We deal with roaming technologies (Handover, Band steering, IEEE 802.11k, r, v) and conduct a couple of visual experiments demonstrating their work in practice.

Introduction

Wireless networks of the IEEE 802.11 standards group are developing extremely rapidly today, new technologies, new approaches and implementations are emerging. However, as the number of standards grows, it becomes more and more difficult to understand them. Today we will try to describe some of the most common technologies that are referred to as roaming (the procedure for reconnecting to wireless network) and see how it works seamless roaming on practice.

Handover or "client migration"

By connecting to the wireless network, the client device (whether a smartphone with Wi-Fi, a tablet, a laptop or a PC equipped with a wireless card) will support wireless connection if the signal parameters remain at an acceptable level. However, when the client device is moved, the signal from the access point with which the connection was originally established may weaken, which sooner or later will lead to a complete inability to transfer data. Having lost connection with the access point, the client equipment will select a new access point (of course, if it is within reach) and connect to it. This process is called handover. Formally, handover is a migration procedure between access points initiated and performed by the client itself (hand over - “transfer, give, yield”). V this case The SSIDs of the old and new points do not even have to match. Moreover, the client can fall into a completely different IP subnet.

To minimize the time spent on reconnecting the subscriber to media services, it is necessary to make changes both to the core wired infrastructure (make sure that the client does not change the external and internal IP addresses) and to the handover procedure described below.

Handover between access points:

1. Define a list of potential candidates (access points) for switching.
2. Set the CAC (Call Admission Control) status of the new access point.
3. Determine the moment to switch.
4. Switch to a new hotspot:

In IEEE 802.11 wireless networks, all switching decisions are made by the client side.

Source: frankandernest.com

Band steering

Band steering technology allows the wireless network infrastructure to change the client from one frequency band to another, usually it is a forced switching of the client from the 2.4 GHz band to the 5 GHz band. Although band steering is not directly related to roaming, we chose to mention it here anyway, as it is related to client device switching and is supported by all of our dual-band access points.

In which case it may be necessary to switch the client to another frequency range? For example, such a need may be associated with the transfer of a client from an overloaded 2.4 GHz band to a more free and high-speed 5 GHz. But there are other reasons as well.

It should be noted that at the moment there is no standard that strictly regulates the operation of the described technology, so each manufacturer implements it in its own way. However, the general idea remains roughly the same: access points do not announce the SSID in the 2.4 GHz band to the client performing an active scan if activity has been noticed for some time this client at 5 GHz. That is, access points, in fact, can simply remain silent about the presence of support for the 2.4 GHz band, if it was possible to establish the presence of support for the 5 GHz frequency by the client.

There are several modes of band steering operation:

1. Force connection. In this mode, in principle, the client is not informed about the presence of support for the 2.4 GHz band, of course, if the client has support for the 5 GHz frequency.
2. preferred connection. The client is forced to connect in the 5GHz band only if the RSSI (Received Signal Strength Indicator) is above a certain threshold, otherwise the client is allowed to connect to the 2.4GHz band.
3. Load balancing. Some of the clients that support both frequency bands connect to the 2.4 GHz network, and some to the 5 GHz network. This mode will not allow you to overload the 5 GHz band if all wireless clients support both frequency bands.

Of course, customers with support for only one frequency range will be able to connect to it without problems.

In the diagram below, we tried to graphically depict the essence of the band steering technology.

Technologies and standards

Let's return now to the process of switching between access points. In a standard situation, the client will maintain the existing association with the access point for as long as possible (as far as possible). Exactly as long as the signal level allows it. As soon as the situation arises that the client can no longer maintain the old association, the switching procedure described earlier will start. However, handover does not happen instantly, it usually takes more than 100 ms to complete it, and this is already a noticeable amount. There are several radio resource management standards working group IEEE 802.11 aimed at improving wireless network reconnect time: k, r, and v. In our Auranet line, 802.11k support is implemented on the CAP1200 access point, and in the Omada line, 802.11k and 802.11v protocols are implemented on the EAP225 and EAP225-Outdoor access points.

802.11k

This standard allows a wireless network to report to client devices a list of neighboring access points and channel numbers on which they operate. The generated list of neighboring points allows you to speed up the search for candidates for switching. If the signal of the current access point weakens (for example, the client moves away), the device will search for neighboring access points from this list.

