Page 1 of 1
Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Sep 20, 2023 7:25 pm
by kravemir
Finally success - managed to get 802.11r/k/v roaming working with WifiWave2 on all my client devices, using hAP ax³ and hAP ac³.
It was some amount of troubleshooting, and hunting for the right settings. In the end, following things needed to be done - hope I didn't forget anything:
- manage all APs by the same instance of RouterOS - use WifiWave2 CAPsMAN,
- set authentication type to WPA2 only, disable WPA3, because Android devices have trouble roaming with WPA3, and even if they receive other BSSIDs from neighboor group and see them as ones with better signal, they won't roam-connect to these better APs/BSSIDs. My ThinkPad A485 and wife's T440p have no problem roaming with WPA3, we both have Linux if that makes a difference, but Android devices do have issues with WPA3.
- set ft=yes and ft-over-ds=yes in security profile to enable 802.11r fast BSS transitions (roaming),
- do not kick off clients with weak signal, remove such wifiwave2 access-list rule if you have one, because it makes client devices to avoid using that SSID or access point completely and results in worse wifi experience.
- RouterOS version 7.11.2 if that makes a difference.
If roaming is working correctly, then there should be now following entries about roaming in the log:
0C:C6:FD:XX:XX:XX@distant-AP-wifi-2G roamed to 0C:C6:FD:XX:XX:XX@closer-AP-wifi-5G, signal strength -66
Instead of entries about disconnection followed by immediate reconnection entries:
0C:C6:FD:XX:XX:XX@distant-AP-wifi-5G disconnected, connection lost, signal strength -92
0C:C6:FD:XX:XX:XX@closer-AP-wifi-5G connected, signal strength -75
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Sep 20, 2023 8:59 pm
by gigabyte091
set authentication type to WPA2 only, disable WPA3, because Android devices have trouble roaming with WPA3, and even if they receive other BSSIDs from neighboor group and see them as ones with better signal, they won't roam-connect to these better APs/BSSIDs. My ThinkPad A485 and wife's T440p have no problem roaming with WPA3, we both have Linux if that makes a difference, but Android devices do have issues with WPA3.
Have no problem with WPA3 and android devices, they roam and connects without any problem.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Sep 20, 2023 9:10 pm
by kravemir
Have no problem with WPA3 and android devices, they roam and connects without any problem.
Tested Android devices in my household:
However,... besides WPA3 issue on some Android devices, that I'm lucky to have in my household....
The conclusion is, that 802.11r/k/v fast roaming works well, and that the future of multi-AP wireless networking with roaming looks bright with WifiWave2 on MikroTik devices. Just, waiting for WifiWave2 outdoor APs from MikroTik.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Sep 20, 2023 9:21 pm
by gigabyte091
Agree with you, i think Mikrotik wireless became good, at least for home users, now i have same or even better experience with cap ax when compared to ubiquiti u6 lite. Signal is better for sure.
Now I don't know how good will it work with more devices, eg office, etc but at the moment i have 22 wireless device connected and they are working without a problem. (Mix smart TVs, IoT devices, cameras, laptops, phones, tablets, smart watches)
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Sep 21, 2023 1:03 pm
by kravemir
... good, at least for home users, ...
Now I don't know how good will it work with more devices, eg office, ... i have 22 wireless device connected and they are working without a problem. (Mix smart TVs, IoT devices, cameras, laptops, phones, tablets, smart watches)
I use MikroTik in my household/SOHO, too.
There are usually no more than two devices, that try to saturate wireless bandwidth. It's usually one or two at the same time from: me downloading something on my laptop, wife downloading something on her laptop, apps updates or installation or my phone, wife's phone, or Nintendo switch download, or a guest downloading something on own phone/laptop. Every stationary device is wired. So, I don't have have scenarios with many wifi devices competing for wireless bandwidth.
My problems are based on property layout with thick walls, that is impossible to cover with single AP reliably.
My wife, much more than me, moves between physical locations covered by different APs. She, especially, needs internet access in those different locations - see list of things to pack for shipment for eShop sales (one AP covering storage and packing areas), doing other things on net and responding to customers in different more comfortable place (different AP).
