Wi-Fi: Enable roaming

Enable roaming for Wi-Fi Access Point

Author: mattiaswal

doc/wifi.md

@@ -394,6 +394,57 @@ admin@example:/config/interface/wifi0/> set bridge-port bridge br0
 admin@example:/config/interface/wifi0/> leave
 ```
 
+## Fast Roaming Between Access Points
+
+Fast roaming enables seamless client handoff between access points without
+connection drops. This is essential for dual-band setups (same SSID on 2.4GHz
+and 5GHz) and multi-AP deployments.
+
+When roaming is enabled, Infix activates 802.11k/r/v features that reduce
+handoff latency from ~1 second to <50ms and help clients make better roaming
+decisions.
+
+### Requirements
+
+For seamless roaming, all access points in the roaming group must have:
+
+1. **Identical SSID** (network name)
+2. **Identical passphrase** (same keystore secret reference)
+3. **Identical mobility-domain** (if customized from default `4f57`)
+4. **Roaming enabled** on all AP interfaces
+
+### Configuration
+
+Enable roaming on each AP interface that should participate in the roaming group:
+
+```
+admin@example:/config/interface/wifi0/> set wifi access-point roaming
+```
+
+This uses the default mobility-domain `4f57`. To customize the mobility-domain:
+
+```
+admin@example:/config/interface/wifi0/> set wifi access-point roaming mobility-domain abcd
+```
+
+> [!IMPORTANT]
+> All APs in the same roaming group MUST use the same mobility-domain identifier.
+> The SSID and passphrase must also be identical across all APs.
+
+### How It Works
+
+With roaming enabled, clients seamlessly transition between APs:
+
+1. Client connects to the AP with the strongest signal
+2. Client continuously monitors signal strength and discovers neighbor APs
+3. When signal degrades, client evaluates alternative APs
+4. Client performs fast handoff (<50ms) to the better AP
+5. Connection remains active without interruption
+
+> [!NOTE]
+> Not all client devices support fast roaming (802.11r). Older devices will still
+> roam between APs but may experience brief interruptions during handoff.
+
 ## Troubleshooting Connection Issues
 
 Use `show interface wifi0` to verify signal strength and connection status.
@@ -405,4 +456,10 @@ If issues arise, try the following troubleshooting steps:
 4. **Regulatory compliance**: Ensure the country-code on the radio matches your location
 5. **Hardware detection**: Confirm the WiFi radio appears in `show hardware`
 
+**Roaming-specific issues:**
+
+- **Clients not roaming**: Verify mobility-domain, SSID, and passphrase are identical on all APs
+- **Connection drops during roaming**: Ensure AP coverage areas overlap adequately
+- **Client compatibility**: Check if client device supports 802.11r (most modern devices do)
+
 If issues persist, check the system log for specific error messages that can help identify the root cause.

src/confd/src/hardware.c

@@ -310,10 +310,12 @@ static int wifi_find_radio_aps(struct lyd_node *cifs, const char *radio_name,
 }
 
 /* Generate BSS section for secondary AP (multi-SSID) */
-static int wifi_gen_bss_section(FILE *hostapd, struct lyd_node *cifs, const char *ifname, struct lyd_node *config)
+static int wifi_gen_bss_section(FILE *hostapd, struct lyd_node *cifs, const char *ifname,
+				 struct lyd_node *config)
 {
 	const char *ssid, *hidden, *security_mode, *secret_name, *secret;
-	struct lyd_node *cif, *wifi, *ap, *security, *secret_node;
+	const char *mobility_domain = NULL;
+	struct lyd_node *cif, *wifi, *ap, *security, *secret_node, *roaming;
 	char bssid[18];
 
 	/* Find the interface node for this BSS */
@@ -367,28 +369,43 @@ static int wifi_gen_bss_section(FILE *hostapd, struct lyd_node *cifs, const char
 		}
 	}
 
+	/* Check roaming configuration */