802.11r

Version r of the standard defines the FT - Fast Transition (Fast Basic Service Set Transition) function, which allows you to speed up the client authentication procedure. FT can be used when switching a wireless client from one access point to another within the same network. Both authentication methods can be supported: PSK (Preshared Key) and IEEE 802.1X. Acceleration is carried out by saving encryption keys on all access points, that is, the client does not need to go through complete procedure authentication involving a remote server.

802.11v

This standard (Wireless Network Management) allows wireless clients to exchange service data to improve the overall performance of a wireless network. One of the most used options is BTM (BSS Transition Management).
Typically, a wireless client measures its connection to an access point to make a roaming decision. This means that the client has no information about what is happening with the access point itself: the number of connected clients, device loading, scheduled reboots, etc. Using BTM, the access point can send a request to the client to switch to another access point with the best conditions work, even with a few worst signal. Thus, the 802.11v standard is not directly aimed at speeding up the process of switching a client wireless device, however, in combination with 802.11k and 802.11r, it provides faster programs and improves the convenience of working with wireless Wi-Fi networks.

IEEE 802.11k in detail

The standard extends the capabilities of RRM (Radio Resource Management) and allows 11k-enabled wireless clients to query the network for a list of nearby access points that are potentially candidates for switching. The access point informs clients about 802.11k support using a special flag in the Beacon. The request is sent as a management frame called an action frame. The access point also responds with an action frame containing a list of neighboring points and their wireless channel numbers. The list itself is not stored on the controller, but is generated automatically upon request. It is also worth noting that this list depends on the location of the client and does not contain all possible access points of the wireless network, but only neighboring ones. That is, two wireless clients geographically located in different places will receive different lists of neighboring devices.

With such a list, the client device does not need to perform a scan (active or passive) of all wireless channels in the 2.4 and 5 GHz bands, which reduces the use of wireless channels, i.e. frees up additional bandwidth. Thus, 802.11k allows you to reduce the time spent by the client on switching, as well as improve the process of choosing an access point for connection. In addition, eliminating the need for additional scans extends the battery life of the wireless client. It is worth noting that access points operating in two bands can report information to the client about points from an adjacent frequency range.

We decided to demonstrate the work of IEEE 802.11k in our wireless equipment, for which we used the AC50 controller and CAP1200 access points. As a traffic source, we used one of the popular instant messengers with support for voice calls, running on Apple smartphone iPhone 8+ known to support 802.11k. The voice traffic profile is presented below.

As can be seen from the diagram, the codec used generates one voice packet every 10 ms. The noticeable spikes and dips in the graph are due to the slight latency variation (jitter) that is always present in Wi-Fi based wireless networks. We set up traffic mirroring on , to which both access points participating in the experiment are connected. Frames from one access point fell into one network card traffic collection systems, frames from the second to the second. In the resulting dumps, only voice traffic was selected. The switching delay can be considered as the time interval that has elapsed since the traffic was lost in one network interface, and until it appears on the second interface. Of course, the measurement accuracy cannot exceed 10 ms, which is due to the structure of the traffic itself.

So, without enabling support for the 802.11k standard, switching the wireless client took an average of 120 ms, while activating 802.11k made it possible to reduce this delay to 100 ms. Of course, we understand that although the switching delay has been reduced by 20%, it is still high. Further reduction in latency will be possible with the combined use of 11k, 11r and 11v standards, as already implemented in the home series of wireless equipment.

However, 802.11k has one more trick up its sleeve: the timing of the switch. This opportunity is not so obvious, so we would like to mention it separately, demonstrating its operation in real conditions. Typically, the wireless client waits until the last minute, keeping the existing association with the access point. And only when the characteristics of the wireless channel become very bad, the procedure for switching to a new access point starts. Using 802.11k, you can help the client with the switch, that is, offer to do it earlier, without waiting for significant signal degradation (of course, we are talking about a mobile client). Our next experiment is devoted to the moment of switching.

Qualitative experiment

Let's move from the sterile laboratory to the real object of the customer. Two access points with 10 dBm (10 mW) radiation power, a wireless controller, and the necessary supporting wired infrastructure were installed indoors. The scheme of premises and installation locations of access points are presented below.

The wireless client moved around the room making a video call. First, we disabled 802.11k support in the controller and set the places where the switch took place. As you can see from the picture below, this happened at a considerable distance from the "old" access point, near the "new" one; in these places, the signal became very weak, and the speed was barely enough to transmit video content. There were noticeable lags in voice and video when switching.

We then enabled 802.11k support and repeated the experiment. Now the switching happened earlier, in places where the signal from the "old" access point was still quite strong. There were no lags in the voice and video. The switching point has now moved to about the middle between access points.

In this experiment, we did not set ourselves the goal of elucidating any numerical characteristics of switching, but only qualitatively demonstrate the essence of the observed differences.

Conclusion

All described standards and technologies are designed to improve the customer's experience of using wireless networks, make it more comfortable, reduce the impact of annoying factors, increase overall performance wireless infrastructure. We hope that we were able to clearly demonstrate the benefits that users will receive after implementing these options in wireless networks.

Is it possible to live in the office without roaming in 2018? In our opinion, this is quite possible. But, having tried once to move between offices and floors without losing the connection, without having to re-establish a voice or video call, without being forced to repeatedly repeat what was said or ask again, it will no longer be realistic to refuse.

P.S. and this is how you can make seamlessness not in the office, but at home, which we will discuss in more detail in another article.

Seamless wifi roaming is an effective combination of several access points to a wireless Internet network into a continuous system controlled by their broadcasting by one central controller device. Properly installed and configured equipment allows you to use the global network in any area on a permanent basis without partial or complete signal interruption. Depending on the goals set, UmkaPro is always ready to design, purchase the necessary technical equipment, install and configure seamless Wi-Fi at any facility in Moscow.

Working principle of seamless WIFI

To cover a large area with access to the wireless Internet, you can install a large number of autonomous points. However, in this version, you will have to constantly switch, moving around the territory. This is not at all practical and inconvenient. It was to create a single network in which the signal is not lost when switching between access points, and seamless wifi roaming was developed.

The essence of his work is the simultaneous operation of several access points. At the same time, their broadcasting is controlled by one controller, which:

• monitors the load on each access point;
• adjusts the signal, as well as the bandwidth, depending on the number of users;
• guarantees high-speed roaming, through which you can freely move around the territory without interrupting data transmission. The controller constantly directs exactly to specific device signal from those access points that are closest.

What is seamless wifi built on

Years of work in this direction allow us to distinguish the following types of equipment, which is the most successful modern option for equipping private houses, offices, shopping malls and other types of facilities:

1. Seamless roaming wifi Mikrotik CAPsMAN is a very reliable and relatively inexpensive equipment option that can handle almost any task.
2. Seamless wifi roaming Ubiquiti UniFi is the most versatile, uninterrupted solution that provides a constant level of connection in any area.
3. Seamless Zyxel wifi roaming is a more expensive equipment option, which, in addition to the standard controller, is also represented by special access points with controller functions.

Regardless of the area of ​​the object being equipped, our company's specialists are always ready to design and install Ubiquiti, Zyxel or Mikrotik wifi roaming with high quality. Years of work in this direction allow us to guarantee the impeccable quality and efficiency of the installed system.

Introduction

As I said, I have on the subject of capsman settings in mikrotik. Nowadays, due to the speed of development information technologies information becomes outdated very quickly. And although the article is still relevant, it is regularly read and used, now there is something to add to it.

Came out a new version Technology Controlled Access Point system Manager (CAPsMAN) v2. I will tell you a little about her. In my work, I will rely on the experience of the previous article and on the official Manual: CAPsMAN from the website of the Mikrotik manufacturer.

I will have 2 RB951G-2HnD routers at my disposal, which are in accordance with my recommendations on this topic. I recommend, just in case, to familiarize yourself with them so that there is a general idea of ​​\u200b\u200bthe basic settings of routers. On one of these routers, I will configure the access point controller, I will connect the other to this controller. Both points form a single seamless wifi network with automatic switching customers to the nearest point.

An example of two access points will be enough for a general idea of ​​how the technology works. Further, this setting is linearly scaled by the required number of access points.

What is capsman v2

To begin with, I will tell you what capsman v2 is and how it differs from the first version. It should be said right away that there is no compatibility between the two versions. If you have a v2 controller, then only access points with the same version can connect to it. And vice versa - if you have v2 points, you will not be able to connect to the controller of the first version.

CAPsMAN v2 has a different package name in the system − wireless cm2. It has appeared in the system since RouterOS v6.22rc7. At previous version the name is wireless-fp, it appeared in version v6.11. If you don't have a new package, down to the latest one.

List of capsman v2 innovations:

• The ability to automatically update managed access points.
• The protocol for information exchange between the controller and access points has been improved.
• Added "Name Format" and "Name Prefix" fields in the Provision rules settings.
• Improved logging of client switching process from point to point.
• Added L2 Path MTU discovery.

If you already have capsman configured on your network, then the developers suggest the following way to upgrade your entire network to v2:

1. Set up a temporary capsman v2 controller on the source network.
2. You start gradually updating your managed access points to install the wireless-cm2 package in them. All updated access points will connect to the temporary controller.
3. After all managed access points have been upgraded to latest version, update the main capsman controller. After this happens, turn off the temporary controller.

There is an easier way if you are not critical of a simple network for a while. Simultaneously run the update on all routers - both on the controller and on the points. As soon as they update, everything will work on the new version.

I warn you right away if you have any questions on this topic. I haven't personally tested upgrading to v2, it wasn't necessary.

Setting up a wifi network controller

We pass from theory to practice. The first step is to configure the capsman controller before connecting access points to it. As I said, we update the system before this. We must have the package installed and activated wireless cm2.

To activate the wireless network controller function, go to the section CAPsMAN, click on Manager and check the box Enabled.

Before proceeding with the configuration, I will tell you a little about the principle of the system. The network configures the access point management controller. Separate wifi points are connected to it and receive settings from it. Each connected access point forms a virtual wifi interface on the controller. This allows standard means manage traffic on the controller.

Sets of settings on a controller can be combined into named configurations. This allows you to flexibly manage and assign different configurations to different points. For example, you can create a group with global settings for all access points, but individual points can be set additional settings, which will overwrite the global ones.

After the managed point connects to the network master, all local wireless settings on the client are no longer valid. They are replaced by capsman v2 settings.

Let's continue with the controller setup. Let's create a new radio channel and specify its parameters. Go to tab Channels, click on the plus sign and specify the parameters.

There is no drop-down list in the settings and this is inconvenient. You can peep the settings in the current wifi settings if it's already configured.

We continue the settings on the tab Datapaths. Click the plus sign and set the parameters.

A little delay on the parameter local forwarding. If it is enabled, then the access point itself manages all the traffic of the access point clients. And most of the datapath settings are not used, since the controller does not manage traffic. If this parameter is not set, then all traffic from clients goes to the network controller and is controlled there depending on the settings. If you need traffic between clients, then specify the Client To Client Forwarding parameter.

Let's move on to the security settings. Opening a tab Security cfg. and press the plus sign.

It's time to combine the previously created settings into a single configuration. There may be several such configurations. different settings. One example is enough. Go to tab Configurations and press the plus sign.

On the first Wireless tab, specify the configuration name, ap mode and the SSID name of the future seamless wifi network. On the remaining tabs, simply select the previously created settings.

The main settings of the capsman v2 mikrotik controller are finished. Now we need to create rules for distributing these settings. As I wrote earlier, different points can be given different configurations. The controller can identify access points by the following parameters:

• If certificates are used, then by the Common name field of the certificate.
• In other cases, use MAC addresses points in the format XX:XX:XX:XX:XX:XX

Since in my case I do not use certificates, let's create a settings distribution rule based on the MAC address. And since I have a single configuration for all points, then the distribution rule will be the simplest. Let's make it. Go to tab Provisioning and press the plus sign.

Description of Provisioning settings

Radio Mac	access point MAC address
hw. Supported Modes	I didn’t understand what it was for, the documentation is empty
Identity Regexp	there is nothing in the documentation either.
Common Name Regexp	and about it no
IP address ranges	and about this too
Action	selection of action with the radio interface after connection
Master Configuration	selection of the main configuration that will be applied to the created radio interface
Slave Configuration	secondary configuration, you can connect another config to clients
name format	defines the naming syntax for created CAP interfaces
Name Prefix	prefix for names of interfaces created by CAP

This completes the configuration of the capsman v2 controller, you can connect a wifi access point to it.

