Now various wireless devices are gaining popularity, for which high-speed network access is possible only through WiFi. These are Ipad / Iphone, and other mobile gadgets. When you want to organize WiFi access in an area of ​​30 sq. m., then installing a regular Dlink for 1200 rubles will solve all your problems, but if you have an area> 500 sq. m. and this is only one floor, this solution will not work. If you use ordinary access points or routers, then each router will have its own network name (unique SSID) or routers will need to be spaced far away so that coverage areas do not overlap, and this will lead to areas with very poor reception quality, or, in general, absent signal. About six months ago, I ran into the same problem, the solution was found quickly enough - UniFi.

An example of a WiFi UniFi installation in a multi-building car wash.

UniFi Provides Wireless Coverage to California's Arcadia School District (translation).

UniFi Provides Wireless Access to Upscale Hotels in Peru (translation).

Features of UniFi WiFi points:

One network for all WiFi points.

Attractive design.

Easy installation, PoE.

Display coverage area and location of access points on the admin display.

Centralized management of the wireless network.

Guest networks, no LAN access.

Create temporary passwords for guest users.

Automatic software updates on access points.

High scalability: up to 100 or more points.

Multiple wireless networks with differentiation of access rights.

Separation of network user traffic by VLAN.

Fast intranet roaming when switching between access points.

Tracking user traffic, identifying sources of increased network load.

Large coverage area.

Ability to generate one-time temporary passwords (relevant for public places: hotels, cafes, etc.)

Connecting points in repeater mode.

An overview of the capabilities of the UniFi Controller is here.

Implementation of Ubiquity WiFi in Peru hotels here (translation).

Hardware controller for Ubiquiti UniFi. UniFi Cloud Key.

How it looks in practice:

A software controller is installed on one of the network computers, on which all wireless network settings are made.

Through this controller, all settings of the points and network parameters are subsequently made. Below are a couple of screenshots of settings and appearance.

This is a plan of the building showing the locations of the points.

Setting up a guest network without access to corporate resources.

Monitoring of active clients.

Access point monitoring.

View from above.

The installation and configuration process is extremely simple:

1. Place points and connect them to the local network, UniFi supports PoE so that you only need an ethernet socket to connect them.

2. Install the software controller on any network computer, configure the WiFi network parameters, initialize the points, after initialization the settings from the controller will be applied on the point, and the point will be ready for operation. Even when the controller is turned off, the settings on the points are saved.

In this article, we will learn how to create a single seamless WiFi network on routers MikroTik / Mikrotik. Where can it be useful? For example, in various cafes or hotels, where one wi-fi router is not enough to cover all the rooms and access the Internet, and with a large number of access points, various kinds of problems constantly arise: the connection is constantly lost on laptops, and mobile devices do not switch on their own to nearest access point.

The solution to this situation is seamless WiFi network roaming or handover, which we can get thanks to the CapsMan functionality from several Mikrotik routers, one of which will be a WiFi controller, and the rest will be access points controlled by this controller.

The first thing to do is to update to the latest software version. The firmware can be downloaded from the official website. Next, going into the MikroTik interface, drag it to the Files section and reboot the router. Along with the firmware, you also need to download the Wireless CAPs MAN package, drag it to the same place and reboot. After the actions taken, you can proceed to the configuration.

Let's start with the controller. Open the CAPsMAN section by pressing the corresponding button in the main menu. In the Interfaces tab, click the Manager button (turn on the controller mode) and in the window that appears, check the Enable checkbox, save OK. After that, go to the Configurations tab.

The configuration settings will apply to all access points connected to the controller. Click the blue cross and in the Wireless tab specify the configuration name (3), wireless network mode (4), network name (5), and also turn on all wireless antennas for reception and transmission (6), save (7) and go to the Channel tab .

Here we indicate the frequency (2), the broadcast format of the wireless network (3) and the channel (4). We save (5) and go to the Datapath tab.

Here we only need to check the Local Forwarding checkbox - this will transfer traffic control to access points. It remains to fill in the last tab Security.

In the security section, select the type of authentication, encryption method and password for the wireless network, click OK.

After we have created the configuration, we move on to the next step - deployment. In the same CAPsMAN section, select the Provisioning tab (1) and click the blue cross. The Radio MAC (2) field allows you to select a specific access point to which our deployment will refer. We leave it by default so that the deployment applies to all access points. In the next Action (3) field, select createdynamicenabled, since we have a dynamic interface. In Master Configuration (4) we specify the name of the configuration created above.

