Scribd
Upload
17 views

WiFi Fast Roaming

Uploaded by

Glee Gloo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
17 views

WiFi Fast Roaming

Uploaded by

Glee Gloo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

WiFi Fast Roaming, Simplified

FacebookTwitterLinkedIn

A primer on the 802.11 wireless protocol and when to


implement it.
Jason Hintersteiner
MAY 23, 2016
For some reason, all descriptions of 802.11r spectacularly fail to provide a simple
explanation of the WiFi fast roaming protocol. Most of them are too high level and
are effectively useless, or they tend to quickly get lost in the technical weeds. This
blog post attempts to bridge that gap and provide a reasonably simple but
thorough explanation.

What is fast roaming?

Fast roaming, also known as IEEE 802.11r or Fast BSS Transition (FT), allows a client
device to roam quickly in environments implementing WPA2 Enterprise security, by
ensuring that the client device does not need to re-authenticate to the RADIUS
server every time it roams from one access point to another. This is accomplished
by actually altering the standard authentication, association, and four-way
handshake processes used when a device roams (i.e., re-associates) to a new WiFi
access point.

The simplest explanation is that, after a client connects to the first AP on the
network, the client is "vouched for." When a client device roams to a new AP,
information from the original association is passed to the new AP to provide the
client with credentials. The new AP therefore knows that this client has already
been approved by the authentication server, and thus need not repeat the whole
802.1X/EAP exchange again.

Fast roaming also introduces efficiencies into the process of establishing the new
encryption key between the new AP and the client device, which benefits both
WPA2 Personal (a.k.a. pre-shared key or passphrase) and WPA2 Enterprise (a.k.a.
802.1X or EAP). Support for 802.11r is advertised in the AP beacon and probe
response frames.

The regular association process


Here are the normal, or pre 802.11r, steps followed by a client device as it connects
to an access point or roams from one access point to another.

1. Authentication (client)

2. Authentication Response (AP)

3. (Re)Association Request (client)

4. (Re)Association Response (AP)

WPA2 Enterprise 802.1X/EAP (client, AP, and authentication server); skipped in


WPA2 Personal

5. Four-way handshake #1 – AP nonce passed to client (AP)

6. Four-way handshake #2 – Supplicant nonce passed to AP(client)

6.5 Derivation of encryption key (AP & Client independently)

7. Four-way handshake #3 – verification of derived encryption key and


communication of group transient key (AP)

8. Four-way handshake #4 – acknowledgement of successful decryption (client)

Note, a nonce is a pseudo-random number generated for the purpose of seeding


the encryption algorithm. Both the AP (anonce) and the client supplicant device
(snonce) generate their own nonces as part of the negotiation.

Fast roaming re-association process

The following lists the revised -- 802.11r -- steps followed by a client device as it
uses Fast BSS Transition (FT) to move from one access point to another.

1. FT authentication; includes PMK seed information from original association and


supplicant nonce (client)

2. FT authentication response – includes PMK seed information and AP nonce (AP)

2.5 Derivation of encryption key (AP & Client independently)

3. FT re-association request – verification of derived encryption key (client)

4. FT re-association response – acknowledgement of successful decryption and


Group Transient Key (AP)
This process works for both WPA2 Enterprise and WPA2 Personal re-associations. In
both cases, the eight messages passed between an AP and a client device for
authentication, association, and the four-way handshake are reduced to four
messages.

Note that there is an alternative method called over-the-DS fast BSS transition,
where the credentials are passed from one AP to the others on the network via FT
action management frames over the wired Ethernet network that interconnects
them. This is usually one of those details that muddies the waters of the 802.11r
story. The essential point remains the same: The first AP "vouches" for the client
device to the other APs, so that the remaining APs need not re-verify that the client
device is allowed to connect to the network.

When should you use fast roaming?

The human brain generally cannot perceive an event that occurs faster than about
100 milliseconds. An interruption in voice or video service during a roam that
occurs faster than this will therefore not be observed by the user. The typical target
roam time for a client is half of this value, or 50 ms, and in most well-designed Wi-Fi
networks, the eight messages that make up the authentication, association, and
four-way handshake collectively will take on the order of 40 ms to 50 ms. Thus, in a
network using WPA2 Personal security, shrinking the number of messages from
eight to four is naturally helpful for efficient airtime utilization, but is really
unimportant to the roaming process from a perceived service-quality perspective.

The real benefit of 802.11r comes from not having to do the 802.1X/EAP exchange
when using WPA2 Enterprise security. Even with a local RADIUS server, this
exchange can easily take several hundred milliseconds, and far longer if your
RADIUS server is not on your LAN, but requires access over the Internet. Thus, fast
roaming should ALWAYS be enabled when you are using WPA2 Enterprise security.

One of the issues with 802.11r is that many older client devices don’t have drivers
that support it, and in fact even have trouble properly detecting and associating to
networks with 802.11r enabled. While adding new information elements to beacon
frames is a scalable part of the 802.11 protocol since the early days of WiFi -- and is
an essential element in backwards compatibility of new APs with older client
devices -- many older client drivers cannot read and interpret the new FT
information element in the beacon frames properly so they see the beacons as
corrupted frames. Therefore, to ensure maximum client compatibility, the common
recommendation is to disable fast roaming when using WPA2 Personal, and only
use it for WPA2 Enterprise networks.

You might also like