802.11r not working

[Michael T Farnworth]

On 24/09/2020 05:10, Dennis Bland wrote:
> Regarding hostapd with OpenWRT:  Normally you would include hostapd
> with OpenWRT, as it's an AP platform.  If you only want the 802.1X
> authentication functionality of OpenWRT, is there a reason why you
> wouldn't simply use FreeRADIUS as your authentication server?

I am trying to standardise by using OpenWrt for routing traffic around 
the house so that I can switch hardware and upgrade relatively easily. 
I am using FreeRADIUS under OpenWrt as the authentication server but as 
I have something more powerful (and reliable) than a cheap AP I have 
move the FreeRADIUS onto it.  The problem with something like an Archer 
A7 or C7 is that if you use SQM it is relatively limited in terms of 
throughput.  I have an Armor Z2 which should be better, but it crashes 
at least once a week for no obvious or consistent reason, whereas when I 
run OpenWrt on x86 it is completely reliable and never falls over.  In 
the next couple of weeks I expect to be moving onto fibre running at 
1000/200 so the x86 will offer the throughput I am looking for as well 
as being the most reliable option.  Using an AP with WiFi hardware and 
running hostapd as the platform for my FreeRadius server might hide this 
issue, but it does appear to be a bug.

> If you are observing STA action frames being forwarded from the
> currently-associated AP to the virtual OpenWRT node, then the STA
> considers the virtual OpenWRT to be a valid roam target.  Or those
> frames are actually encapsulated EAP over RADIUS packets to perform a
> full STA reauthentication during a (non-802.11r) roam.

Except that I believe EAPOL traffic should be sent using an ethernet 
888E packet, not an 890D which is specifically for the use of 802.11r. 
I started out filtering my tcpdump for 890D packets precisely because 
they are the packet type used for 802.11r and I expected to see a brief 
handshake between my mobile device and the routers which isn't showing up.

Thanks,
Michael