802.11r - Which authentication method to use

HarryCarter
Conversationalist

802.11r - Which authentication method to use

Hello 

 

I was trying to improve the roaming on one of our SSID's (mobile POS tablets dropping connection as they roam around), enabling 802.11r protocol would help with this. However, the combo of that and WPA2 is unsafe.

 

Which authentication method is best to utilize the 802.11r benefits? 

 

Thanks in advance.

4 Replies 4
m841
Here to help

I guess the first thing is, do your devices support .1r?

Adam2104
Building a reputation

802.11r is unsafe when paired with WPA2 PSK (pre-shared-key). WPA2 Enterprise is safe to use with 802.11r, at least that's my understanding.

cmr
Kind of a big deal
Kind of a big deal

We found that 802.11r didn't help much, making sure that a device can see two other APs as it leaves the coverage of one worked better for us.  It also helps with location tracking accuracy if you are interested in that.  The other thing to be aware of is radio power levels, smaller devices often cannot raise their power level above ~17dBm so to ensure that the AP can hear them when they can hear the AP you should keep maximum power restricted to this or below. 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Adam2104
Building a reputation


@cmr wrote:

The other thing to be aware of is radio power levels, smaller devices often cannot raise their power level above ~17dBm so to ensure that the AP can hear them when they can hear the AP you should keep maximum power restricted to this or below. 


This. I've had really good luck with balancing the AP transmit level to the approximate level of my wireless devices. I run 15dbm on my MR42s and devices roam just fine from device to device. I'd work on surveying the AP power levels and coverage before bothering with 802.11r.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels