[802.11r] Does not work with EAP
Mon Nov 24 00:37:31 PST 2014
in first place thank you for your time. I already have a valid working
setup, so I share with you where the problem was.
The issue was not a configuration problem but a connection one. The
interface in which I was trying to run 802.11r was not bridged with the
ethernet interface so the APs were not able to exchange the keys (the APs
must be reachable at MAC level). I don't know whether is possible to make
11r work with a not bridged interface (??).
Regarding to the old devices that didn't connect to an AP which supports FT
is also solved. The solution is based on apply both WPA-EAP as FT-EAP in
the "wpa_key_mgmt" configuration parameter. If only FT-EAP is configured,
only devices with 11r support will be able to connect to the AP.
Thank you again for your response Jouni,
On Sun, Nov 23, 2014 at 8:43 PM, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Nov 11, 2014 at 05:01:43PM +0100, Adrian Moran wrote:
> > The scenario consists on two AP (identical) and a mobile device (iPhone 5
> > with iOS 7). I try to connect the device to the AP1 and move it to the
> > using FT. I was able to make it run with PSK authentication but not with
> > EAP.
> I haven't really tested the iOS implementation of FT much, so don't
> really know what to expect here. Have you been able to test this FT-EAP
> setup with any other device (e.g., a Linux laptop with wpa_supplicant)?
> > With these configurations I can see (in Wireshark) how the mobile device
> > sends authentication messages (with "RSN Information", "Mobility Domain"
> > and "Fast Transition" fileds) to the AP2 when it moves away from the AP1
> > but the mobile device never starts to send traffic through this AP2.
> Does authentication with AP2 complete? Would you be able to share
> hostapd debug log and/or wireless capture files showing the exchange?
> > I throw some questions:
> > - ?Which could be the problem with 11r and EAP (described
> > scenario/configuration)?
> I'm not aware of any known issues in this area.
> > - ?There is any dependency of 11r with 11i? That is to say, ?must be
> > enabled some characteristic of 11i to make 11r run?
> I'm not sure I understand what you are asking here. IEEE Std
> 802.11i-2004 defined RSN and IEEE Std 802.11r-2008 extended this by
> adding FT. Both amendments are now part of the IEEE Std 802.11-2012 and
> FT does use RSN, so in that way, yes, RSN is very much enabled when FT
> is used.
> > - I have also noticed that old devices are not able to connect to a
> > working with 11r, ?that is right? ?Is there any solution to allow old
> > devices to connect to a SSID which supports 11r?
> Could you please provide more details on how the network was configured
> and which old devices you have seen issues with? There have been number
> of known cases where a deployed device has had issues when an AP is
> enabling new parameters, e.g., when multiple AKMs are advertised in the
> RSN element (e.g., with wpa_key_mgmt=WPA-EAP FT-EAP in case of hostapd).
> Jouni Malinen PGP id EFC895FA
> HostAP mailing list
> HostAP at lists.shmoo.com
Adri?n Mor?n Montes
*Research & Development EngineerFon Labs Workgroup, Getxo - Spain.*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Hostap