With the CAPsMAN section finished, go to the Wireless section (1). In the Interfaces tab, click the CAP (3) button, check the Enabled (4) checkbox, select the wlan1 interface and specify the ip-address of our main router, which is also a controller.

If we did everything correctly, then two red lines will appear in the Interfaces tab, which indicate that the wi-fi adapter has connected to the controller and adopted all the necessary settings.

This completes the configuration of the main router-controller, and this network can be used to create a telephone network and connect to an office PBX

Setting up access points that will connect to the controller via an Ethernet cable is quite simple. They also need to be flashed to the latest version and installed CAPs MAN. Next, we combine all the ports and the wi-fi interface into one Bridge in the section of the same name.

The next step in the Wireless section is the same as on the controller, except that instead of the IP address in CAPs MAN Addresses, we indicate the Bridge created on the access point in the Discovery Interfaces field. After the manipulations have been done, the access point will receive the settings from the controller and will distribute wi-fi (the same two red lines should appear in the Interfaces tab).

A new version of the OS 2.13.C0 operating system was released on 09/20/2018. This version adds support for IEEE 802.11k / 802.11r standards in manual configuration mode.

Thanks to the new mechanism "Seamless Wi-Fi Roaming" switching from one access point to another on a mobile phone, instead of five seconds, is now only 100 ms. With seamless roaming, clients connected via Wi-Fi, when moving from the coverage area of ​​​​one kinetic router to another, will not notice how quickly the switching between devices takes place. Thus, even Voice over Wi-Fi telephone conversations will be uninterrupted.

How does seamless roaming for Wi-Fi Keenetic work?

As it was before?

In a large room, for example, in a country house or a two-story apartment, two devices are installed. On the first floor, there is an Internet center, the second device on the top floor is connected to the first cable and operates in the "access point" mode. If the user wants to communicate via video communication, for example, in Skype, while moving from the first floor to the second, at some point he will leave the coverage area of ​​​​the first device and, accordingly, disconnect from the WiFi network.

Even if your smartphone of the latest model, knowing the network of the second device, connects to it in just seconds, the skype call will still be interrupted. The same will happen if you download files or send them. In any case, the action will be interrupted due to reconnection to the Wi-Fi network and a short pause in the data exchange.

As it is now?

Keenetic 802.11k/r seamless roaming allows you to avoid completely reconnecting the device in two steps. When using the 802.11k communication standard, the client device does not spend time completely scanning the air and searching for access points, the device knows in advance which networks are preferable. Thanks to the 802.11r communication standard, the authentication time in the new network is greatly reduced. As a result, the process of reconnecting to the network is reduced to one hundred microseconds, which is not at all noticeable to the user.

This seamless connectivity is especially relevant to ensure a stable connection in IP telephony.

What devices support seamless Wi-Fi?

"Seamless Wi-Fi roaming" is supported by all models of Keenetic routers (dual-band and single-band), all devices for which a new version of the Keenetic OS 2.13 operating system has been released. These include all kinetics of the previous and latest generation, most of those that are on sale.

How to set up Keenetic seamless roaming?

A detailed setup guide can be found in Keenetic database . Here we will focus only on the main points:

Easy to set up Keenetic seamless roaming for the main segment "Home network" can be done using the web interface. To set up the same options for "Gbackbone network» or other arbitrary segments, you must resort to the command line;

On dual-band kinetics, both one network and both 2.4 and 5 GHz Wi-Fi networks can be enabled with the same settings (name, key, work schedule);

IDs for one segment must be the same across all devices;

The keys and SSID of the mobile domain must be the same.

You can configure the kinetics via the web interface only if it works in the "Basic" or "Access Point" modes. For the “Amplifier” mode, setting is possible only using the command line.

Which clients support seamless Wi-Fi roaming?

Smartphones and tablets must also support seamless Wi-Fi roaming according to IEEE 802.11k/r standards. You can find out exactly whether a particular model supports this standard in the technical documentation from the manufacturer. Note that most modern Apple and Samsung devices support this standard.

802.11R. Rapidswitching between points (handover)

Many Wi-Fi manufacturers promise seamless switching between access points using their "genius" proprietary protocol.

Despite beautiful promises, in practice, delays in switching (handover) can be significantly more than the declared 50-100 ms (switching can take up to 10 seconds when using the WPA2-Enterprise protocol). The fact is that the decision to move to another access point is always made by the client equipment. Those. Your smartphone, laptop or tablet decides for itself when to switch and how to do it.

