adam's notes

Roaming and Client Disassociation Issues

Roaming means that wireless clients can remain connected to the same network ESSID while moving around within an extended service area (ESA).

  • ESA is created by
    • connecting APs via a wired network
    • configuring them with the same ESSID and security parameters
    • APs use different channels so that where the BSA of each AP overlaps, there is no interference

Roaming Misconfiguration Issues

  • for seamless roaming
    • cells served by each AP must overlap to some extent
    • tricky to get right
  • issues
    • Sticky clients
      • that do not identify signal issues
      • do not reassociate with a different AP that could provide a better connection
    • Flapping clients
      • switch repeatedly between access points
    • Clients that do not support roaming standards
      • 802.11k, 802.11r, and 802.11v
      • so experience service interruptions due to having to reauthenticate or associate too slowly with the new AP
      • 802.11r assists with reauthentication
      • 802.11k can mitigate sticky and flapping client issues
        • transmits information about the wireless topology to the client
      • 802.11v can “push” a client toward a less congested access point
    • Inconsistent service areas for 2.4 GHz and 5 GHz
      • 2.4 GHz supports longer ranges than 5 GHz
        • can cause it to “attract” more clients
      • 2.4 GHz BSS is configured with a lower transmit power than the equivalent 5 GHz BSS
  • identify issues with roaming by
    • analyzing AP association times for client device
  • WLAN controller can track client mobility
    • shows each AP and the time the client associated with it

Client Disassociation Issues

  • client may flap between two APs, causing many disassociations and reassociations
    • investigate the AP or controller event log to identify cause
  • if client is disassociating unexpectedly and
    • no roaming, interference, or standards support issue
    • then may be an attack
  • disassociation attack exploits lack of encryption in management frame traffic
    • one type injects MGF that spoof the MAC address of victim to cause it to disassociate
    • another type broadcasts spoofed frames to disconnect all stations
    • may be used to perform DoS attack
    • may be used in conjunction with a replay attack to get the network key

Graph View

Backlinks