Hello, I'm sorry if this email is short on details but unfortunately I don't get any information from the AP logs. I'm using the hostapd tree as of 2024-09-14 (ccba6921de6372a2220350bb5ed5776ea8c76bbb). When I attempt to roam to another AP that is hosted on a different machine, it is unable to use FT-SAE. Nothing in the hostap logs show up, it is as if there was no attempt to even connect according to the AP logs. However, if I try to roam to another AP hosted on the same machine FT-SAE works. This issue is specific to SAE only. When I use WPA2-only with no other configuration change, this issue goes away and it works OK. I attempted to use WPA3-only instead of WPA2/WPA3-mixed but it made no difference. Some notes about my setup that are a bit unique (complete hostapd config is available below for inspection, these are just some of the things that I think are worth noting): * I'm using the dynamic VLAN feature (set to 2/required). * I'm using the per_sta_vif mode. * I'm using FT over the Air instead of FT over DS. Working case when roaming using wpa_cli works (different AP but same hostapd instance): > roam 00:20:91:00:00:01 OK <3>SME: Trying to authenticate with 00:20:91:00:00:01 (SSID='X' freq=2412 MHz) <3>Trying to associate with 00:20:91:00:00:01 (SSID='X' freq=2412 MHz) <3>Associated with 00:20:91:00:00:01 <3>WPA: Key negotiation completed with 00:20:91:00:00:01 [PTK=CCMP GTK=CCMP] <3>CTRL-EVENT-CONNECTED - Connection to 00:20:91:00:00:01 completed [id=0 id_str=] <3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 <3>CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-20 noise=9999 txrate=52000 Failure to use FT (different AP and different hostapd instance): > roam 00:20:91:00:00:03 OK <3>SME: Trying to authenticate with 00:20:91:00:00:03 (SSID='X' freq=2432 MHz) <3>BSSID 00:20:91:00:00:03 ignore list count incremented to 4, ignoring for 120 seconds <3>CTRL-EVENT-SCAN-STARTED > <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <3>SME: Trying to authenticate with 00:20:91:00:00:02 (SSID='X' freq=5745 MHz) <3>SME: Trying to authenticate with 00:20:91:00:00:02 (SSID='X' freq=5745 MHz) <3>PMKSA-CACHE-REMOVED 00:20:91:00:00:02 0 <3>PMKSA-CACHE-ADDED 00:20:91:00:00:02 0 <3>Trying to associate with 00:20:91:00:00:02 (SSID='X' freq=5745 MHz) <3>Associated with 00:20:91:00:00:02 <3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 > <3>WPA: Key negotiation completed with 00:20:91:00:00:02 [PTK=CCMP GTK=CCMP] <3>Removed BSSID 00:20:91:00:00:02 from ignore list <3>CTRL-EVENT-CONNECTED - Connection to 00:20:91:00:00:02 completed [id=0 id_str=] <3>CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-28 noise=9999 txrate=245000 <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS Below is the hostapd configuration (same configuration on all APs except for bssid/etc, so only the first AP config is provided): driver=nl80211 logger_syslog=127 logger_syslog_level=0 logger_stdout=127 logger_stdout_level=0 country_code=<redacted> ieee80211d=1 hw_mode=g supported_rates=60 90 120 180 240 360 480 540 basic_rates=60 120 240 beacon_int=100 channel=acs_survey chanlist=1-11 ieee80211n=1 ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1] interface=2ghz ctrl_interface=/var/run/hostapd bss_load_update_period=60 chan_util_avg_period=600 skip_inactivity_poll=0 preamble=1 wmm_enabled=1 ignore_broadcast_ssid=0 uapsd_advertisement_enabled=1 utf8_ssid=1 multi_ap=0 tdls_prohibit=1 nas_identifier=<redacted> sae_require_mfp=1 macaddr_acl=2 wpa_psk_radius=2 auth_server_addr=<redacted> auth_server_port=1812 auth_server_shared_secret=<redacted> macaddr_acl=2 auth_algs=1 wpa=2 wpa_pairwise=CCMP ssid=X wpa_disable_eapol_key_retries=1 wpa_key_mgmt=WPA-PSK FT-PSK WPA-PSK-SHA256 SAE FT-SAE mobility_domain=<redacted> ft_psk_generate_local=0 ft_over_ds=0 reassociation_deadline=20000 r0_key_lifetime=10000 pmk_r1_push=0 r0kh=ff:ff:ff:ff:ff:ff * <redacted> r1kh=00:00:00:00:00:00 00:00:00:00:00:00 <redacted> ieee80211w=1 group_mgmt_cipher=AES-128-CMAC dynamic_vlan=2 vlan_naming=1 vlan_bridge=br-vlan per_sta_vif=1 bssid=00:20:91:00:00:01 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
