Fast Roam feature on WiNG architecture and connection problems

[andrew.pengelly]

We have been experiencing connection problems with MC9190 MU's on a Motorola RFS7000 controlled network running WPA and WPA2.  After lots of discussion with Motorola support and getting no useful answers we diswcovered during our own testing that the Fast Roam feature appears to be the cause of our problem. 

In our situation the connection problem occurs if we power down the MC9190 (eg replace battery).  When the MC9190 is powered on again the Fast Roam feature tells the MC9190 that they are connected however the connection does not appear to get past the WPA key stage and as a result no IP address is allocated. Our belief is that during the MC9190 power off the WPA keys get out of sync with the network.  Testing has shown that turning off Fast Roaming appears to resolve the problem but I'm keen to hear of other peoples experience with this.

Interestingly enough Fast Roaming does not affect older MC9060s and is not a problem when using WEP.

[hchen01]

I was told that there was a fast roaming patch for MC9190, if you haven't got it, please ask Motorola support.

If you have already installed the patch, would you please let us know the version of RFS7000 and the version of the Fusion on the MC9190?

[andrew.pengelly]

I'm keen to hear more about the fast roaming patch for the MC9190 as I don't recall seeing anything like this on their support web site and their support team have not mentioned it so far.  Hardware mix is ..

MC9190s CE 6.0 OEM version 02.32.0004 running Fusion 3.00.2.0.025R  (latest version), also tried 3.00.2.0.019R.
RFS7000 version 5.2.13.0-015R

We have replicated the fault on an RFS6000 with the same firmware.

[hchen01]

If you can do a test, please use only WPA2 / only WPA to test the fast roaming seperately.

[andrew.pengelly]

I'm not quite sure what you mean however I can report that we have tried ...

WiFi with Open Network or WEP - all works 100%
WiFi with WPA/WPA2 turned off - all works 100%
WiFi with WPA2 turned on and Fast Roaming turned off - all works 100%
WiFi with WPA2 turned on and Fast Roaming turned on - MC9190 will not connect to network after a power cycle.

So is definitely a WPA/WPA2 problem and on the face of it appears connected to Fast Roaming

The Fusion log will show the message Authentication not required, Connected to Network however it does not manage to get an IP address.  If we turn off Fast Roaming the Fusion log will sayNegotiating keys, Connected to network  See below.

Fusion log with Fats Roaming turned off
08:09:24  Renewing IP address.
08:09:39  Renewing IP address.
08:09:54  Renewing IP address.
08:10:22  Associated with b4:c7:99:19:f3:20
08:10:22  Negotiating keys.
08:10:22  Connected to network.
08:10:26  IP Address: 172.28.17.181

Fusion log with Fast Roaming turned on
07:59:55  Unbinding adapter.
08:00:05  Binding adapter.
08:00:05  Disabling IPv6.
08:00:06  Regulatory table downloaded to radio.
08:00:06  Enabling 802.11d.
08:00:09  Country code acquired: NZ
08:00:09  Using profile: PDT_****
08:00:09  Setting SSID: ************
08:00:11  Associated with b4:c7:99:19:f3:27
08:00:11  Authentication not required.
08:00:11  Connected to network.
08:00:26  Renewing IP address.
08:00:41  Renewing IP address.
08:00:56  Renewing IP address.
08:01:11  Renewing IP address.

We have passed our latest findings over to Motorola Support and eagerly anticipate their response.

[hchen01]

If you haven't applied "Disable_WMM_U-APSD.reg"

please tried to install it(create a new .txt file including the below text and rename it to .reg):

[HKEY_LOCAL_MACHINE\Comm\JEDI10_1\Parms]
"APSDConfiguration"=dword:0
"CCXParams"=dword:00000005

[andrew.pengelly]

Well Moto support have come back and it appears (yet to be fully tested), that Fast Roaming is at the root of our problems.  Apprently this should be turned off UNLESS you are also using 802.1x.  We have turned off fast roaming and the results are positive at this stage.

So from the manual ..

Define the Fast Roaming configuration used only with 802.1x EAP-WPA/WPA2 authentication.
 
NOTE: Fast Roaming is available only when the authentication is EAP or EAP-PSK and the selected encryption is either WPA/WPA2-TKIP or WPA-CCMP.
 
Using 802.11i can speed up the roaming process from one access point to another. Instead of doing a complete 802.1x authentication each time a client roams between access points, 802.11i allows a client to re-use previous PMK authentication credentials and perform a four-way handshake. This speeds up the roaming process. In addition to reusing PMKs on previously visited access points, Opportunistic Key Caching allows multiple access points to share PMKs amongst themselves. This allows a client to roam to an access point it has not previously visited and reuse a PMK from another access point to skip 802.1x authentication.

[hchen01]

Thanks for sharing