Connecting access points

My story involves two access points with addresses 192.168.1.1 (Mikrotik) and 192.168.1.3 (CAP-1) connected to each other via an ethernet cable. The first one is a controller, the second is a simple point. Both points see each other in local network. The Wifi interface of the controller, like a regular point, connects to capsman and takes settings from him. That is, the controller is both a controller and an ordinary access point. Even a combination of two points organizes a full-fledged seamless wifi network over the entire area covered by their radio modules.

Connection of CAP access points to the CAPsMAN controller is possible using two different protocols - Layer 2 or Layer 3. In the first case, access points must be physically located in one network segment (physical or virtual, if it is an L2 tunnel). It is not necessary to configure ip addressing in them, they will find the controller by MAC address.

In the second case, the connection will be via IP (UDP). It is necessary to configure IP addressing and organize the availability of access points and the controller by IP addresses.

First, let's connect a separate wifi point. We connect to it through winbox and go to the section Wireless. There we click on CAP and specify the settings.

In my case, I specified a specific controller IP, since ip addressing is configured. If you want to connect points to the controller via l2, then leave the field with the capsman address empty, and in Discovery Interfaces select the interface that is connected to the controller. If they are in the same physical network segment, then the point will automatically find the master.

Save the settings and check. If the access point connects to the controller correctly, then the following picture will appear on the point itself:

And on the controller in the list Interfaces The newly created radio interface of the connected access point will appear:

If your access point stubbornly does not connect to the controller and you can’t figure out what the problem is, then first of all check that you have wireless-cm2 packages activated on all devices. It turned out that after the update, the wireless-fp package was enabled on one of the points, instead of the required one. The access point did not want to connect to the controller in any way, which I just did not try. I also made it a controller, the other did not want to connect to it. I reset all settings, but that didn't help either. When I was completely desperate to solve the problem, I checked the version of the package and found that it was not the right one.

Now let's do the same on the mikrotik controller itself - connect its wifi interface to capsman v2. This is done in exactly the same way as we just did on a separate wifi point. After connecting, we look at the picture on the controller. It should be something like this:

Everything, the basic settings are finished. Now this configuration can be deployed further to new access points and cover a large area with a single seamless wifi network. All connected clients will be displayed on the tab Registration Table indicating the point to which they are connected.

Checking the operation of seamless wifi roaming

Now you can take an Android phone, put a program on it WiFi Analyzer and walk around the territory covered by wifi, test the signal strength, switch from point to point. Switching does not occur immediately, as soon as the signal of the new point is stronger than the previous one. If the difference is not very large, then switching to the new one will not occur. But as soon as the difference starts to be significant, the client jumps. This information can be observed on the controller.

After analyzing the coverage area, you can adjust the power of access points. Sometimes it can be useful to set different power at different points, depending on the layout of the premises. But in general, even in basic setting everything works quite stable and high quality. These Mikrotik models (RB951G-2HnD) can be connected and comfortably operated by 10-15 people. Further, there may be nuances depending on the load. I gave these figures from my examples of real work.

2 networks in capsman on the example of guest wifi

Consider, for example, one common situation that can be implemented using the capsman technology. We have configured a seamless wifi network with password authorization. We need to add another guest network to the same access points for open access. In single mikrotik this is done with Virtual AP. Let's do the same in capsman.

To do this, you need to add a new security setting. Let's go to Security cfg. and create a setting for access without a password. We call it open.

We create another configuration in which we leave all other settings the same, only change the SSID and security settings.

Go to tab Provisioning, open the previously created configuration and add it in the parameter Slave Configuration our second configuration we just made.

We save the changes. Here I waited a few seconds, the new setting did not spread to the points. I did not wait, I went to each point and reconnected it to the controller. Perhaps this was not necessary to do, but it was necessary to wait. I don't know, I did it the way it is. New setting spread and appeared at each access point new network type Virtual AP with an open wifi network.

