NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

TomPandit's avatar
TomPandit
Initiate
Jan 07, 2017

WAC720, WAC730, WAC740 802.11r

Why do we have to use a controller or the cloud to enable 802.11r?  Even Linksys offers this feature in its consumer product, the RE7000....  
SMB AP
nmhTester's avatar
nmhTester
NETGEAR Expert
Jan 07, 2017

Short answer,

These AP are designed assuming there are many access points in a deployment and to make 802.11r work well, there are many pre-shared keys that needs to be configured and deployment tested.

so as we move from 2 to 3 to 5 to 10 AP, the configuration without central manager becomes expontional hard.

if there is enough interest, we can expose it in local AP UI. please open enhancement request with support team.

 

Long answer:

Stepping back,  below is based off my personal understanding and not offical answer.

 

statement:

1)As per 802.11 IEEE std, "When to roam" and "where to roam"  is 100% a functionality of the client device.

2) Normally when WPA-enterprise is invloved and there is nothing to help roam, every time client assoicate there is need to exchange about 16 to 19 packets between client and ap/radius server to establish secure connection.

3) for WPA-Personal, about 4 packets are exchanged to make secure connection.

 

Seamlessroaming : Most of the Wifi industry uses this term,  if the multiple  devices can use same "SSID" string  for all the wireless access devices. Here the the wireless clients make the call on when to switch between BSSID1 to BSSID2 (remember same SSID string name, so no human swithing the ssid needed).

Client will roam even if there is no 802.11R/K/V to help.

Just that there will be  delays, the delay will depend on many parameters in the delopyment and client wifi driver settings. Most windows laptop with intel wifi clients allow the user to choose the behaviour of client roam to be aggerasive or normal etc.

 

Help for seemless roaming:

Netgear AP like WAC720/WAC730/WAC510  have knobs like 802.11K /802.11V on standalone as well as cloud/controller managed.

This will help some clients (few of popular clients have it enabled, but you need to check with client device vendor) that implement 802.11K to list to 802.11K frames from Netgear access points and decide when to roam. This will make roaming really fast.

from Wiki:

"The 802.11k standard provides information to discover the best available access point. 802.11k is intended to improve the way traffic is distributed within a network."

if you are   deploying WPA-personal, in 510/720/730 already should be allowing pretty decent low delay roaming.

 

Fast roaming:

There are few things network infra can do to help with fast roaming.

 

802.11r : this is based of IEEE std that some of high end clients have implemented. the 802.11r will help clients to roam after exchanging just 4 messages and can pre-auth with the new AP before it tell "i am leaving" to old AP.

so 802.11r working needs admins to confirm some pre-shared keys between the APs  in the same mobility domain.

Having a central management device like Business central/controller will help. espically if you have say 3 or 4 AP. manually configuring the R0/R1 keys and testing out will be come exponically complex.

 

OKC based : currently our wireless controllers/Insight Manager have implemented it and this will help any client including legecy to fast roam as the central controller will opportunistically key cache the encryption keys in neighbour APs, so that when client roams to the new BSSID, the AP already knows the keys to us.

 

TomPandit's avatar
TomPandit
Initiate
Jan 08, 2017

 

Thanks for the review. I may borrow a few of your explanations, unofficially of course.

 

I'm alluding to capabilities in a competitor product that can be used in the single digit AP scenarios, without using .1x.  The PSK process is certainly quick without r.  However, customers desire assurance in regards to voice integrity, which this helps provide.  With a Linksys Max-Stream router and a few of their RE7000 devices, which are all consumer products, they offer r & k without need for a controller.  The router acts as one.  They also released the LAPAC2600.

 

Why not use Linksys?  Well, their reliability ratings continue to shift from Cisco to Belkin.  I've always known Netgear to be reliable and would like to sell these APs instead.  

  • TomPandit's avatar
    TomPandit
    Initiate
    Jan 10, 2017

    Can it be enabled through telnet or SSH?

     

    I found a few more devices that offer 802.11r without a controller or a subscription - LAPAC2600, WAP371.  I may sell my Netgear APs and switch.  

     

    "The best way to enhance value is to charge your customers for something your competition gives away."  

    -Unknown

    • TomPandit's avatar
      TomPandit
      Initiate
      Jan 10, 2017

      Well, I found the CLI settings for the WAC720, which includes fast-bss-transition settings.  Do you have any guidence through these 'set' options?  

       

      DownB#                set fast-bss-transition wlan1ftvap0 

      ft-mode                 Enable/Disable the FBT status in a VAP (on/off)

      ft-over-ds              Enable/Disable the FT over DS (on/off)

      mobility-domain    Mobility Domain Identifier

      r0-key-holder        R0 Key Holder ID

      r1-key-holder        R1 Key Holder ID

      reassoc-deadline   Re-association Deadline timer

      with                       * Qualify set to instances that match certain property values *

      • TomPandit's avatar
        TomPandit
        Initiate
        Jan 10, 2017

        I seem to have everything set, but the CLI will not allow me to change ft-mode to on.  If I edit the .xml config file in Xcode and manually turn it on for the virtual wlans I'm using, the firmware seems to turn it off.  Is the firmware blocking 802.11r in the CLI as well as the GUI?