Fortinet black logo

New Features

Support 802.11v optimized roaming and load balancing 6.4.3

Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:448845
Download PDF

Support 802.11v optimized roaming and load balancing 6.4.3

When a FortiGate detects the client RSSI is outside of the threshold, the FortiAP sends a BSTM (802.11v BSS transition management) request to the client. The client can either accept the request because the FortiAP can provide a strong RSSI, or reject the request because the RSSI from the FortiAP is very weak.

When voice-enterprise is enabled, sticky-client-remove is automatically enabled. Use sticky-client-threshold-5g to edit the minimum signal level.

Disassociation function

If a client is capable of BSS transition, the AP sends the client a BSTM request instead of disassociating with the client.

In this configuration, the client connects to the FortiAP within the threshold range:

config wireless-controller vap
    edit "81e_ssid11v"
        set ssid "test_11v"
        set voice-enterprise enable
        set sticky-client-remove enable
        set sticky-client-threshold-5g "-45"
    next
end
# diagnose wireless-controller wlac -d sta   
   vf=2 wtp=3 rId=2 wlan=81e_ssid11v vlan_id=0 ip=10.11.123.2 ip6=fe80::146b:d5f8:fd2d:fb0e mac=d4:a3:3d:01:62:4f vci= host=WiFi-QA-iPhone8 user= group= signal=-34 noise=-95 idle=0 bw=677 use=6 chan=153 radio_type=11AC security=wpa2_only_personal mpsk= encrypt=aes cp_authed=no online=yes mimo=2

If the threshold is changed to request a strong signal that is outside of the threshold, the AP sends a request and receives a reject response from the client:

config wireless-controller vap
    edit "81e_ssid11v"
        set ssid "test_11v"
        set voice-enterprise enable
        set sticky-client-remove enable
        set sticky-client-threshold-5g "-20"
    next
end

The WiFi event log contains the BSTM reject response:

3: date=2020-09-18 time=16:08:37 logid="0104043695" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600470517188697388 tz="-0700" logdesc="Wireless client sent WNM action BSTM response reject" sn="FP421ETF19003703" ap="FP421ETF19003703" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=48 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-resp-reject" reason="Reserved 0" msg="AP received WNM action BSTM response frame (reject) from client d4:a3:3d:01:62:4f" remotewtptime="2949.236951"
4: date=2020-09-18 time=16:08:37 logid="0104043693" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600470517188517242 tz="-0700" logdesc="AP sent WNM action BSTM request" sn="FP421ETF19003703" ap="FP421ETF19003703" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=48 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-req" reason="Reserved 0" msg="AP sent WNM action BSTM request frame to client d4:a3:3d:01:62:4f" remotewtptime="2949.235888"

Association RSSI check

If a client is capable of BSS transition, the client is allowed to associate and the AP sends the client a BSTM request.

In this configuration, the client is able to connect to the SSID outside of the range. The AP sends the BSTM request to the client, and the client will decide whether or not to associate.

config wireless-controller vap
    edit "81e_ssid11v"
        set ssid "test_11v"
        set voice-enterprise enable
        set sticky-client-remove enable
        set sticky-client-threshold-5g "-45"
    next
end
# diagnose wireless-controller wlac -d sta   
vf=2 wtp=3 rId=2 wlan=81e_ssid11v vlan_id=0 ip=10.11.123.2 ip6=fe80::146b:d5f8:fd2d:fb0e mac=d4:a3:3d:01:62:4f vci= host=WiFi-QA-iPhone8 user= group= signal=-54 noise=-95 idle=3 bw=5 use=6 chan=153 radio_type=11AC security=wpa2_only_personal mpsk= encrypt=aes cp_authed=no online=yes mimo=2

The WiFi event log contains the BSTM request:

3: date=2020-09-18 time=15:52:44 logid="0104043693" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600469564377293204 tz="-0700" logdesc="AP sent WNM action BSTM request" sn="PS223E3X17000006" ap="PS223E3X17000006" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=153 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-req" reason="Reserved 0" msg="AP sent WNM action BSTM request frame to client d4:a3:3d:01:62:4f" remotewtptime="1995.307607"

Load balancing

If a client is rejected when load balancing fails, the client might be unsure of which AP to associate to and could repeatedly retry the same AP. If a client is capable of BSS transition, it will not try the loaded AP. The client will join by choosing an AP from the provided list.

In this example, two FortiAPs broadcast to the 81e_ssid11v SSID. The client is able to connect with FAP-1 first. If the RSSI signal of FAP-1 is reduced, a BSTM request is sent to FAP-2. Then, FAP-2 accepts the request and the client moves to FAP-2.

To configure load balancing:
  1. Configure the VAP:
    config wireless-controller vap
        edit "81e_ssid11v"
            set ssid "test_11v"
            set voice-enterprise enable
            set sticky-client-remove enable
            set sticky-client-threshold-5g "-45"
        next
    end
  2. Verify access control:
    # diagnose wireless-controller wlac -d sta   
    
    vf=2 wtp=2 rId=2 wlan=81e_ssid11v vlan_id=0 ip=10.11.123.2 ip6=fe80::146b:d5f8:fd2d:fb0e mac=d4:a3:3d:01:62:4f vci= host=WiFi-QA-iPhone8 user= group= signal=-44 noise=-95 idle=8 bw=0 use=6 chan=48 radio_type=11AC security=wpa2_only_personal mpsk= encrypt=aes cp_authed=no online=yes mimo=2
  3. Verify the WiFi event log:
    11: date=2020-09-18 time=15:23:43 logid="0104043693" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600467823308451794 tz="-0700" logdesc="AP sent WNM action BSTM request" sn="PS223E3X17000006" ap="PS223E3X17000006" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=153 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-req" reason="Reserved 0" msg="AP sent WNM action BSTM request frame to client d4:a3:3d:01:62:4f" remotewtptime="254.178245"
    12: date=2020-09-18 time=15:23:43 logid="0104043694" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600467823146171299 tz="-0700" logdesc="Wireless client sent WNM action BSTM response accept" sn="FP421ETF19003703" ap="FP421ETF19003703" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=48 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-resp-accept" reason="Reserved 0" msg="AP received WNM action BSTM response frame (accept) from client d4:a3:3d:01:62:4f" remotewtptime="255.413432"

Support 802.11v optimized roaming and load balancing 6.4.3

When a FortiGate detects the client RSSI is outside of the threshold, the FortiAP sends a BSTM (802.11v BSS transition management) request to the client. The client can either accept the request because the FortiAP can provide a strong RSSI, or reject the request because the RSSI from the FortiAP is very weak.

When voice-enterprise is enabled, sticky-client-remove is automatically enabled. Use sticky-client-threshold-5g to edit the minimum signal level.

Disassociation function

If a client is capable of BSS transition, the AP sends the client a BSTM request instead of disassociating with the client.

In this configuration, the client connects to the FortiAP within the threshold range:

config wireless-controller vap
    edit "81e_ssid11v"
        set ssid "test_11v"
        set voice-enterprise enable
        set sticky-client-remove enable
        set sticky-client-threshold-5g "-45"
    next
end
# diagnose wireless-controller wlac -d sta   
   vf=2 wtp=3 rId=2 wlan=81e_ssid11v vlan_id=0 ip=10.11.123.2 ip6=fe80::146b:d5f8:fd2d:fb0e mac=d4:a3:3d:01:62:4f vci= host=WiFi-QA-iPhone8 user= group= signal=-34 noise=-95 idle=0 bw=677 use=6 chan=153 radio_type=11AC security=wpa2_only_personal mpsk= encrypt=aes cp_authed=no online=yes mimo=2

If the threshold is changed to request a strong signal that is outside of the threshold, the AP sends a request and receives a reject response from the client:

config wireless-controller vap
    edit "81e_ssid11v"
        set ssid "test_11v"
        set voice-enterprise enable
        set sticky-client-remove enable
        set sticky-client-threshold-5g "-20"
    next
end

The WiFi event log contains the BSTM reject response:

3: date=2020-09-18 time=16:08:37 logid="0104043695" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600470517188697388 tz="-0700" logdesc="Wireless client sent WNM action BSTM response reject" sn="FP421ETF19003703" ap="FP421ETF19003703" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=48 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-resp-reject" reason="Reserved 0" msg="AP received WNM action BSTM response frame (reject) from client d4:a3:3d:01:62:4f" remotewtptime="2949.236951"
4: date=2020-09-18 time=16:08:37 logid="0104043693" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600470517188517242 tz="-0700" logdesc="AP sent WNM action BSTM request" sn="FP421ETF19003703" ap="FP421ETF19003703" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=48 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-req" reason="Reserved 0" msg="AP sent WNM action BSTM request frame to client d4:a3:3d:01:62:4f" remotewtptime="2949.235888"

Association RSSI check

If a client is capable of BSS transition, the client is allowed to associate and the AP sends the client a BSTM request.

In this configuration, the client is able to connect to the SSID outside of the range. The AP sends the BSTM request to the client, and the client will decide whether or not to associate.

config wireless-controller vap
    edit "81e_ssid11v"
        set ssid "test_11v"
        set voice-enterprise enable
        set sticky-client-remove enable
        set sticky-client-threshold-5g "-45"
    next
end
# diagnose wireless-controller wlac -d sta   
vf=2 wtp=3 rId=2 wlan=81e_ssid11v vlan_id=0 ip=10.11.123.2 ip6=fe80::146b:d5f8:fd2d:fb0e mac=d4:a3:3d:01:62:4f vci= host=WiFi-QA-iPhone8 user= group= signal=-54 noise=-95 idle=3 bw=5 use=6 chan=153 radio_type=11AC security=wpa2_only_personal mpsk= encrypt=aes cp_authed=no online=yes mimo=2

The WiFi event log contains the BSTM request:

3: date=2020-09-18 time=15:52:44 logid="0104043693" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600469564377293204 tz="-0700" logdesc="AP sent WNM action BSTM request" sn="PS223E3X17000006" ap="PS223E3X17000006" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=153 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-req" reason="Reserved 0" msg="AP sent WNM action BSTM request frame to client d4:a3:3d:01:62:4f" remotewtptime="1995.307607"

Load balancing

If a client is rejected when load balancing fails, the client might be unsure of which AP to associate to and could repeatedly retry the same AP. If a client is capable of BSS transition, it will not try the loaded AP. The client will join by choosing an AP from the provided list.

In this example, two FortiAPs broadcast to the 81e_ssid11v SSID. The client is able to connect with FAP-1 first. If the RSSI signal of FAP-1 is reduced, a BSTM request is sent to FAP-2. Then, FAP-2 accepts the request and the client moves to FAP-2.

To configure load balancing:
  1. Configure the VAP:
    config wireless-controller vap
        edit "81e_ssid11v"
            set ssid "test_11v"
            set voice-enterprise enable
            set sticky-client-remove enable
            set sticky-client-threshold-5g "-45"
        next
    end
  2. Verify access control:
    # diagnose wireless-controller wlac -d sta   
    
    vf=2 wtp=2 rId=2 wlan=81e_ssid11v vlan_id=0 ip=10.11.123.2 ip6=fe80::146b:d5f8:fd2d:fb0e mac=d4:a3:3d:01:62:4f vci= host=WiFi-QA-iPhone8 user= group= signal=-44 noise=-95 idle=8 bw=0 use=6 chan=48 radio_type=11AC security=wpa2_only_personal mpsk= encrypt=aes cp_authed=no online=yes mimo=2
  3. Verify the WiFi event log:
    11: date=2020-09-18 time=15:23:43 logid="0104043693" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600467823308451794 tz="-0700" logdesc="AP sent WNM action BSTM request" sn="PS223E3X17000006" ap="PS223E3X17000006" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=153 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-req" reason="Reserved 0" msg="AP sent WNM action BSTM request frame to client d4:a3:3d:01:62:4f" remotewtptime="254.178245"
    12: date=2020-09-18 time=15:23:43 logid="0104043694" type="event" subtype="wireless" level="notice" vd="vdom1" eventtime=1600467823146171299 tz="-0700" logdesc="Wireless client sent WNM action BSTM response accept" sn="FP421ETF19003703" ap="FP421ETF19003703" vap="81e_ssid11v" ssid="test_11v" radioid=2 user="N/A" stamac="d4:a3:3d:01:62:4f" channel=48 security="WPA2 Personal" encryption="AES" action="WNM-action-bstm-resp-accept" reason="Reserved 0" msg="AP received WNM action BSTM response frame (accept) from client d4:a3:3d:01:62:4f" remotewtptime="255.413432"