Question: Is this a roam?

  • 1
  • Question
  • Updated 3 years ago
Hi All,

I would like to know if this is a roam as captured in Client Monitor

21/07/2015 11:14:44 AM  0020E09643FE  4018B11C28D7  AP08         INFO    (157)Open auth is starting (at if=wifi0.4)

21/07/2015 11:14:44 AM  0020E09643FE  4018B11C28D7  AP08         BASIC   (158)Authentication is successfully finished (at if=wifi0.4)


In the same train of thought - is this a "not" roam:

21/07/2015 11:33:00 AM  E458E74806B6  4018B11BDF99  AP07         INFO    (2941)roam away

21/07/2015 11:33:00 AM  E458E74806B6  4018B11BDF99  AP07         BASIC   (2942)Sta(at if=wifi0.6) is de-authenticated because of STA roam away

21/07/2015 11:33:00 AM  E458E74806B6  4018B11BDF99  AP07         BASIC   (2943)Sta(at if=wifi0.6) is de-authenticated because of notification of driver

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         BASIC   (3743)Rx auth <open> (frame 1, rssi 63dB)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         BASIC   (3744)Tx auth <open> (frame 2, status 0, pwr 11dBm)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         BASIC   (3745)Rx assoc req (rssi 59dB)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         BASIC   (3746)Tx assoc resp <accept> (status 0, pwr 11dBm)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         INFO    (3747)WPA-PSK auth is starting (at if=wifi0.6)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         INFO    (3748)Sending 1/4 msg of 4-Way Handshake (at if=wifi0.6)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         INFO    (3749)Received 2/4 msg of 4-Way Handshake (at if=wifi0.6)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         INFO    (3750)Sending 3/4 msg of 4-Way Handshake (at if=wifi0.6)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         INFO    (3751)Received 4/4 msg of 4-Way Handshake (at if=wifi0.6)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         INFO    (3752)PTK is set (at if=wifi0.6)

21/07/2015 11:33:00 AM  E458E74806B6  4018B1338C59  AP29         BASIC   (3753)Authentication is successfully finished (at if=wifi0.6)


Thanks

Photo of Mid Comm

Mid Comm

  • 3 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes
The first two entries just show a station authenticating to AP08 on an Open SSID.

The second trace shows a client roaming successfully from AP07 to AP29 on a PSK/PPSK SSID.
Photo of Mid Comm

Mid Comm

  • 3 Posts
  • 0 Reply Likes
Hi,

Thanks for the reply.  The second trace looked to me like the station was going through its usual joining to an AP for the first time, except without the DHCP activity.

I was hoping to see that an L2 roam was different to a normal authenticate with the 4 way hand shake.  I had imagined that as the client information is shared to local neighbours that the 4 way hand shake was not necessary.
Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes
Hi,

The four way handshake is used to derive the pairwise temporary key, so it has to happen on a roam. Even with 802.11r Fast BSS Transition, the PTK derivation still occurs (though in a slightly different way).

For preshared key authentication, roaming is always pretty fast because ther pairwise master key is directly derived from the pershared key.

In the case of WPA2-Enterprise, the pairwise master key is dynamically generated by the RADIUS server (this is one of the reasons why it is way more secure than preshared key) - and it is this dynamic generation and the amount of interaction back and forth with the RADIUS server that can make roaming take a relatively long time when using WPA2-Enterprise.

There have been several mechanisms over the years to try to reduce the roaming times (essentially by caching or deriving PMKs wherever possible rather than having to have the expensive interaction with the RADIUS server), some of which are vendor-proprietary and others that are in the standards, including preauthentication, pariwise master key caching, proactive PMK caching, opportunistic PMK caching and finally 802.11r Fast BSS Transition.

So APs will share PMK information between themselves to facilitate these kind of caching mechanisms (though they only work if the client supports them), but a four way handshake of some kind is always required to derive a PTK.

By the way, most clients will send a DHCP renewal request on a roam - this is normal behaviour because the client needs to establish whether it is connected to the same backhaul network (i.e. whether it is a layer-2 or layer-3 roam). For layer-3 roams, Aerohive can be configured to establish GRE tunnels back to the original backhaul network, so essentially turning layer-3 roams into layer-2 roams from the client's perspective.
Photo of Mid Comm

Mid Comm

  • 3 Posts
  • 0 Reply Likes
Thanks - this clears up a lot.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes