Just to clarify the situation I have 7 router boxes running OpenWrt and
the full version of hostapd. Any devices connecting to the WiFi must
connect to one of these boxes under 802.1X, but the radius server is on
an 8th box running OpenWrt and uses FreeRadius3. It doesn't have
wireless hardware and consequently isn't running hostapd.
I have enabled 802.11r on the 7 access points that run hostapd and have
wireless hardware, each of these access points is configured to use the
radius server for authentication and accounting.
I understand that for 802.11r to work under FT-over-DS some 890d
ethernet packets are sent over the existing wireless connection to
authenticate with the target access point, but I believed they would be
directed to the access point my device is trying to connect to. In
reality the client is sending the 890d packets to the MAC address of the
device running the radius server.
Is this normal behaviour and is it the case that any radius server
controlling access to a network must also run hostapd in order for
802.11r to work?
Thanks,
Michael
On 23/09/2020 04:42, Dennis Bland wrote:
The best way to debug 802.11r is to capture 802.11 management frames
with Wireshark, typically using a Linux laptop with Wi-Fi hardware in
monitor mode. Then you can confirm what AP your smartphone is really
trying to contact over the air.
You said your KVM-based router is running OpenWrt, but not hostapd.
What is it using instead of hostapd? You realize this is a hostapd
forum, right?
From: Michael T Farnworth <michael@xxxxxxxx>
To: hostap@xxxxxxxxxxxxxxxxxxx
Subject: 802.11r not working
Message-ID: <b1476587-21f3-3c58-757e-06da5b3ca3a2@xxxxxxxx>
Content-Type: text/plain; charset=utf-8; format=flowed
I have 8 "boxes" running the latest snapshot of OpenWrt. 7 of these are
typical router boxes with WiFi hardware (Archer C7 v2, Archer A7 v5,
Armor z2) and the remaining one is virtual and runs under KVM on a server.
I didn't think 802.11r was working so I ran a tcpdump on all 8 devices
and it appears that my Samsung Galaxy S9 is sending the 802.11r ethernet
890d frames to the MAC Address of the KVM based router, which as it has
no WiFi hardware couldn't have been the original associating WiFi point
and obviously isn't running hostapd. Obviously no response is ever
given to any of these packets as a consequence.
The KVM based router is running the radius server, does anybody have any
thoughts on why this is happening? I really don't understand why my
phone is looking in the wrong place for a response!
Thanks,
Michael
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