I checked the work just in case - everything is in order. Connects clients to both networks at the same time and allows you to work.

For an example of how Virtual AP works in capsman, I considered the current situation. Here, guests of the guest network are connected to the same bridge and address space as users of the closed network. For good, you need to make additional settings:

1. Create on controller for open network a separate bridge, assign it your own subnet and address in it, add a second wlan interface to this bridge, which will appear after connecting to capsman with two configurations.
2. Set up a separate dhcp server on this subnet with distribution of addresses only from this subnet.
3. In the capsman settings in the datapath, create a separate configuration for the open network. Specify a new bridge in it and do not select the local forwarding parameter.
4. In the open network configuration, select a new datapath.

After that, all connected to an open wifi network will be sent to a separate bridge, where there will be its own dhcp server and an address space that is different from the main network. Don't forget to check the gateway settings in dhcp and server dns that you will pass on to clients.

capsman settings video

Conclusion

Let's summarize the work done. Using the example of two Mikrotik RB951G-2HnD access points, we set up seamless wifi roaming on the area covered by these points. This area is easily expanded with additional wifi hotspots any Mikrotik model. They do not have to be the same, as is, for example, implemented in some Zyxell configurations that I have configured.

In this example, I considered almost the simplest configuration, but at the same time I painted all the settings and the principle of operation. Based on these data, it is easy to create more complex configurations. There is no fundamental complication here. If you understand how it works, then you can already work further and make your own configurations.

Traffic from access points can be managed in the same way as from regular interfaces. All the basic functionality of the system works - firewall, routing, nat, etc. You can make bridges, share the address space, and much more. But it should be borne in mind that in this case, all traffic will go through the controller. You need to understand this and correctly calculate the performance and throughput of the network.

I remind you that this article is part of a single cycle of articles about.

Useful feedback about the work of capsman

A little useful information from reviews of the article from real users of capsman technology:

Vladimir, good article! A lot of useful letters! :) When setting up capsman at the enterprise, I referred to your article - I learned a lot, but changed it a little. The changes affected the “Channels” tab - removed the Frequency position. I would not recommend using the same frequency at all points, because nearby points begin to “choke” and, accordingly, connection breaks occur ... My users complained about low level signal when they are near the access point (and in fact they were connected to a point with a poor signal level) ... in order for users to “jump” from a point to a point that has a better signal, I decided to limit the signal level threshold by making an entry in AccessList tab. Values ​​entered into SignalRange => -71..120 Interface => all Action => accept, by this he achieved that when the signal reaches below -71, the subscriber “leaves” the point :) The value -71 was not taken by chance (the minimum signal level at a speed of 54Mbit ) Also in the Provisioning tab, I changed the NameFormat value, instead of cap I put identity (when connected to the controller, it shows the name of the point that is registered in the system-> identity of the device), who has an implementation in home devices, he may not need it, but who has points scattered over a large area and there are a lot of them - it will be useful :) In general, thank you very much and sorry for the many letters :)

And one more review:

The article is very good, but I would supplement / redo it in part guest wifi networks:
1) divided 2 wifi networks into different radio channels.
2) For security, I would separate the guest network from the main one. Considering that you have a guest network without a password, every student with a smartphone will want to break you. A bridge is created (bridge_open), an ip address from another network (192.168.200.1/24) is assigned to the bridge, a dhcp-pool is created (192.168.200.10-192.168.200.100), a dhcp server rises on the created bridge, we create another Datapaths (Datapaths_open) in which we specify the created bridge (bridge_open), we use Datapaths_open to configure the cfg2 guest network. Next, we configure NAT and firewall so that there is access to the Internet from the guest network (192.168.200.0/24), and it is blocked to the local working network (drop forward from 192.168.200.0/24 to the local network).

Online courses on Mikrotik

If you have a desire to learn how to work with Mikrotik routers and become a specialist in this field, I recommend taking courses on a program based on information from the official course MikroTik Certified Network Associate. In addition to the official program, the courses will include laboratory works where you can test and consolidate the acquired knowledge in practice. All details on the site. The cost of education is very democratic, good opportunity gain new knowledge in the current subject area. Course features:

• Practice-oriented knowledge;
• Real situations and tasks;
• The best of international programs.

• Like using Mikrotik.
• Simple and fast.
• Setting and on separate server.
• to reserve a channel on the Internet.

802.11R. Rapidswitching between points (handover)

Many Wi-Fi manufacturers promise seamless switching between access points using their "genius" proprietary protocol.

Despite beautiful promises, in practice, delays in switching (handover) can be significantly more than the declared 50-100 ms (switching can take up to 10 seconds when using the WPA2-Enterprise protocol). The fact is that the decision to move to another access point is always made by the client equipment. Those. Your smartphone, laptop or tablet decides for itself when to switch and how to do it.

Often, proprietary protocols from well-known Wi-Fi manufacturers are based on forced deauthentication of the device when the signal quality deteriorates. Sometimes in wifi settings points, you can set "roaming aggressiveness" - the minimum signal value at which the device will be "thrown" from the network. Often, client equipment reacts incorrectly to such a “kick in the ass”. The TCP session is terminated, the download of files stops. Lost connection with mail server, virtual machine. Connecting to the SIP server requires re-authentication.

Quite often, the client device, instead of connecting to a neighboring point with a better signal ( To this decision pushes himWiFicontroller) tries unsuccessfully to reconnect to the old point. Even worse, if the device tries to hook onto another network from the list of saved ones (for example, a guest network).

But even if the switching process goes according to plan, it takes a significant amount of time to re-key exchange (EAP) and authorization on the Radius server (WPA-2 Enterprise).

To solve these problems, the Wi-Fi Association developed the 802.11R protocol. Currently, most mobile devices support it (Apple since iPhone 4S, samsung galaxy S4, Sony Xperia Z5 Compact, BlackBerry Passport Silver Edition,...)

The essence of 802.11R is that the mobile device knows its own and other people's points by the mobile domain membership signal (MDIE). This signal is added to the beacon signal (SSID beacon).

If your iPhone has seen a point from its mobile domain with the best signal/noise level, it performs preliminary authorization with another point of the mobile domain before starting the switching procedure on the existing "thread".

Secondly, authorization follows a simplified scenario - instead of a long authorization on the Radius server, the client device exchanges a PMK-R1 key with the Wi-Fi controller. (The initial key PMK-R0 is transmitted only during primary authentication and is stored in the memory of the Wi-Fi controller).

At the moment when another point "retroactively" authorized the device, the actual handover occurs. Reconfiguring the frequency and channel in the smartphone takes no more than 50 milliseconds. In most cases, it goes completely unnoticed by the user.

When choosing a solution for office WiFi networks- pay attention to whether the selected equipment supports the open roaming protocol 802.11R, understandable for client devices. For example, Edimax Pro equipment fully supports this protocol, so there are no problems with roaming in most cases. However, if your device is old and does not understand the 802.11R protocol, it is possible to adjust the aggressiveness of roaming based on the signal falling below the threshold - as other Wi-Fi manufacturers do, presenting it as an "innovative solution".

802.11 K.Wireless Load Balancing

In addition to roaming problems, often corporate users have to deal with congestion on one access point. In the classic Wi-Fi implementation, all devices tend to connect to the access point with the best signal. Sometimes, as a result of the incorrect location of the point (radio planning error), all “office residents” are registered at one point, and the rest “rest”.

Due to uneven load, the speed of the local network drops dramatically, since the radio air is one big “hub”, where devices “talk in turn”.

To smooth out unevenness and optimal distribution of users between points operating on different radio channels, the 802.11K protocol was developed.

802.11K works in conjunction with 802.11R (as a rule, devices that support the “R” standard also support the “K” standard).

If the mobile device "sees" the beacon signal from other points in the same mobile domain, the device sends a broadcast request "Radio Measurement Request frame", in which it requests information about the current state of other access points within the visibility zone:

number of registered users

average channel speed (number of transmitted packets)

how many bytes were transferred in a certain time interval

In the extended specification of the standard, the client's smartphone can query the link status of other mobile devices connected to a potentially interesting access point that support the 802.11K standard. Devices respond not only about real statistics, but also about the state of the signal / noise.

Thus, if your smartphone sees 2 or more points within the same mobile domain, it will choose a point not with the best signal, but a point that will provide a faster connection to the local network (less loaded).

The reception conditions, the number of users and the load on the point can change dynamically, but using the 802.11K and 802.11R protocols, devices will seamlessly switch and the load on the network will always be evenly distributed.

Many vendors using proprietary protocols implement something similar to 802.11K, when an "overloaded" point forcibly disconnects clients with worse reception conditions or limits the maximum number of simultaneously registered devices and disables registration if the number of clients exceeds the allowable limits. These proprietary protocols are not as efficient, but still keep the Wi-Fi network from completely collapsing.

How to save money on radio planning thanks to802.11K

The use of equipment that supports the 802.11R and 802.11K protocols partly corrects the errors made during radio planning. Roaming-enabled dynamic protocols allow you to avoid overloading individual points and distribute the load between points evenly across the network.

The WiFi-solutions team recommends always doing radio planning, but sometimes in small networks, you can dot it randomly. Dynamic protocols will improve wifi quality and load distribution between channels of neighboring points.

The use of dynamic protocols for seamless roaming can reduce overlap areas. Thus, it is possible to provide high-quality coverage with a smaller number of points. Savings on equipment - up to 25%.

I need advice. Contact me.

In this article, we will learn how to create a single seamless WiFi network on the MikroTik routers/ Mikrotik. Where can it be useful? For example, in various cafes or hotels, where one wifi router insufficient to cover all premises and access to the Internet, and with large number access points constantly have various kinds of problems: on laptops, the connection constantly disappears, and mobile devices do not automatically switch to the nearest access point.

The solution to this situation is seamless WiFi network roaming or handover, which we can get thanks to the CapsMan functionality from several Mikrotik routers, one of which will be a WiFi controller, and the rest will be access points controlled by this controller.

The first thing to do is to update to the latest software version. The firmware can be downloaded from the official website. Next, going into the MikroTik interface, drag it to the Files section and reboot the router. Along with the firmware, you also need to download the Wireless CAPs MAN package, drag it to the same place and reboot. After the actions taken, you can proceed to the configuration.

Let's start with the controller. Open the CAPsMAN section by pressing the corresponding button in the main menu. In the Interfaces tab, click the Manager button (turn on the controller mode) and in the window that appears, check the Enable checkbox, save OK. After that, go to the Configurations tab.

The configuration settings will apply to all access points connected to the controller. Click the blue cross and in the Wireless tab specify the configuration name (3), wireless network mode (4), network name (5), and also turn on all wireless antennas for reception and transmission (6), save (7) and go to the Channel tab .

Here we indicate the frequency (2), the broadcast format of the wireless network (3) and the channel (4). We save (5) and go to the Datapath tab.

Here we only need to check the Local Forwarding checkbox - this will transfer traffic control to access points. Left to fill last tab security.

In the security section, select the type of authentication, encryption method and password for the wireless network, click OK.

After we have created the configuration, we move on to the next step - deployment. In the same CAPsMAN section, select the Provisioning tab (1) and click the blue cross. The Radio MAC field (2) allows you to select a specific access point to which our deployment will refer. We leave it by default so that the deployment applies to all access points. In the next Action (3) field, select createdynamicenabled, since we have a dynamic interface. In Master Configuration (4) we specify the name of the configuration created above.

With the CAPsMAN section finished, go to the Wireless section (1). In the Interfaces tab, click the CAP (3) button, check the Enabled (4) checkbox, select the wlan1 interface and specify the ip-address of our main router, which is also a controller.

If we did everything correctly, then two red lines will appear in the Interfaces tab, which indicate that the wi-fi adapter has connected to the controller and adopted all the necessary settings.

This completes the configuration of the main router-controller, and this network can be used to create telephone network and connection to PBX

Setting up access points that will connect to the controller via an Ethernet cable is quite simple. They also need to be flashed to the latest version and installed CAPs MAN. Next, we combine all the ports and the wi-fi interface into one Bridge in the section of the same name.

The next step in the Wireless section is the same as on the controller, except that instead of the IP address in CAPs MAN Addresses, we indicate the Bridge created on the access point in the Discovery Interfaces field. After the manipulations have been done, the access point will receive the settings from the controller and will distribute wi-fi (the same two red lines should appear in the Interfaces tab).