× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Announcements

Polls
What is your Experience with NETGEAR Insight cloud management?
Top Contributors

WAC720, WAC730, WAC740 802.11r

Why do we have to use a controller or the cloud to enable 802.11r?  Even Linksys offers this feature in its consumer product, the RE7000....  

10 Comments
nmhTester
NETGEAR Expert

Short answer,

These AP are designed assuming there are many access points in a deployment and to make 802.11r work well, there are many pre-shared keys that needs to be configured and deployment tested.

so as we move from 2 to 3 to 5 to 10 AP, the configuration without central manager becomes expontional hard.

if there is enough interest, we can expose it in local AP UI. please open enhancement request with support team.

 

Long answer:

Stepping back,  below is based off my personal understanding and not offical answer.

 

statement:

1)As per 802.11 IEEE std, "When to roam" and "where to roam"  is 100% a functionality of the client device.

2) Normally when WPA-enterprise is invloved and there is nothing to help roam, every time client assoicate there is need to exchange about 16 to 19 packets between client and ap/radius server to establish secure connection.

3) for WPA-Personal, about 4 packets are exchanged to make secure connection.

 

Seamlessroaming : Most of the Wifi industry uses this term,  if the multiple  devices can use same "SSID" string  for all the wireless access devices. Here the the wireless clients make the call on when to switch between BSSID1 to BSSID2 (remember same SSID string name, so no human swithing the ssid needed).

Client will roam even if there is no 802.11R/K/V to help.

Just that there will be  delays, the delay will depend on many parameters in the delopyment and client wifi driver settings. Most windows laptop with intel wifi clients allow the user to choose the behaviour of client roam to be aggerasive or normal etc.

 

Help for seemless roaming:

Netgear AP like WAC720/WAC730/WAC510  have knobs like 802.11K /802.11V on standalone as well as cloud/controller managed.

This will help some clients (few of popular clients have it enabled, but you need to check with client device vendor) that implement 802.11K to list to 802.11K frames from Netgear access points and decide when to roam. This will make roaming really fast.

from Wiki:

"The 802.11k standard provides information to discover the best available access point. 802.11k is intended to improve the way traffic is distributed within a network."

if you are   deploying WPA-personal, in 510/720/730 already should be allowing pretty decent low delay roaming.

 

Fast roaming:

There are few things network infra can do to help with fast roaming.

 

802.11r : this is based of IEEE std that some of high end clients have implemented. the 802.11r will help clients to roam after exchanging just 4 messages and can pre-auth with the new AP before it tell "i am leaving" to old AP.

so 802.11r working needs admins to confirm some pre-shared keys between the APs  in the same mobility domain.

Having a central management device like Business central/controller will help. espically if you have say 3 or 4 AP. manually configuring the R0/R1 keys and testing out will be come exponically complex.

 

OKC based : currently our wireless controllers/Insight Manager have implemented it and this will help any client including legecy to fast roam as the central controller will opportunistically key cache the encryption keys in neighbour APs, so that when client roams to the new BSSID, the AP already knows the keys to us.

 

TomPandit
Initiate

 

Thanks for the review. I may borrow a few of your explanations, unofficially of course.

 

I'm alluding to capabilities in a competitor product that can be used in the single digit AP scenarios, without using .1x.  The PSK process is certainly quick without r.  However, customers desire assurance in regards to voice integrity, which this helps provide.  With a Linksys Max-Stream router and a few of their RE7000 devices, which are all consumer products, they offer r & k without need for a controller.  The router acts as one.  They also released the LAPAC2600.

 

Why not use Linksys?  Well, their reliability ratings continue to shift from Cisco to Belkin.  I've always known Netgear to be reliable and would like to sell these APs instead.  

TomPandit
Initiate

Can it be enabled through telnet or SSH?

 

I found a few more devices that offer 802.11r without a controller or a subscription - LAPAC2600, WAP371.  I may sell my Netgear APs and switch.  

 

"The best way to enhance value is to charge your customers for something your competition gives away."  

-Unknown

TomPandit
Initiate

Well, I found the CLI settings for the WAC720, which includes fast-bss-transition settings.  Do you have any guidence through these 'set' options?  

 

DownB#                set fast-bss-transition wlan1ftvap0 

ft-mode                 Enable/Disable the FBT status in a VAP (on/off)

ft-over-ds              Enable/Disable the FT over DS (on/off)

mobility-domain    Mobility Domain Identifier

r0-key-holder        R0 Key Holder ID

r1-key-holder        R1 Key Holder ID

reassoc-deadline   Re-association Deadline timer

with                       * Qualify set to instances that match certain property values *

TomPandit
Initiate

I seem to have everything set, but the CLI will not allow me to change ft-mode to on.  If I edit the .xml config file in Xcode and manually turn it on for the virtual wlans I'm using, the firmware seems to turn it off.  Is the firmware blocking 802.11r in the CLI as well as the GUI?  

TomPandit
Initiate

I'm posting an update for anyone interested.

 

I was able to successfully enable the APs to use 802.11r through the CLI.  Surprisingly, the APs can use DFS channels now as well, which I don't recall seeing before.

How?

-Set up devices in businesscentral.netgear.com

-Upgrade to beta firmware 3.6.14.0 on all

-Remove from Business Central and turn it off on each device, which will factory reset

-Set up first device completely and created an Ensemble (cluster in CLI).  Priority for master set to 255 (pdf manual incorrect, lower number not master).

-Set other two APs as part of the Ensemble with lower priority values.  Give them a few minutes to organize themselves.  

-CLI for each unit, as they didn't mimic the leader.

     get fast-bss-transition 

     set fast-bss-transition

     copy s nvram:s

-Make sure the last item you attempt is to 'set fast-bss transition wlan1ftvap0 ft-mode on' - obviously use whatever vSSID

 

Quirks:

-Rebooting, channel reassignment, power adjustment, ect. all disable 802.11r.  Re-enable with the last CLI command I listed above.  Annoying, but we all want uptime.  

 

-Thomas

Retired_Member
Not applicable

hi TomPandit,

 

Thanks for the detailed information.

 

We have logged this as a feature request to development team to add an option to enable/disable 802.11R from web gui. It will go through evaluation with dev team. Keep an eye out on future firmware release.

 

Thanks

DavidGo.

kscrib
Tutor

@Retired_Member  can you provide an update on the request to add 802.11r to the web gui?

 

I have 3 WAC730 configured in an ensemble that don't pass off clients (IOS/Android) between each other.  I have recently updated the firmware to 3.7.11.0 and still don't see the abilty to enable 802.11r/v/k.  Also the client devices still don't transfer to an AP that has a notably stronger single even when the original AP is no longer accessible.

NormanP
Aspirant

Hi Netgear team,

Did we ever get a response or update to this request?

pn23
Aspirant

I have the same situation here - one WAC 730 and 3 x WAC 720 APs in an Ensemble. Devices are constantly offline because they don't roam. There really seems to be very little point in having them configured in Ensemble (other than a couple more pretty pie charts in the dashboard) if the APs aren't exchanging keys and assisting devices in roaming.

 

Did anyone ever get any further with this?