+	roaming = lydx_get_child(ap, "roaming");
+	if (roaming)
+		mobility_domain = lydx_get_cattr(roaming, "mobility-domain");
+
+
 	if (!strcmp(security_mode, "open")) {
 		fprintf(hostapd, "# Open network\n");
 		fprintf(hostapd, "auth_algs=1\n");
 	} else if (!strcmp(security_mode, "wpa2-personal")) {
 		fprintf(hostapd, "# WPA2-Personal\n");
 		fprintf(hostapd, "wpa=2\n");
-		fprintf(hostapd, "wpa_key_mgmt=WPA-PSK\n");
+		if (roaming)
+			fprintf(hostapd, "wpa_key_mgmt=FT-PSK WPA-PSK\n");
+		else
+			fprintf(hostapd, "wpa_key_mgmt=WPA-PSK\n");
 		fprintf(hostapd, "wpa_pairwise=CCMP\n");
 		if (secret)
 			fprintf(hostapd, "wpa_passphrase=%s\n", secret);
 	} else if (!strcmp(security_mode, "wpa3-personal")) {
 		fprintf(hostapd, "# WPA3-Personal\n");
 		fprintf(hostapd, "wpa=2\n");
-		fprintf(hostapd, "wpa_key_mgmt=SAE\n");
+		if (roaming)
+			fprintf(hostapd, "wpa_key_mgmt=FT-SAE SAE\n");
+		else
+			fprintf(hostapd, "wpa_key_mgmt=SAE\n");
 		fprintf(hostapd, "rsn_pairwise=CCMP\n");
 		if (secret)
 			fprintf(hostapd, "sae_password=%s\n", secret);
 		fprintf(hostapd, "ieee80211w=2\n");
 	} else if (!strcmp(security_mode, "wpa2-wpa3-personal")) {
 		fprintf(hostapd, "# WPA2/WPA3 Mixed\n");
 		fprintf(hostapd, "wpa=2\n");
-		fprintf(hostapd, "wpa_key_mgmt=WPA-PSK SAE\n");
+		if (roaming)
+			fprintf(hostapd, "wpa_key_mgmt=FT-PSK FT-SAE WPA-PSK SAE\n");
+		else
+			fprintf(hostapd, "wpa_key_mgmt=WPA-PSK SAE\n");
 		fprintf(hostapd, "rsn_pairwise=CCMP\n");
 		if (secret) {
 			fprintf(hostapd, "wpa_passphrase=%s\n", secret);
@@ -397,6 +414,15 @@ static int wifi_gen_bss_section(FILE *hostapd, struct lyd_node *cifs, const char
 		fprintf(hostapd, "ieee80211w=1\n");
 	}
 
+	/* Roaming configuration (only if enabled) */
+	if (roaming) {
+		fprintf(hostapd, "# Fast roaming (802.11r)\n");
+		fprintf(hostapd, "mobility_domain=%s\n", mobility_domain);
+		fprintf(hostapd, "ft_over_ds=1\n");
+		fprintf(hostapd, "ft_psk_generate_local=1\n");
+		fprintf(hostapd, "nas_identifier=%s.%s\n", ifname, mobility_domain);
+	}
+
 	return 0;
 }
 
@@ -405,11 +431,11 @@ static int wifi_gen_aps_on_radio(const char *radio_name, struct lyd_node *cifs,
 				  struct lyd_node *radio_node, struct lyd_node *config)
 {
 	const char *ssid, *hidden, *security_mode, *secret_name, *secret;
+	const char *country, *channel, *band, *primary_ifname;
+	const char *mobility_domain = NULL;
 	struct lyd_node *primary_cif, *cif;
 	struct lyd_node *primary_wifi, *primary_ap;
-	struct lyd_node *security, *secret_node;
-	const char *country, *channel, *band;
-	const char *primary_ifname;
+	struct lyd_node *security, *secret_node, *roaming;
 	char hostapd_conf[256];
 	char **ap_list = NULL;
 	FILE *hostapd = NULL;
@@ -455,6 +481,11 @@ static int wifi_gen_aps_on_radio(const char *radio_name, struct lyd_node *cifs,
 	secret_name = lydx_get_cattr(security, "secret");
 	secret = NULL;
 
+	/* Get roaming configuration */
+	roaming = lydx_get_child(primary_ap, "roaming");
+	if (roaming)
+		mobility_domain = lydx_get_cattr(roaming, "mobility-domain");
+
 	/* Get radio configuration */
 	country = lydx_get_cattr(radio_node, "country-code");
 	band = lydx_get_cattr(radio_node, "band");
@@ -572,26 +603,51 @@ static int wifi_gen_aps_on_radio(const char *radio_name, struct lyd_node *cifs,
 	} else if (!strcmp(security_mode, "wpa2-personal")) {
 		fprintf(hostapd, "# WPA2-Personal\n");
 		fprintf(hostapd, "wpa=2\n");
-		fprintf(hostapd, "wpa_key_mgmt=WPA-PSK\n");
+		if (roaming)
+			fprintf(hostapd, "wpa_key_mgmt=FT-PSK WPA-PSK\n");
+		else
+			fprintf(hostapd, "wpa_key_mgmt=WPA-PSK\n");
 		fprintf(hostapd, "wpa_pairwise=CCMP\n");
 		fprintf(hostapd, "wpa_passphrase=%s\n", secret);
 	} else if (!strcmp(security_mode, "wpa3-personal")) {