Also, for me, I don't like having to turn off and on wifi on phone to manually roam to better AP.
So, seamless roaming is of higher importance to me/us, than top performance.
For, IoT, I guess, that performance doesn't drop much with number of little devices, but with number of devices actively competing for bandwidth. Also, performance drops with number of slow talking (weak signal) devices. So, area coverage is important here, too. I don't have IoT or smart-home thingies yet, though.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Sep 21, 2023 1:50 pm
by olivier2831
Agree with you, i think Mikrotik wireless became good, at least for home users, now i have same or even better experience with cap ax when compared to ubiquiti u6 lite. Signal is better for sure.
Do you have figures (dB, ...) echoing this ?
Were both AP ceiling mounted ?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Sep 21, 2023 2:31 pm
by gigabyte091
I don't, i just noticed that with mikrotik i have wifi in my yard, with ubiquiti i don't. I know, not very scientific method.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Sep 21, 2023 4:30 pm
by ToTheFull
It isn't a fair test, maybe the U6 LR yes.
U6 Lite
Antenna gain
2.4 GHz 2.8 dBi
5 GHz 3 dBi
cAP ax
Wireless 2.4 GHz standards 802.11b/g/n/ax
Antenna gain dBi for 2.4 GHz 6
Wireless 5 GHz standards 802.11a/n/ac/ax
Antenna gain dBi for 5 GHz 5.5
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Sep 21, 2023 4:55 pm
by macgaiver
I have set of Google Pixel phones 4A 6A 7A and no issues with roaming on Capsman ww2.
My issue is with only iPhone (14) in the house. I can't figure why but it will not reconnect by itself to the house network, only after manual clicking on the phone it connects.
Also my ThinkPad E14 sometimes roams away to worst possible AP in the house, and get stuck to it like a glue - i can only force it to jump somewhere else if i remove that interface from capsman for a second.
So it seems to me that fastroaming stuff has very random implementation on clients side.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Sep 21, 2023 7:59 pm
by gigabyte091
It isn't a fair test, maybe the U6 LR yes.
Maybe, but for eg, U6-Lite in my country costs about 126 Euros, and cAP ax is about 143 euros, so that's about 17 Euros difference.
U6 LR costs about 220 Euros and that is about 77 Euros difference...
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Sep 21, 2023 8:29 pm
by ToTheFull
I'm Happy with my cAP ax and hAP ax2, considering the contraints/regs Imposed on WiFi6 devices these days I think Microtik have done a fantastic job.
Yes it's taken time, but still we are nearly there!
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Tue Nov 07, 2023 11:35 pm
by holvoetn
Implemented capsman at home (RB5009, AX3, AX2).
Most devices roam just fine except for Samsung S20 when using WPA3 (Android 13).
Samsung S8 (Android 9) however works just fine (but I'm thinking it only uses WPA2) ?
Downgrading security to WPA2 only, "solves the problem" for S20.
7.12 rc6
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 3:32 am
by anav
Can you draw a network diagram to see what is connected to what.
What is your main router
Does it run capsman
What is the difference in wifiwave2 setup on main router (running capsman) and the other devices?
Can you provide /exports of all the MT wifi devices......
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 5:53 am
by gigabyte091
I experienced the same thing but wife and I have same phones, exactly the same model, only difference is color and her phone is a year younger so i'm thinking different revision ??
Her phone roams without a problem, my sticks to the downstairs AP and won't let go... It's like his life depends on it...
Tablets, laptops, everything else roams without a problem.
Did a test with U6 Lite same thing... Won't roam... Sticks to the downstairs AP...
Is your RB5009 PoE version ? I bought PoE so I don't have to deal witn injectors
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 6:34 am
by holvoetn
Can you draw a network diagram to see what is connected to what.
What is your main router
Does it run capsman
What is the difference in wifiwave2 setup on main router (running capsman) and the other devices?
Can you provide /exports of all the MT wifi devices......
Get lost, you ...
Is your RB5009 PoE version ? I bought PoE so I don't have to deal witn injectors
Nope, regular RB5009. No POE involved for AX3 nor AX2.
That S20 simply will not roam using WPA3. It disconnects when signal is too low and then connects again to nearest AP but no roaming message in log. Just disconnect and connect.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 7:32 am
by gigabyte091
I can see @anav buying couple of cAP ax's to replace existing AP ih his home
I tested now at one of my customer site's, they are using TP-Link for AP's, same thing, phone is holding for one AP...
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 4:09 pm
by anav
your wife has better iphone skills ;-PP
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 4:42 pm
by gigabyte091
No iOS, Android only
Honestly, I don't care, as long as her wifi is good i'm happy. I still have flashbacks to ROS 7.9 and wifi fiasco... I can still hear her voice... WIFI IS NOT WORKING AGAIN !!!
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 6:45 pm
by anav
People are still using androids??
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 7:02 pm
by mkx
We are all becoming androids
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 7:11 pm
by gigabyte091
Android rulz
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 8:16 pm
by holvoetn
OK, moving on ...
Read some snippets earlier today where I conclude Samsung and WPA3 can cause roaming issues on whatever brand of AP if you're 'lucky' (ahem ...).
Funny thing is that the same model/SW version works reliably but another user having the exact same device reports issues.
I've also seen reports about other brands/devices (not only smartphones, also tablets, smartwatches, ...)
Various brands of APs, no common denominator.
So it looks like this is not an MT problem but more a client implementation problem ?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 8:35 pm
by gigabyte091
I do believe that this is a client problem. At least in my case, only one device have this problem. In my case we are talking about Xiaomi phone. Same model, year apart from my wife's phone, her phone roams, my doesn't.
I also noticed that it likes to hang onto 5GHz radio... When we are in our yard my phone disconnects but wife's phone connects to 2.4GHz...
I tested today with my brothers S23 Ultra and it's roaming without a problem.
Unfortunately I don't have any iPhone to test... Maybe it's OS problem ?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Nov 08, 2023 10:29 pm
by gotsprings
People are still using androids??
img_1_1698111777047~2.jpg
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Nov 11, 2023 5:26 pm
by kravemir
We are all becoming androids
Not everyone desires to sell their soul to apple. Android asks for lesser portion of soul, than Apple. So, a better choice.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Nov 13, 2023 5:52 am
by Kaldek
Given the amount of yelling Mikrotik users have been doing about the previous lack of 802.11r, check out this stat from the recent Wireless LAN Professionals conference in Prague. This is from a Cisco employee directly:
Of 8.7 million known SSIDS on Meraki gear, only 1.45% have enabled 802.11r.
Screenshot 2023-11-13 144824.png
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Nov 23, 2023 4:47 am
by User4011
@kravenmir,
Also interested in anav's request below:
Can you draw a network diagram to see what is connected to what.
What is your main router
Does it run capsman
What is the difference in wifiwave2 setup on main router (running capsman) and the other devices?
Can you provide /exports of all the MT wifi devices......
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Nov 23, 2023 4:53 am
by chechito
Given the amount of yelling Mikrotik users have been doing about the previous lack of 802.11r, check out this stat from the recent Wireless LAN Professionals conference in Prague. This is from a Cisco employee directly:
Of 8.7 million known SSIDS on Meraki gear, only 1.45% have enabled 802.11r.
finally someone reasonable
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jan 15, 2024 5:23 pm
by tlamik
I am strugling with roaming on Mikrotiks. I have five cAP ax, on one of them I setup CAPSMAN, everything seems to work nice. But I noticed from log that only 2 devices doing roaming (Samsung S10 and Samsung S22). So I uncheck WPA3 and used only WPA2 (according to advice). Now all mobile phones doing roaming well. But none of windows laptops. Is it normal behavior ? All kind of mobile types are OK, but none laptops ? Do I need setup something in windows registry ?
Thanks
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jan 15, 2024 7:14 pm
by holvoetn
Try Forget network and then connect again.
You should not change anything on the laptops, at least I didn't have to.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jan 15, 2024 8:10 pm
by andriys
Windows only supports FT over the networks with 802.1X (i.e. when using WAPx EAP), it does not work in open networks or networks with WAPx PSK. That does not mean Windows laptops does not roam at all, it just meas Fast BSS Transition is not supported in those cases.
