802.11r not working

Michael T Farnworth michael at turf.org
Wed Sep 23 04:20:42 EDT 2020

Just to clarify the situation I have 7 router boxes running OpenWrt and 
the full version of hostapd.  Any devices connecting to the WiFi must 
connect to one of these boxes under 802.1X, but the radius server is on 
an 8th box running OpenWrt and uses FreeRadius3.  It doesn't have 
wireless hardware and consequently isn't running hostapd.

I have enabled 802.11r on the 7 access points that run hostapd and have 
wireless hardware, each of these access points is configured to use the 
radius server for authentication and accounting.

I understand that for 802.11r to work under FT-over-DS some 890d 
ethernet packets are sent over the existing wireless connection to 
authenticate with the target access point, but I believed they would be 
directed to the access point my device is trying to connect to.  In 
reality the client is sending the 890d packets to the MAC address of the 
device running the radius server.

Is this normal behaviour and is it the case that any radius server 
controlling access to a network must also run hostapd in order for 
802.11r to work?


On 23/09/2020 04:42, Dennis Bland wrote:
> The best way to debug 802.11r is to capture 802.11 management frames
> with Wireshark, typically using a Linux laptop with Wi-Fi hardware in
> monitor mode.  Then you can confirm what AP your smartphone is really
> trying to contact over the air.
> You said your KVM-based router is running OpenWrt, but not hostapd.
> What is it using instead of hostapd?  You realize this is a hostapd
> forum, right?
> From: Michael T Farnworth <michael at turf.org>
> To: hostap at lists.infradead.org
> Subject: 802.11r not working
> Message-ID: <b1476587-21f3-3c58-757e-06da5b3ca3a2 at turf.org>
> Content-Type: text/plain; charset=utf-8; format=flowed
> I have 8 "boxes" running the latest snapshot of OpenWrt.  7 of these are
> typical router boxes with WiFi hardware (Archer C7 v2, Archer A7 v5,
> Armor z2) and the remaining one is virtual and runs under KVM on a server.
> I didn't think 802.11r was working so I ran a tcpdump on all 8 devices
> and it appears that my Samsung Galaxy S9 is sending the 802.11r ethernet
> 890d frames to the MAC Address of the KVM based router, which as it has
> no WiFi hardware couldn't have been the original associating WiFi point
> and obviously isn't running hostapd.  Obviously no response is ever
> given to any of these packets as a consequence.
> The KVM based router is running the radius server, does anybody have any
> thoughts on why this is happening?  I really don't understand why my
> phone is looking in the wrong place for a response!
> Thanks,
> Michael

More information about the Hostap mailing list