 		fprintf(hostapd, "# WPA3-Personal\n");
 		fprintf(hostapd, "wpa=2\n");
-		fprintf(hostapd, "wpa_key_mgmt=SAE\n");
+		if (roaming)
+			fprintf(hostapd, "wpa_key_mgmt=FT-SAE SAE\n");
+		else
+			fprintf(hostapd, "wpa_key_mgmt=SAE\n");
 		fprintf(hostapd, "rsn_pairwise=CCMP\n");
 		fprintf(hostapd, "sae_password=%s\n", secret);
 		fprintf(hostapd, "ieee80211w=2\n");
 	} else if (!strcmp(security_mode, "wpa2-wpa3-personal")) {
 		fprintf(hostapd, "# WPA2/WPA3 Mixed Mode\n");
 		fprintf(hostapd, "wpa=2\n");
-		fprintf(hostapd, "wpa_key_mgmt=WPA-PSK SAE\n");
+		if (roaming)
+			fprintf(hostapd, "wpa_key_mgmt=FT-PSK FT-SAE WPA-PSK SAE\n");
+		else
+			fprintf(hostapd, "wpa_key_mgmt=WPA-PSK SAE\n");
 		fprintf(hostapd, "rsn_pairwise=CCMP\n");
 		fprintf(hostapd, "wpa_passphrase=%s\n", secret);
 		fprintf(hostapd, "sae_password=%s\n", secret);
 		fprintf(hostapd, "ieee80211w=1\n");
 	}
 
+	/* Roaming configuration (802.11k/r/v) */
+	if (roaming) {
+		fprintf(hostapd, "\n# Fast roaming and seamless handoff (802.11k/r/v)\n");
+		fprintf(hostapd, "# 802.11r: Fast BSS Transition\n");
+		fprintf(hostapd, "mobility_domain=%s\n", mobility_domain);
+		fprintf(hostapd, "ft_over_ds=1\n");
+		fprintf(hostapd, "ft_psk_generate_local=1\n");
+		fprintf(hostapd, "nas_identifier=%s.%s\n", primary_ifname, mobility_domain);
+		fprintf(hostapd, "# 802.11k: Radio Resource Management\n");
+		fprintf(hostapd, "rrm_neighbor_report=1\n");
+		fprintf(hostapd, "rrm_beacon_report=1\n");
+		fprintf(hostapd, "# 802.11v: BSS Transition Management\n");
+		fprintf(hostapd, "bss_transition=1\n");
+		fprintf(hostapd, "\n");
+	}
+
 	/* Add BSS sections for secondary APs (multi-SSID) */
 	for (i = 1; i < ap_count; i++) {
 		DEBUG("Adding BSS section for secondary AP %s", ap_list[i]);

src/confd/yang/confd/infix-if-wifi.yang

@@ -370,6 +370,50 @@ submodule infix-if-wifi {
               }
             }
 
+            container roaming {
+              presence "Enable fast roaming (802.11k/r/v)";
+              description
+                "Fast roaming and seamless handoff configuration.
+
+                 When present, enables 802.11k/r/v features for seamless
+                 transitions between APs with the same SSID (e.g., 2.4GHz
+                 and 5GHz band steering).
+
+                 Activates:
+                 - 802.11r: Fast BSS Transition (FT)
+                 - 802.11k: Radio Resource Management (RRM)
+                 - 802.11v: BSS Transition Management
+
+                 These features allow clients to roam seamlessly between
+                 APs without losing connectivity or experiencing delays.
+
+                 Requirements for proper roaming:
+                 - Same SSID on all APs
+                 - Same passphrase on all APs
+                 - Same mobility-domain on all APs in the roaming group
+
+                 Recommended for multi-AP deployments and dual-band setups.";
+
+              leaf mobility-domain {
+                type string {
+                  pattern '[0-9a-fA-F]{4}';
+                }
+                default "4f57";
+                description
+                  "802.11r Mobility Domain identifier (4 hex digits).
+
+                   All APs that clients should roam between MUST use the
+                   same mobility domain ID.
+
+                   Default: '4f57' (hex for 'OW')
+
+                   Use the same value for:
+                   - 2.4GHz and 5GHz APs with the same SSID
+                   - Multiple APs in the same physical location
+                   - Any APs that should support fast roaming";
+              }
+            }
+
             /* Operational state */
 
             container stations {