs-channels=10min-cac 

 2 name="wifi1" l2mtu=1560 mac-address=18 arp-timeout=auto radio-mac=18 
   configuration.mode=ap .ssid="002" .country=United Kingdom 
   security.authentication-types=wpa2-psk .encryption=ccmp .passphrase="4321" 
   .management-protection=allowed .wps=disable 
   channel.frequency=5180 .band=5ghz-ax .width=20/40/80mhz .skip-dfs-channels=10min-cac 

 3 name="wifi2" l2mtu=1560 mac-address=18 arp-timeout=auto radio-mac=18 
   configuration.mode=ap .ssid="001" .country=United Kingdom 
   security.authentication-types=wpa2-psk .encryption=ccmp .passphrase="1234" 
   .management-protection=allowed .wps=disable .ft=yes .ft-over-ds=yes 
   channel.frequency=2462 .band=2ghz-ax .width=20mhz .skip-dfs-channels=10min-cac


interface/wifi/monitor 0,1,2,3                          
                 state: running      running running      running
               channel: 5500/ax/Ceee 2412/ax 5180/ax/Ceee 2462/ax
      registered-peers: 2            1       3            1
      authorized-peers: 2            1       3            1
              tx-power: 22           14      18           15
    available-channels: 5500/ax/Ceee 2412/ax 5180/ax/Ceee 2462/ax

Roaming/FT unexpected behaviour on 7.13.3

Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Re: Roaming/FT unexpected behaviour on 7.13.3

Who is online