This year, I was able to present at WLAN Klassentreffen (in German) and the Wireless LAN Professionals Conference (in English) on the Topic Fast BSS Transition, IEEE 802.11r.

If you want to look at the references in the 802.11 standard, it’s all based on the 2020 version.

This is the recorded WLPC-Video:

And here is the slide deck for the presentation:

FastBSSTransition-WLPC-EU-2025 Download

This is the PCAP that I used in the presentation:

Pixel-11r-Meraki9166.pcapng Download

And Youtube … Why do you want to hurt my feelings with your transcription?

Here are some additional infos to the WLPC video:

8:15
Very important for this Frame by Frame analysis is, that in Meraki Networks we do not have a controller. The AP that our client connects to initially, is the first Authenticator that talks to the RADIUS server and becomes the R0KH. On my ~~Juniper Mist~~ HPE Juniper networking APs, I observed the same behaviour.

8:20
I say “Initial Mobility Domain Connection”, but the correct term is “Initial Mobility Domain Association”.

9:40
I forgot to reference the standard in the presentation: 13.2.2 Authenticator key holders

10:20
EAP-TLS 1.3 is defined in RFC 9190: https://datatracker.ietf.org/doc/rfc9190/

10:57
I didn’t mention it, but this is also true for cached PMK-R1 and derived PTKSAs.

11:23
I accidentally said R1KH instead of R0KH for the calculation of the PMK-R0.

11:45
yes, it was AKM 22.
Table 9-190—AKM suite selectors in IEEE 802.11-2024
AKM 23 is the corresponding non-FT AKM.

13:10
These checks are defined in “13.5.2 Over-the-air FT protocol authentication in an RSN“. Additionally they are mentioned in “13.7.1 FT reassociation in an RSN” for the reception of the reassociation request frame.

I still have no idea how the target AP can know which cipher suite was used in the “Initial mobility domain association”. If anyone has a hint, I am eager to know!

Analysis of a Fast Roam

Leave a Reply Cancel reply