802.11r not working

Dennis Bland dennis at dbperformance.com
Thu Sep 24 00:10:32 EDT 2020

Does 802.11r over-the-DS work correctly in WPA-Personal mode?

Regarding hostapd with OpenWRT:  Normally you would include hostapd
with OpenWRT, as it's an AP platform.  If you only want the 802.1X
authentication functionality of OpenWRT, is there a reason why you
wouldn't simply use FreeRADIUS as your authentication server?

If you are observing STA action frames being forwarded from the
currently-associated AP to the virtual OpenWRT node, then the STA
considers the virtual OpenWRT to be a valid roam target.  Or those
frames are actually encapsulated EAP over RADIUS packets to perform a
full STA reauthentication during a (non-802.11r) roam.

A wireless packet capture of 802.11 management frames would really
help debug this issue.

On Wed, Sep 23, 2020 at 2:57 PM Michael T Farnworth <michael at turf.org> wrote:
> I have checked all my r0kh records and r1kh records, plus the
> r1_key_holder and none of them include the MAC address of the radius
> server.  More to the point the MAC address of the radius server isn't
> listed anywhere in the hostapd.conf files.
> I should say that the RADIUS server also acts as the default gateway to
> the internet, but with no WiFi hardware never acts as an AP.
> Thanks,
> Michael
> On 23/09/2020 20:38, michael-dev wrote:
> > Am 23.09.2020 10:20, schrieb Michael T Farnworth:
> >> In reality the client is sending the 890d packets to the MAC address of
> >> the device running the radius server.
> >>
> >> Is this normal behaviour and is it the case that any radius server
> >> controlling access to a network must also run hostapd in order for
> >> 802.11r to work?
> >
> > No, that is not how it should work.
> >
> > There is the AP the client initially connected to (A), the AP the client
> > is currently connected to (B) and the AP the client aims to connect to (C).
> > Though, it might be that A=B, or A=C.
> > That indicates that A is the R0KH, B the current R1KH and C the new R1KH.
> >
> > With FT-over-AIR, C will contact A.
> > With FT-over-DS, B will forward client packets to C, and C will contact A.
> >
> > Please double check the mappings in r0kh and r1kh.
> >
> > Regards,
> > Michael

More information about the Hostap mailing list