When using the new CAPsMAN, however, I used to struggle with a couple of Windows laptops that were stuck on one AP and refused to roam even when the signal was dropping way below acceptable level, no matter if FT was enabled or not. This has been fixed for me with the following setting (follow
this link if you need some explanation):
set ... security.connect-priority=0/1
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Tue Jan 16, 2024 11:38 am
by S8T8
@andriys, I was interested in testing suggestion by @whatever about connect-priority=0/1 but I wonder how this affect connect-group and security (this was implemented to prevent MacStealer attack), connect-priority=0/1 should allow duplicate MAC addresses to be connected at the same time.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Tue Jan 16, 2024 11:41 am
by rextended
Given the amount of yelling Mikrotik users have been doing about the previous lack of 802.11r, check out this stat from the recent Wireless LAN Professionals conference in Prague. This is from a Cisco employee directly:
Of 8.7 million known SSIDS on Meraki gear, only 1.45% have enabled 802.11r.
finally someone reasonable
Remember that
only those who are dissatisfied for some reason
write to us on the forum,
not those who are happy, who don't give a damn about coming here to say thank you...
Instead, obviously, we only read the posts of those who complain....
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Tue Jan 16, 2024 11:51 am
by andriys
@S8T8 Whatever you set the connect-priority to, the duplicate MAC addresses should not be allowed withing the same connect-group. But you are probably correct in your assumption that the connect-priority=0/1 setting is less secure than whatever the default setting is. Please note that the 'MacStealer' attack assumes that the attacker is already authenticated in your network, so it is up to you to decide whether this setting is acceptable to you in your specific use case.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 19, 2024 8:01 am
by tlamik
Well, I did 2 changes, I installed wifi driver from my wifi card's vendor (not M$ drivers) and did setup connect-priority=0/1 and seems to working on my laptop. On others computers I can see they sometimes roamed, but not so often as my laptop, they mostly disconnected/connected. I read that some of wifi adapters not support 802.11r/k/v.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 19, 2024 2:58 pm
by gotsprings
not those who are happy, who don't give a damn about coming here to say thank you...
Instead, obviously, we only read the posts of those who complain....
Uhh... No.
Mikrotik has some serious apologists around here.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 26, 2024 4:16 pm
by ips
I tried to setup fast roaming (I'm on 7.13.3) and I have a strange behaviour: my Android phone successfully roams, but after exactly 10s it disconnects from the new AP and reconnects in a couple of seconds. Any idea?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 26, 2024 4:23 pm
by infabo
roams from/to? config?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 26, 2024 4:44 pm
by ips
From hapax3 to hap ax lite.
Config hapax3 (capsman):
# 2024-01-26 15:33:59 by RouterOS 7.13.3
#
# model = C53UiG+5HPaxD2HPaxD
/interface bridge
add arp=proxy-arp name=bridge
/interface ethernet
set [ find default-name=ether1 ] poe-out=off
/interface wireguard
add listen-port=PORT mtu=1420 name=wireguard1
/interface vlan
add interface=ether1 name=vlan835-TIM vlan-id=835
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan835-TIM name=#####
/interface list
add name=WAN
add name=LAN
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk connect-priority=0/1 disabled=no ft=yes ft-over-ds=yes name=wifisec_FT wps=disable
/interface wifi configuration
add channel.band=2ghz-n .width=20mhz country=Italy datapath=datapath1 disabled=no mode=ap name=wificonf_FT security=wifisec_FT ssid=ssid24
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ac .frequency=5170-5250 .skip-dfs-channels=all .width=20/40mhz-Ce configuration=wificonf_FT configuration.mode=ap .ssid=ssid5 disabled=no
set [ find default-name=wifi2 ] configuration=wificonf_FT configuration.mode=ap disabled=no
/ip pool
add name=default-dhcp ranges=192.168.1.200-192.168.1.222
/ip dhcp-server
add add-arp=yes address-pool=default-dhcp interface=bridge lease-time=3d name=dhcp_server1
