Capsmanv2 / Wi-Fi, with wAP AX devices
Any idea why many devices, including my nearly new Lenovo Yoga 14 with Intel Wi-Fi 7 BE201 chip and Windows 11, do not show ‘ft’ in the registration table?
I see less than half of the devices showing ft.
Is this expected? It seems surprising that a very-new Intel Wi-Fi chipset won’t support FT.
My Intel AX200 is the same, as well as a not so old MacBook Pro.
Is it a problem? How is the roaming experience with the Lenovo? Is there a roaming entry in the logging, or does it show disconnected and connected in the same second?
I can’t comment on the roaming experience. This was at a customer’s office today while looking at channel selection and devices ”picking the wrong AP” in general.
I could see that from their devices (6 staff in the office - 6 phones, 6 laptops), under half showed ft.
In my experience, the "ft-" prefix only appears after station roams for the first time. If it connects to AP "normally" (either it did initial connnect to a SSID or it moved from another AP without using 802.11r fuctions), then registration table won't show "ft-" prefix.
Which means that registration table doesn't show device's capability of performing FT (probably device doesn't announce it to AP, it simply performs it if both involved APs support it) but rather show that FT was performed when station last connected to a certain AP.
Windows only uses FT with EAP authentication, because that's where the FT roaming speedup is really noticable. If you are using PSK auth, Windows will ignore FT as standard roaming is already fast enough.
Thank you, Whatever. That explains it.
That is kind of a strange… in my home network I use WPA3-PSK and WPA2-PSK for older devices.
Some of my devices are marked as ft-wpa3-psk - the iPhones and the MacBook Pros. The roaming on those devices is indeed fast and seamless, I could also observe in the WiFi log that roaming events have happened. The user experience is great. For the other devices, that are just WPA3-PSK and WPA2-PSK - this includes an MacBook Air and a couple Windows laptops - they also roam, while not using fast transition.
I agree that Fast Transition (FT) is in general used with 802.1x but why than in my network where I do not use 802.1x I still see devices maked as ft-wpa3-psk, does that mean that it just marks client capabilities and not really that Fast Transition is being utilized?
Not sure I understand what you think is strange.
It is the same question I asked, and it has been answered by Whatever, above.
Windows devices will not use ft with PSK, but (some) other devices do.
Well, I wrongly taught that FT is utilised just in WPA3-Enterprise mode, but searching around inspired by this thread I found, this is not the case. FT could be used even in WPA3-PSK environments. And, it’s entirely depended on the end devices - their OS and drivers. Strange for me is that the Windows OS does not utilise it. But anyway, I learned something I new 
It could be used in WPA2-PSK as well ... because FT is different standard (802.11r) than WPA3 (which is enhancement of WPA2 which is 802.11i) ... so these standards work one along another. It is true though, that newer WiFi generations (e.g. WiFi 6E) require WPA3 while older ones (WiFi5 or WiFi6) tolerate it
The important thing to know is that in WPA2-EAP and WPA3-* there is a negotiation phase where the client negotiates a key to use for the connection. The FT feature allows the communication of such keys to other APs for faster connect.
In WPA2-PSK there is no such negotiation phase, the connection key is derived from the PSK only. FT does nothing for WPA2-PSK.
Note that WPA2-PSK is “insecure” in the sense that everyone who knows the PSK can listen in on everyone else’s traffic. With WPA2-EAP and WPA3-* this issue does not occur because everyone uses their own key that has been negotiated at the time of connection and is not known to others.
I have an old Android device that always connect with ft-wpa2-psk as per the registration table so I guess that is not entirely true. My Apple devices always show ft-wpa3-psk.
Well ... what can I say ?
Most of those ft-WPA2-PSK devices are dino-old-Symbol scanners running Win CE (the ones with 94 at beginning of MAC).
It is possible to have FT capability for WPA2-PSK, but it does not actually achieve anything.
