Candela Technologies Logo
Network Testing and Emulation Solutions

LANforge WiFi Access Point Network with 802.11r

Goal: Configure four virtual APs in an 802.11r network to test fast transition (FT) clients.

Configure four virtual Access Points to use 802.11r with FT-EAP. This example uses a LANforge CT525 system but a similar procedure will work on all multi-radio systems.

The wifi clients under test are also 802.11r enabled so that they can initiate FT Requests and roam. Here we are using another LANforge WiFire as the system under test to emulate 802.11r stations and force them to roam.

In LANforge, each virtual access point will be running its own hostapd process configured to enable 802.11r and bridged to other virtual access points. The bridged VAP network will emulate the Distributed System (DS) for FT over-the-DS roaming.

 
  1. Setup a virtual access points on a wifi NIC and configure it for a channel and SSID.
    1. Go to the Port Mgr tab, select the parent device such as wiphy0, select Create, then fill out appropriate information and create a virtual access point. screenshot
    2. Modify the new vap, select the Advanced Configuration tab in the Port-Modify window and check the box Advanced/802.1x and fill in the RADIUS IP/Port/Secret. Here the RADIUS server will be a freeradius process configured on localhost. The default RADIUS secret is lanforge and the default login is testuser/testpasswd when freeradius is installed via lf_kinstall.pl --do_radius. screenshot
    3. Repeat above steps A and B to create a single vap on wiphy1, wiphy2 and wiphy3 for a total of four virtual access points.


  2. Modify each vap, select the Custom Wifi tab and enter the additional lines that will be appended to each vap hostapd configuration file.
    1. For each vap, fill in the first 8 lines to enable 802.11r as well as the first part of the 3 r0kh entries and 3 r1kh entries for neighboring vap's.

      The first part of the r0kh is the neighboring vap MAC address and NAS identifier which in this example is the MAC without colon delimeters.

      The first part of the r1kh is the neighboring vap MAC address and r1kh-id which in this example are the same.




    2. Each vap will be represented by a corresponding r0kh and r1kh entry in all of the neighboring vap's custom configuration sections. Here vap0 entries are highlighted. screenshot
    3. Generate a unique 128-bit AES hex key for each r0kh entry in the vap. screenshot
    4. Copy the r0kh keys to the r1kh lines that correspond to the vap. screenshot
    5. Repeat steps C and D for the other three vap's.



      vap0: full hostapd configuration file
      vap1: full hostapd configuration file
      vap2: full hostapd configuration file
      vap3: full hostapd configuration file

    For more information see Two WiFi Access Point Network with 802.11r

  3. Create four bridge devices, one for each virtual access point.
    1. Go to the port manager tab, select Create, then select Bridge and enter Quantity 4 and a Bridge Name, then Apply to create the bridges. screenshot
    2. Modify each bridge device to add a vap. Netsmith will show a purple line when each vap has been added as bridge member. screenshot
    3. Add a single virtual router, drag br0 into the router, then give it an IP address and make it a DHCP server. screenshot

    For more information see Virtual Router with DHCP Cookbook (skip the wanlink portion)

  4. Each bridge will share a connection to a redirect device (rdd) pair so that FT messages can be sent and received.
    1. In Netsmith, right-click in a free area and select New Connection to create an rdd pair. Select Skip for Port 1-B, WanLink and Port 2-B then select OK. Select Netsmith Apply after creating the new connection. screenshot
    2. Right-click and select Modify Port br0, then add rddVR0 to br0. Your rddVRX numbering may differ depending on what other Netsmith objects are created. screenshot
    3. Right-click and select Modify Port br1, then add rddVR1 to br1. Your rddVRX numbering may differ depending on what other Netsmith objects are created. screenshot
    4. Create two more rdd pairs for bridges br2 and br3. screenshot
    5. Add rddVR2 and rddVR3 to bridge br0. screenshot
    6. The objects vap2/br2 and vap3/br3 can be moved so that their logical relationships can be visualized. Add rddVR3 to br2, then add rddVR5 to br3. screenshot
    7. The final Netsmith display should show all four of the bridged virtual access points connected by a rdd pair, with br0 as the central bridge. screenshot
  5. Connect LANforge clients and force them to roam from vap to vap. This can be accomplished with a wpa_cli command for one or two clients or the Mobility Plugin Script for many clients.
    1. Client connected to vap0 04:f0:21:b9:8f:00. screenshot
    2. Client roams to vap1 04:f0:21:69:91:03.

      screenshot
    3. Client roams to vap2 04:f0:21:33:28:06.

      screenshot
    4. Client roams to vap3 04:f0:21:b1:d7:0b.

      screenshot
    5. Client roams back to vap0 04:f0:21:b9:8f:00.

      screenshot

    For more information see Two WiFi Access Point Network with 802.11r


Candela  Technologies, 2417 Main Street, Suite 201, Ferndale, WA 98248, USA
www.candelatech.com | sales@candelatech.com | +1.360.380.1618
Facebook | LinkedIn | Blog