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge disabled=yes interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge list=LAN
add interface=pppoe-TIM-out list=WAN
add interface=wireguard1 list=LAN
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=bridge require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=wificonf_FT name-format=wifi%I slave-configurations=""
/interface wireguard peers
## edited
/ip address
add address=192.168.1.2/24 interface=bridge network=192.168.1.0
add address=192.168.1.224/28 interface=wireguard1 network=192.168.1.224
/ip cloud
set ddns-enabled=yes update-time=no
/ip dhcp-server config
set accounting=no store-leases-disk=never
/ip dhcp-server lease
## edited
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.2 domain=home.arpa gateway=192.168.1.2
/ip dns
set allow-remote-requests=yes doh-max-server-connections=10 doh-timeout=10s max-concurrent-queries=200 max-concurrent-tcp-sessions=40 query-server-timeout=5s use-doh-server=edited verify-doh-cert=yes
/ip dns static
add address=45.90.28.0 disabled=yes name=dns.nextdns.io
add address=45.90.30.0 disabled=yes name=dns.nextdns.io
add address=2a07:a8c0:: disabled=yes name=dns.nextdns.io type=AAAA
add address=2a07:a8c1:: disabled=yes name=dns.nextdns.io type=AAAA
add address=38.175.119.129 name=dns.nextdns.io
add address=178.255.155.63 name=dns.nextdns.io
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Allow WireGuard" dst-port=PORT in-interface-list=WAN protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Rome
/system identity
set name=hapax3
/system leds settings
set all-leds-off=after-1h
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=it.pool.ntp.org
add address=europe.pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool graphing
set store-every=24hours
/tool graphing interface
add allow-address=192.168.1.0/24
/tool graphing resource
add allow-address=192.168.1.0/24
/tool mac-server
set allowed-interface-list=LAN
Config hap ax lite:
# 2024-01-26 15:41:01 by RouterOS 7.13.3
#
# model = L41G-2axD
/interface bridge
add comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: ssid24, channel: 2462/n
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
/ipv6 settings
set disable-ipv6=yes
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Rome
/system identity
set name=hapaxlite
/system leds settings
set all-leds-off=after-1h
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=it.pool.ntp.org
add address=europe.pool.ntp.org
The smartphone is a Huawei P20
Thanks!
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 26, 2024 4:54 pm
by infabo
Thanks for sharing the config. But you did not say in which direction you have roaming issues. roaming from 5g to 2g and falling back to 5g after 10 secs? or the other way round? 2g to 5g and falling back to 2g again?
Or are you especially referring roaming on 2ghz from your your hap ax3 to hap lite ax?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 26, 2024 5:04 pm
by ips
I apologize: I separated the SSIDs of the two channels. So I have this issue while roaming from the 2.4GHz band of the hap ax3 to the 2.4GHz band of the hap ax lite. The phone roams from ax3 to ax lite -> after 10s, it disconnects from the hap ax lite -> after 2-3s it connects to the hap ax lite
Example:
15:33:32 wireless,info E4:XX@wifi2 roamed to E4:XX@wifihapaxlite, signal strength -47
15:33:42 wireless,info E4:XX@wifihapaxlite disconnected, connection lost, signal strength -39
15:33:45 wireless,info E4:XX@wifihapaxlite connected, signal strength -44
In some cases I also have:
15:33:45 dhcp,info dhcp deassigned 192.168.1.20 for E4:XX HUAWEI_P20
15:33:45 dhcp,info dhcp assigned 192.168.1.20 for E4:XX HUAWEI_P20
The same happens also in the other way (from hapaxlite to hapax3)
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 26, 2024 5:15 pm
by infabo
oh i'm sorry too, overlooked the different ssids. But this is indeed very strange. It may be because of your "connect-priority=0/1" setting that causes the "disconnect" entries. Try to unset and use the default (accept/hold equal)
/interface/wifi/security/unset value-name=connect-priority wifisec_FT
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Jan 26, 2024 10:16 pm
by ips
That was the original setting. Nonetheless, I tried to disable connect-priority, without any change. It still disconnect after 10s and it reconnects in a couple of seconds.
Does anybody know how to debug/collect additional information of what happen in those seconds?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Jan 27, 2024 9:17 am
by kravemir
The phone roams from ax3 to ax lite -> after 10s, it disconnects from the hap ax lite -> after 2-3s it connects to the hap ax lite
When phone roams is purely client's decision. The 10s number is quite good. The NetworkManager in Linux configures wpa_supplicant to quite bad values - to initiate roaming possibility discovery only when signal is very very bad.
The fact, that phone roamed successfully, but then disconnects and reconnects indicates, that you have L2 or L3 issues in your network.
Do you have RSTP enabled on all your routers and switches?
One device should have high bridge priority - I choose main/central/edge router to have the highest bridge priority (the lowest value = the highest priority) to ensure it becomes the root bridge.
As this requires troubleshooting your network/setup/devices, it's better to open a new thread than to hijack existing thread. It may be completely off topic. And, if it's resolved successful and there's something missing in this thread, then just add results to this thread.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Jan 27, 2024 10:38 am
by ips
Yes, you are right. I'll open a new thread and I will have a look at those points in the meanwhile.
Thanks.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Wed Jan 31, 2024 4:10 pm
by ips
I come back here to report of what happen when FT is disabled: basically roaming now works perfectly for different clients.
Another user reported that roaming works also when FT is disabled (and that disabling FT fixed a problem of one of her/his iPhones).
For details:
viewtopic.php?t=203935
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu Feb 01, 2024 11:03 am
by infabo
I would like to see the hostname as it was in the legacy wireless registration table. This is a pita.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Mar 15, 2024 10:19 pm
by tinodj
- set ft=yes and ft-over-ds=yes in security profile to enable 802.11r fast BSS transitions (roaming),
Wondering why these parameters exist at two places - configuration and security. When enabled in security it works great, but when enabled in configuration then it makes troubles in stability and roaming does not work at all. Can anyone explain?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Mar 16, 2024 10:13 am
by whatever
Wondering why these parameters exist at two places - configuration and security.
Interface > Configuration > security profile
You can configure the parameters anywhere you like. Interface parameters overwrite everything else, if you are using a configuration profile you can overwrite specific settings of the referred security profile.
Contrary to your observations, the result will be the same in any case. It's only a matter of how you want to organize your configuration.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Mar 16, 2024 5:28 pm
by anav
Concur, the setup process and menu selections are not intuitive and its easy to get lost, ( especially how there are hidden defaults etc. )
I am not a fan of how they have chosen to give flexibility, or more accurately how clear it is to the admin, what is actually configured.
Dont feel bad, you are not alone, all these so called wifi experts dont have a clue about proper MMI.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Mar 16, 2024 5:36 pm
by infabo
easy, /interface/wifi/actual-configuration print
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Mar 16, 2024 7:50 pm
by tinodj
Wondering why these parameters exist at two places - configuration and security.
Interface > Configuration > security profile
You can configure the parameters anywhere you like. Interface parameters overwrite everything else, if you are using a configuration profile you can overwrite specific settings of the referred security profile.
Contrary to your observations, the result will be the same in any case. It's only a matter of how you want to organize your configuration.
Well, using capsman, when I enable FT on configuration (which there is not shown under security at least in webfig not) while having selected in security some already predefined security profile, it does not work. However, when I go in the security profile and define FT there then it works.
Maybe it is just unintuitive and maybe FT in configuration should be under security, and probably once you have security profile defined there in configuration then whet is under FT in configuration is not taken in account, it is rewritten by the security profile chosen.
But of course I am not alone on this one, just found this:
viewtopic.php?p=993564#p993564
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Mar 16, 2024 10:56 pm
by infabo
time to show off....your configuration. all speculation
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Sat Mar 16, 2024 11:32 pm
by whatever
let me rephrase that: The result _should_ be the same.
It it isn't, you may want to report a bug to Mikrotik support.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu May 30, 2024 9:12 am
by Strykar
Does the Cap AX support 802.11v? Thought it did only 802.11k/r
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu May 30, 2024 9:39 am
by holvoetn
Does the Cap AX support 802.11v? Thought it did only 802.11k/r
See Help pages.
https://help.mikrotik.com/docs/display/ROS/WiFi
Benefits
WPA3 authentication and OWE (opportunistic wireless encryption)
802.11w standard management frame protection
802.11r/k/v
MU-MIMO and beamforming
400Mb/s maximum data rate in the 2.4GHz band for IPQ4019 interfaces
These benefits apply both to the wifi-qcom and wifi-qcom-ac packages.
So not only AX, also for AC devices capable of using wave2 package.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu May 30, 2024 10:58 am
by gavopp
Guys i really deeply read this post again and again.
I have all set properly i think using this post and also check it in docs...
BUT my main issue with APs is switching clients from AP to another AP.
There is about 20 metters between my 2 APs.
And my goal is use maximum speed possible so i want to have "closest AP connected"
But when i connect my laptop (macbook pro m2) at one position and "walk towards" the second AP i slowly getting worse bandwidth and when i m 1m from second AP i still have 48mbit bandwidt so i think i m still connected to the first AP.
Why?
I can see roaming messages in my logs just from 2g and 5g bands at the same AP (same MAC address in log).. so i disabled 2g entirely to "force" and test this behavior on 5G...
So my laptop is locked to the first AP and no way to du "seamless" transition between to APs.
Note:
In OLD Wireless package i have achieved this by disabling som MCS codes (like disablin all MCS bellow 80mbit for 5g) and leave antena gain and access via signal power untouched and this works perfectly for my old wireless package. Now i m on Wifi (7.14.2 ...not wifiWave2 anymore) but i can get this done.
All my CAPs are capsman managed from one of the APs.
THANK YOUI for help.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu May 30, 2024 1:12 pm
by anav
let me rephrase that: The result _should_ be the same.
It it isn't, you may want to report a bug to Mikrotik support.
The design and implementation is a bug.
When I look at capsman configuration, it looks like a nuclear explosion and completely consumes any config, like japanese knotweed.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Thu May 30, 2024 1:21 pm
by holvoetn
The design and implementation is a bug.
When I look at capsman configuration, it looks like a nuclear explosion and completely consumes any config, like japanese knotweed.
Ah yes, you explained it earlier ... you don't move away from your chair so you don't need it
In all seriousness ... what's the added value of your comment here ?
Have you ever used capsman ? Legacy and wave2 versions ?
@gavopp:
best to open new topic, describe your setup and provide exports of controller and 2 APs.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jun 10, 2024 5:26 pm
by miklin
Is fast roaming (ft=yes) supposed to work between 2.4 and 5GHz with different SSIDs and different vlans ?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jun 10, 2024 5:45 pm
by neki
Is fast roaming (ft=yes) supposed to work between 2.4 and 5GHz with different SSIDs and different vlans ?
No, it is supposed to work with different radios with same SSID. It is part of security for each SSID like password.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jun 10, 2024 5:56 pm
by miklin
Is fast roaming (ft=yes) supposed to work between 2.4 and 5GHz with different SSIDs and different vlans ?
No, it is supposed to work with different radios with same SSID. It is part of security for each SSID like password.
I am confused because of
https://www.youtube.com/watch?v=vkWPlsuyuKE (check 1:50). It should work with standalone AP between local wireless interfaces, but nothing about different vlans.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jun 10, 2024 6:17 pm
by neki
Can you have multiple VLANs for one SSID? (...basic setup, no RADIUS)
One divice (AP) can have multiple radios (2Ghz, 5Ghz)... FT works between different radios...
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Mon Jun 10, 2024 6:33 pm
by holvoetn
Can you have multiple VLANs for one SSID? (...basic setup, no RADIUS)
Theoretically you can. But it wouldn't be wise to do so.
One divice (AP) can have multiple radios (2Ghz, 5Ghz)... FT works between different radios...
For FT to work, radios need to be controlled by the same INSTANCE and have the same SSID (which defines steering group).
At its most basic level, that's 1 AP with 2.4GHz radio and 5GHz radio.
More complex is capsman setup controlling multiple APs.
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Oct 18, 2024 11:32 am
by gutekpl
Is it possible for that to work on hAP AC2 + few cAP AC?
Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Posted: Fri Oct 18, 2024 12:47 pm
by neki
Yes, but you must use wifi-qcom-ac package, in case of CAPsMAN that also means that you must then use WiFi CAPsMAN instead of Wireless CAPsMAN.