This post is mainly intended to understand if it is an ongoing bug that also others have, or something wrong at my end.
Have been passing a good couple of days troubleshooting disconnections on a couple of devices, like constantly… And have pinpointed the culprit to be with the Multi Passphrase Group setup. Reading the logs, I see “disconnected'“ and then “connected” instead of “roamed”, and the disconnections generally involve 2G → 2G-virtual or 2G → 5G-virtual, basically it disconnects and reconnects to the same SSID (the only one saved and operative) instead of roaming to it. Some devices roam correctly, others only sometimes.
My setup is the following:
Version: 7.21 in all the devices
CAPsMAN: RB5009
CAPs: hAP ax3, cAP ax3
master configs: one for 2G, one for 5G
slave configs: one for 2G, one for 5G
all the configs are the same except for the frequency and the Multi Passphrase Group
Tried with different VLANs assigned to the Master and Slave, and tried with the same VLAN, same result.
The VLAN gets assigned correctly, but the connection drops even if the VLAN is maintained.
In my current testing setup, I’ve no VLANs at all, and the problem is there anyway, but my guess is that is has nothing to do VLAN, I would guess more something with the FT.
Enabled FT settings are: enabled, over DS, and Preserve VLAN ID.
I’m noticing that when scanning for wifi signals, I can see the 2 SSIDs with the same name, not sure if I should only see 1.. If I set 2 different SSIDs, the Multi Passphrase Group works correctly, they roam instead of disconnecting between the same group.
The slave config is for assigning to the SSID the second security profile with the different Multi Passphrase Group. If I’m doing it wrong, I’m happy to correct it
Didn’t want to post asking for help, but if it helps others too, here my export:
For seamless mobility between BSSIDs serving same SSID, security settings on all participating BSSIDs should be the same. Without it, station has to re-authenticate (with different security parameters) so it can't really roam.
Multi Pass phrase works fine for me with FT turned on.
In the registration table… does your client show ft-WPA2-PSK?
Some devices on that that SSID for me don’t support FT and show disconnect connect messages. But the phones that do support it show the roaming messages.
The glitch that annoys me is that devices will show the name of the key they are using when they first connect. But that name no longer shows in the registration table after the first roam.
yes, and that is when the problem starts to happen, it does FT to the virtual interface and loses the connection, otherwise if transitions 2G to the 5G or the other router, the device roams.
for me, all the involved devices support FT, or at least… that is what I infer, since now that I’ve set different SSIDs they roam correctly within the same SSID.
Still using MPG, but with different SSIDs this time, everything works fine.
hmm.. you saying that with MPG we cannot really have FT?
Because I’ve tried using the same security profile, changing only the group, and some devices would still disconnect… but this indeed implies that the security profiles are different…
I'm saying that when station roams to anotger BSSID, it skips many authentication steps ... and target AP receives them from originating AP. If the target AP is configured with different security settings, then this might fail ... and station has to disconnect/connect. So if all BSSIDs in same SSID are configured with same MPG (and the rest of security settings), then roaming works with MPG.
