Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

RSSI, Roaming, and Fast Roaming

The received signal strength indicator (RSSI) is a measurement of the AP radio signal and is typically measured by the client. The scale runs from -100 dBm (weakest) to 0 dBm (strongest), but the values are usually in the range of -90 dBm to -25 dBm. Values from -70 dBm to 0 dBm are generally considered acceptable for the transmission of data, although in some cases clients might consider that to be poor. See IOS clients may consider an RSSI of -70 dBm to be poor.

RSSI matters to preserve good network connectivity. Clients will drop a weak RSSI connection in favor of a stronger one from another AP. This is called roaming, and because it is the client (rather than the AP) that measures RSSI, it is the client that controls the decision when to roam and the SSID to which it will connect. Thus, poor RSSI can cause a lot of roaming.

Poor RSSI can also be a cause of low throughput between the AP and the client, but it doesn't automatically equate to low throughput. In fact, data transfer rates for a given RSSI level, even a poor RSSI , can vary from as much as 5 Mbps to 45 Mbps or more. An RSSI of -75 dBm is significant because of the effect on roaming more so than on throughput.

Roaming

When roaming, for security protocols such as WPA-3 and WPA-2, and where the APs are acting independently of each other, the client must repeat the authentication and authorization process each time it wants to roam (that is, reconnect to the network using a better RSSI). The user might need to re-login to the network. Even if they don't, reconnecting can disrupt service such as voice drops on VoIP calls or video stuttering in real-time video streams.

A client might consider a roam if the RSSI is less than -70 dBm and they have data to send. Typically, this means running a 20 millisecond scan of each channel, or it can be a poll of the current AP to get its neighbors (802.11k), or a suggestion (802.11v).

Most roaming issues involve sticky clients. Sticky clients do not initiate a roam to a better target AP when they should.

Fast Roaming

Fast roaming is a connection method that was developed to optimize how clients perform their initial WPA2/WPA3 security authentication. It also provides a way for clients to retain their login credentials so they can be carried over from one AP to another when roaming.

The methods for fast roaming are, Default, Opportunistic Key Caching (OKC) and .11r. For both these methods, there is no need to send access request packets to the RADIUS server.

The fast roaming option becomes available when you select WPA3 or WPA2 as your security type.

Default

  • Mist APs locally cache the client Pairwise Master Key (PMK) ID obtained during the initial authorization and use it for subsequent re-associations on the same AP. This is also known as “fast secure roam back,” and is suitable for use cases where scale is not a factor because clients must fully re-authenticate at each new AP in the network until all the APs have their own local copy of the client's PMKID.

Opportunistic Key Caching

  • OKC allows clients to roam quickly to new APs without having to perform a full authentication exchange. It works because Mist APs send their PMKID cache to neighboring APs through cloud updates. Thus, APs in the same network can share PMKs and clients can reuse the PMK learned by one AP when roaming to another AP.

  • Juniper Mist APs use key information from a client's first association to generate keys for other APs in the network.

  • OKC requires the SSID to use WPA2/EAP (802.1x) security. RADIUS attributes are also shared along with the PMK so the client need not re-authenticate on the RADIUS.

  • OKC is a non-standard, fast roaming technology. It is supported by Microsoft Windows clients and some Android devices. Some wireless clients (including Apple iOS phones) do not support OKC.

  • A common source of roaming issues is a target AP that does not have the client PMKID which it needs to acknowledge the Fast BSS Transition (FBT) request.

Fast BSS Transition (802.11r)

  • Standard roaming takes eight messages, back and forth, between the client and AP (two authentications, two associations, and four key exchanges). All these messages use air time which add up when considering high-density, high-mobility environments.

  • 802.11r, also called .11r, reduces the message exchange to four messages. It does this by overlaying the four key exchange messages on the two authentication and two associations messages.

The table below summarized the roaming options and RADIUS interactions for different security types.

Table 1: Security for different roaming options
Security Roaming RADIUS access request? MAC lookup on RADIUS?
WPA-2/EAP (802.1X) Default Yes Disabled
WPA-2/EAP (802.1X) .11r No Disabled
WPA-2/EAP (802.1X) OKC No Disabled
WPA-2/PSK with passphrase Default Yes Either
WPA-2/PSK with passphrase .11r No Either
Open Access Disabled Yes Either

Enable Fast Roaming

Juniper APs support fast roaming (IEEE 802.11r, Fast BSS Transition), which provides a way for clients using WPA2/WPA3 security to retain authentication while roaming. This prevents them from having to reauthorize and reconnect to the network each time they change APs.

In addition, you can use Marvis to track clients' roaming history and help troubleshoot.

When you change fast roaming settings, the AP radio(s) reinitialize to obtain the new configuration. This will temporarily drop clients from the AP as it restarts.

To enable fast roaming on a WLAN:

  1. In the Mist portal, select Site > Wireless | WLAN and then click the Add WLAN button. Or select an existing WLAN from the list that appears.
  2. Go to the Security section.
  3. Select WPA3 or WPA2, Enterprise or Personal.
  4. In the Fast Roaming section, select the type of roaming you want to use:
    • Default—Local PMKID caching only; there is no sharing of the PMKID between Mist APs on the network. This may be appropriate for some use cases, but does not scale.
    • Opportunistic Key Caching—Non standard, but a widely supported fast roaming method.
    • .11r—Standards-based method of fast roaming, described in 802.11r.
  5. Scroll to the top of the page and click Save.

View Roaming History

In the Mist dashboard, you can see how clients roamed between APs, connected to the AP (RSSI strength), and also find things like bad roams. Data for the visualization comes from client events that Juniper APs send to the Mist portal. Marvis uses this information to provide a visual representation of your device’s roaming history. See Client Roaming Visualization for more information.

To view the roaming history of a given client:

  1. Click Marvis on the Mist portal.
  2. Click the Ask a Question button.
  3. In the page that appears, click the query field, and then select ROAMINGOF from the drop-down list.
  4. Choose a client from the list.
  5. You can further qualify the query by adding a time period. Re-click the query field and type During, then select a time period from the drop-down list the appears (such as 24 hours or Past 7 days).
  6. To view a different client, click the current client-name to re-open the drop-down list and select another from the list.
    Here’s an example that shows how Marvis depicts the roaming information for a client.
    Figure 1: Track and Troubleshoot Client Roaming Track and Troubleshoot Client Roaming