NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

speedman's avatar
speedman
Follower
Sep 04, 2021

WAX610 fast roaming in local management

Hi,    I know that the question was allreay asked, but I HAVE to use a local mangement mode, and I wanna use fast roaming.    I have a 3 floor house, with a very big garden, so I have 4 APs: - 2...
schumaku's avatar
schumaku
Guru - Experienced User
Dec 14, 2025
speedman wrote:

have a 3 floor house, with a very big garden, so I have 4 APs:

- 2 WAX610 (AX1800)

- 1 HPe E-MSM460 (J9590) 

- 1 outdoor EnGenius ENH1750EXT

 Both EnGenius and HPe support fast roaming. 

 

Seriously? Carefully read about the requirements please. Have deployed WPA2 Enterprise with an RADIUS Server infrastructure? This is a requirement for both EnGenius and HPe... The controls in the respective Web UIs might exist, regardless the required infrastructure and configuration.

 

 

Fast roaming WiFi, also known as IEEE 802.11r or Fast BSS Transition (FT), enables a client device to roam quickly in environments implementing WPA2 Enterprise or WPA3 Enterprise security, by ensuring that the client device does not need to re-authenticate to the RADIUS server every time it roams from one access point to another. This is accomplished by actually altering the standard authentication, association, and four-way handshake processes used when a device roams (i.e., re-associates) to a new WiFi access point.

 

Enabling these - without knowing and understanding what will be involved - does not change anything in WPA2 Personal (WPA2 PSK WPA2 AES), nor does it bring magically a non-standard key exchange for WPA3 Personal aka. WPA3 SAE. Even if asking and requesting repeatedly...

 

Keep in mind WPA3 Enterprise fast roaming builds on WPA2 Enterprise by adding stronger security (like PMF) and using mechanisms like PMK Caching and 802.11r (Fast BSS Transition) for quicker handoffs, often in a WPA2/WPA3 transition mode for compatibility, but it requires well-configured APs and updated clients to avoid issues where older devices struggle with multiple Authentication Key Management (AKM) types, leading to roaming failures if not set up carefully. 

 

Leaving alone that the majority of wireless clients (consumer audio, consumer video, IoT, ....) in the field don't support WPA2 or WPA3 Enterprise. Even for business users, it's a challenge properly deploying all this. 

 

As long as you stick to WPA2 Personal there is no need to enable 802.11r on any AP - even if the controls kind-of exist on random APs. Yes, with the help of cloud support by Netgear Insight, seamless roaming is possible for WPA3 Personal / WPA3 SAE.