The state of 802.11r

802.11r or BSS Fast-Transition is a way of significantly increasing the speed of roaming in enterprise WiFi environments. More specifically it’s a standard that describes how to avoid having to perform a full 802.1X authentication when roaming to a new AP.

For the vast majority of clients Fast-Transition (FT) is no big deal. If a user is idly browsing the web, or their client is performing some background sync tasks, a roam from one AP to another isn’t something they notice.

Where it matters is when there are voip clients, or any application that doesn’t tolerate packet loss or high latency.

The 802.1X authentication is quite a chatty affair, and it takes a bit of time. The hallowed figure often quoted for voip clients is to keep latency under 150ms. The process of roaming to a new AP and then performing 802.1X can take longer than this.

With FT, the network authentication part of the roam is reduced dramatically. However, it does need to be supported by the client and network.

Like many standards, there were some elements open to interpretation. Some network vendors required a client to support 802.11r in order to connect to the network, others did not. But with our Aruba network it was necessary for all clients to support 802.11r before you could switch it on.

This has changed over time, my understanding is most vendors have moved to a position of allow clients that do and do not support FT to co-exist on the network. Apple’s MacOS does not support 802.11r (at the time of writing) but happily coexists with it.

Windows 10 includes support, but this seems to be dependent on the WiFi chipset and driver. Which brings me to the blunt message of this post.

In an Aruba OS8 environment, with a jumbled mix of clients, it’s not yet possible to enable 802.11r. I’ve just tried it and run into a couple of Windows 10 laptops that were no longer able to connect to the network. The symptoms observed were the EAP transaction with RADIUS timing out. The user experience was, of course, “the wifi is down”.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.