Often, proprietary protocols from well-known Wi-Fi manufacturers are based on forced deauthentication of the device when the signal quality deteriorates. Sometimes in the settings of a Wi-Fi point, you can set "roaming aggressiveness" - the minimum signal value at which the device will be "thrown" from the network. Often, client equipment reacts incorrectly to such a “kick in the ass”. The TCP session is terminated, the download of files stops. The connection to the mail server, virtual machine is interrupted. Connecting to the SIP server requires re-authentication.

Quite often, the client device, instead of connecting to a neighboring point with a better signal ( encourages this decisionWiFicontroller) tries unsuccessfully to reconnect to the old point. Even worse, if the device tries to hook onto another network from the list of saved ones (for example, a guest network).

But even if the switching process goes according to plan, it takes a significant amount of time to re-key exchange (EAP) and authorization on the Radius server (WPA-2 Enterprise).

To solve these problems, the Wi-Fi Association developed the 802.11R protocol. Currently, most mobile devices support it (Apple since iPhone 4S, Samsung Galaxy S4, Sony Xperia Z5 Compact, BlackBerry Passport Silver Edition,...)

The essence of 802.11R is that the mobile device knows its own and other people's points by the mobile domain membership signal (MDIE). This signal is added to the beacon signal (SSID beacon).

If your iPhone has seen a point from its mobile domain with the best signal/noise level, it performs preliminary authorization with another point of the mobile domain before starting the switching procedure on the existing "thread".

Secondly, authorization follows a simplified scenario - instead of a long authorization on the Radius server, the client device exchanges a PMK-R1 key with the Wi-Fi controller. (The original key PMK-R0 is transmitted only during primary authentication and is stored in the memory of the Wi-Fi controller).

At the moment when another point "retroactively" authorized the device, the actual handover occurs. Reconfiguring the frequency and channel in the smartphone takes no more than 50 milliseconds. In most cases, it goes completely unnoticed by the user.

When choosing a solution for an office Wi-Fi network, pay attention to whether the selected equipment supports the open roaming protocol 802.11R, which is understandable for client devices. For example, Edimax Pro equipment fully supports this protocol, so there are no problems with roaming in most cases. However, if your device is old and does not understand the 802.11R protocol, it is possible to adjust the aggressiveness of roaming based on the signal falling below the threshold - as other Wi-Fi manufacturers do, presenting it as an "innovative solution".

802.11 K.Wireless Load Balancing

In addition to roaming problems, often corporate users have to deal with congestion on one access point. In the classic Wi-Fi implementation, all devices tend to connect to the access point with the best signal. Sometimes, as a result of the incorrect location of the point (radio planning error), all “office residents” are registered at one point, and the rest “rest”.

Due to uneven load, the speed of the local network drops dramatically, since the radio air is one big “hub”, where devices “talk in turn”.

To smooth out unevenness and optimal distribution of users between points operating on different radio channels, the 802.11K protocol was developed.

802.11K works in conjunction with 802.11R (as a rule, devices that support the “R” standard also support the “K” standard).

If the mobile device "sees" the beacon signal from other points in the same mobile domain, the device sends a broadcast request "Radio Measurement Request frame", in which it requests information about the current state of other access points within the visibility zone:

number of registered users

average channel speed (number of transmitted packets)

how many bytes were transferred in a certain time interval

In the extended specification of the standard, the client's smartphone can query the link status of other mobile devices connected to a potentially interesting access point that support the 802.11K standard. Devices respond not only about real statistics, but also about the state of the signal / noise.

Thus, if your smartphone sees 2 or more points within the same mobile domain, it will choose a point not with the best signal, but a point that will provide a faster connection to the local network (less loaded).

The reception conditions, the number of users and the load on the point can change dynamically, but using the 802.11K and 802.11R protocols, devices will seamlessly switch and the load on the network will always be evenly distributed.

Many vendors using proprietary protocols implement something similar to 802.11K, when an "overloaded" point forcibly disconnects clients with worse reception conditions or limits the maximum number of simultaneously registered devices and disables registration if the number of clients exceeds the allowable limits. These proprietary protocols are not as efficient, but still keep the Wi-Fi network from completely collapsing.

How to save money on radio planning thanks to802.11K

The use of equipment that supports the 802.11R and 802.11K protocols partly corrects the errors made during radio planning. Dynamic protocols with roaming support prevent overloads of individual points and distribute the load between points evenly across the network.

The WiFi-solutions team recommends always doing radio planning, but sometimes in small networks, you can dot it randomly. Dynamic protocols will improve the quality of Wi-Fi and load distribution between the channels of neighboring points.

The use of dynamic protocols for seamless roaming can reduce overlap areas. Thus, it is possible to provide high-quality coverage with a smaller number of points. Savings on equipment - up to 25%.

I need advice. Contact me.