Seamless roaming

Qinn

Not as far as I can see, here all messages are from 1 to 224.

johnpoz

Then why all this nonsense about temps?? Just such a non-sequitur

https://youtu.be/C_R5fK73Eaw

Qinn

non-sequitur and off topic you are right, but I was sincerely interested why these so complete AP's don't measure the temp, but I think it is best to leave it at that and no further pollute this nice thread </off-topic>

Qinn

@johnpoz I just installed the 6.0.20 version op the controller and came upon Protected management frames (PMF ) and would like your opinion on these, and the settings that go along with it; "Optional
and Required".

Thanks.

johnpoz

Guess depends on how tight your tinfoil hat is..

I would leave them disabled, its going to be a performance hit.

Do you have clients that support it? Can tell pretty much for a fact that no iot devices would support such a feature.

If your so worried about someone sniffing/messing with your management frames.. Then yeah you would want it.. And you would want to make sure all your clients support it before you do so you could "require" it.. Optional would mean some clients could use it and some clients might not - so what would be the point if your not going to do it for all clients..

I personally would just leave it disabled.. Really of little use in a home network. To meet some security audit for a corp setup - sure..

In a corp setup I would see it being required on say the trusted wireless network.. And say the guest network being disabled or optional. But in a home network where hey how come my wireless network speed is not 600Mbps -- I would just leave disabled... While sure it is a much improved security aspect for wireless.. Do you feel the nerd kid next door is trying to hack your wireless? Is your psk secure? etc..

JeGr

@johnpoz said in Seamless roaming:

Is your psk secure? etc..

Having no PSK is the best part of the setup

johnpoz

While I would love to get rid of PSK as well - and just use better eap auth (my trusted wifi network is eap-tls), or wpa3-personal, the problem is no iot devices support enterprise and don't see me replacing all my current iot devices with new iot at some future point when they support wpa3.. Which prob going to be a really long time anyway

So yeah your going to have to have atleast 1 ssid with wpa2-psk, and prob even more for your iot devices, and then 1 for guests..

the "psk" is going to be around for quite some time..

So all your clients support wpa3? Or all your devices support using wpa2-enterprise?

How is it your not using any psk?

edit: btw @Qinn 6.0.22 just came out ;)

mcury

@johnpoz I have it installed too.
Already backing it up..

[marcelo@linux Raspberry_Pi]$ rm buster.img
[marcelo@linux Raspberry_Pi]$ sudo dd bs=4M if=/dev/sdc | gzip > buster.img.gz

NogBadTheBad

Argh I just updated to 6.0.20 it’s a right pile of crud.

I have a subnet that has a wpapsk and wpaeap ssid , it created two networks rather than a single one to associate the ssid to.

It also did the same with my IOT subnet that had a 2.4 & 5Ghz ssid and a 2.4 Ghz only ssid.

The GUI is becoming a mess as well, think I may be looking at Cambium Networks in the future.

johnpoz

Yeah their new "beta" interface is a pile of crap currently ;) I really don't know what they are thinking to be honest.. Talk about making it difficult..

I just continue to use the legacy interface..

If you make any changes in the beta - you can for sure break shit.. I have toggled it on to look at, but don't ever make any setting changes in it..

Qinn

edit: btw @Qinn 6.0.22 just came out ;)

I see it on their site https://community.ui.com/releases, the check that's in the controller does not report that there is a new version.

btw I am not surprised there is a update/fix a as there were ton's of complaints mostly people using VLAN, I had no problems (using 4 VLAN's)

btw I have to wait to upgrade to 6.0.22, as I am using a Docker controller and that one did got bumped, yet ;)

mcury

Fw 5.36 is out too.

JeGr

@johnpoz said in Seamless roaming:

How is it your not using any psk?

I have/had an additional WPA2-PSK SSID for the media/streaming subnet, as the test-alexa (thrown out) or other toys didn't really like WPA2-Enterprise. But that's dying and ATM I think all clients that even use WiFi in the media subnet are WPA2-Ent compatible. Even the Nintendo Switch'es can do Enterprise. Only the new fan may be the last one that requires PSK. But perhaps throwing that out into another network.

Any others are running enterprise just fine either in Guest, LAN, Lab or IoT network.

Cheers
\jens

johnpoz

I don't have a switch - but quick google shows lots of people complaining that it DIDN'T support enterprise, and there was a feature request for it. When did they add it?

JeGr

Ah my bad. Kids didn't say anything and just hooked it into the media WiFi (which isn't that bad) but I thought they were entering their account :) It's indeed not supported. sigh
Yeah... Nintendo isn't that good with network stuff so I could've known

OK second SSID has to stay... for now :D

johnpoz

Yeah enterprise has way more variables and complications in supporting it.. Iot devices and game systems, etc. etc.. Not meant for the enterprise - and what .00001% of homes might run enterprise.. Because someone in the home is a IT person or nerd/geek..

I just don't see these sorts of devices supporting it.. They have had years and years already to bring support to the table - and nothing..

I just don't think you could run a smart home with wifi devices without psk wifi.. I would love to see every device support enterprise.. But I just do not see it happening on any more than a few niche devices. And prob only thing when they are actually used in enterprise or setting where enterprise is used over psk.. Like a school..

If any device has call for it to support enterprise you would think it the switch because of all the kids at uni, and uni wifi is almost always enterprise based for auth.

Qinn

Maybe I am swearing in church, but it seems rather a big risk when all your devices (as in hardware) are being controlled by the same piece of software...

johnpoz

Huh???

Qinn

Well, just what it reads

johnpoz

What reads, what software? Your off on a non-sequitur again