[NEBULA] Fast roaming
Hello
We use NWA 123-AC-PRO access points, authentication radius, roaming works well, but when I try to connect to a wifi through an access point to which they have not connected yet, authentication is required. How can I make sure that when connected to 1 point, the device can connect to the wifi through any access point, without entering login and password?
I was looking for how to enable 802.11r fast roaming but cannot find how to enable it through the nebula.
All Replies
-
Hi.
In my config it's here:
2 -
Hi @Denis,
You can check the event log for the station connection. If the station is doing roaming, you can see station leave log on the original AP like "Station: xx:xx:xx:xx:xx:xx has disassoc by STA Leave(L2UPFrame) on Channel: ". And, the station should be associated on the other AP without deauth.
May I know if there's any information you expect to know or is there any problem for roaming?
Thanks.
0 -
Already solved the problem.
We do not use fast roaming, we need Web authentication. We send passwords to wifi via SMS, which are registered in mysql.
We use 15 access points, made the network open, users authenticate with zywall usg 310, the network works as we need. If we use the hotspot built into the access point, the device cannot authenticate at the access point to which the device has not previously connected. I understand that this works differently. But it would be nice if we could place hotspot on 1 access point and indicate to everyone else its url.
In the configuration used, we had to connect our Zywall to the radius server, which theoretically creates another dangerous point in information security.
I want us to be able to prohibit the assignment of administrative access rights through the radius in Zuwall usg 310, in fact, everything depends on the "Zyxel-User-Type" attribute and the entry in the mysql database or text file.
Use external (radius) server for admin access = no - The best decision.
This will allow we not to place high security requirements on the radius service and mysql service.
0 -
@Denis are your 15 access points in the same L2 network?
I have used captive portal implemented in the access points and the roaming works fine between the access points, no need to connect to each AP first. If your access points are in different subnets, then that could be the reason.
"You will never walk along"0 -
Access points work in the same l2 network, roaming works fine, but if you disconnect wifi and go to the access point on which the first entrance to the network was not performed, then the login and password to the network will be requested - captive portal.
0 -
Hi @Denis
Once a wireless client logs in to one of the APs, the Nebula Control Center will sync the other APs in the same Site.
Unless you change to the other AP faster then this process (which is fast already), it shouldn't be an issue. Roaming wold suffer the same problem.
Could you tell us more about your scenario?
0 -
We use web authentication, a button is built into the web page that redirects to the page for sending a password via SMS. This is necessary in order not to change the password manually and not give out passwords to employees, they do everything on their own. As login, use the phone number of the employee.
Technically, the model looks like this:
AP - network is open
Zywall USG 310 - Web authentication is enabled using freetime for guests, radius + sms for employees.
Radius - freeradius + mysql, with each request, new passwords are generated and entered into the table.
With this configuration, the access points do not authenticate the client, authentication is performed by Zywall, this allows you to create a network with a single entry point in which authentication is required only 1 time.
When using web authentication built-in AP:
there are 2 points, the client connected to the first, entered the login and password, connected to the network, switching between the points works fine, but if the client turns off wifi and goes to the second point and turns on wifi, then the point does not authenticate the device, it will open the authentication page.
I have not tried using the nebula service to authenticate users, as this will not allow sending SMS with a password.
0 -
Hi @Denis, could you please check if your AP devices are running the latest firmware version 5.50? Thanks!
0 -
0
-
Hi @Denis,
May I know that if the client get the same IP after turning off wifi and went to the second point and turned on wifi?
Thanks.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight