WPA2 + 802.11r (Fast Transition)

WPA2 + 802.11r is ordinary WPA2-PSK with Fast BSS Transition (FT) layered on top to make roaming between access points nearly instant. On a normal WPA2 network, every time a client moves to a new AP it runs a full four-way handshake, a delay of hundreds of milliseconds that is audible on a voice call. 802.11r, ratified as IEEE 802.11r-2008, fixes this by advertising a mobility domain and pre-distributing a key hierarchy: a top-level PMK-R0 is derived once, then per-AP PMK-R1 keys are pushed out ahead of the roam, so a client reassociates to the next AP in well under 50 milliseconds without repeating the full handshake.

The essential point for an operator is that FT changes roaming, not security. The pairwise keys still descend from the same pre-shared key, so the confidentiality and the crackability of the network are identical to plain WPA2-Personal. A network does not become stronger by enabling 802.11r; it only becomes faster to roam. Anything that breaks WPA2-PSK breaks WPA2-FT exactly the same way.

On the New Network form, choose WPA2 + 802.11r (Fast Transition) and set a passphrase, just as you would for WPA2-Personal. Tala WTE writes wpa_key_mgmt=FT-PSK WPA-PSK, a mobility_domain, ft_psk_generate_local=1 so the AP derives the FT keys itself, and leaves PMF optional. The result advertises the full set of FT information elements (the mobility domain element and the FT element) and runs the FT key hierarchy on association.

A roaming demonstration needs two or more APs in the same mobility domain, which a single-radio lab box cannot fully stage, but the single AP still exercises everything you capture and attack: the FT information elements are on the air to inspect, and the initial mobility-domain association still runs an EAPOL four-way handshake carrying PSK-derived keys. For a teaching network, pick a passphrase a wordlist contains (for example Summer2026!) so the capture below cracks. For the full New-Network walkthrough, see Networks.

FT handshake / PSK capture

The first association into the mobility domain still runs a four-way handshake whose keys derive from the PSK, so capturing it is identical to attacking any WPA2 network. Force a reconnect, capture the handshake, and crack it offline:

airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w ft wlan0mon
aireplay-ng -0 3 -a AA:BB:CC:DD:EE:FF wlan0mon
hashcat -m 22000 ft.hc22000 wordlist.txt

Judgment: FT adds no protection to the handshake. The passphrase is the whole game, exactly as on WPA2-Personal.

KRACK against the FT handshake (CVE-2017-13082)

The Fast Transition handshake has its own key-reinstallation flaw, CVE-2017-13082: a retransmitted FT reassociation request makes the AP reinstall an already-in-use pairwise key, resetting the nonce and replay counter and exposing the keystream. It is notable because, unlike the client-side KRACK variants, the 802.11r flaw is an AP-side bug that an attacker triggers without needing to be a man in the middle.

Judgment: enabling 802.11r adds an attack surface that plain WPA2 does not have. Unpatched FT-capable APs are directly exploitable.

Deauthentication without PMF

PMF is optional here, so unprotected deauthentication frames are honored and drive the forced reconnect the capture above relies on:

aireplay-ng -0 0 -a AA:BB:CC:DD:EE:FF wlan0mon

Judgment: optional PMF leaves the legacy management-frame attack surface open, the same as on any pre-PMF WPA2 network.

802.11r is common wherever seamless roaming matters: enterprise and campus wireless, hospitals, warehouses, and anywhere voice-over-Wi-Fi runs. It is frequently paired with 802.11k and 802.11v as a roaming bundle. Because it rides on top of WPA2-PSK (or, in enterprise deployments, FT over 802.1X), its security posture is inherited wholesale from the underlying method. The field lesson is to read 802.11r as a performance feature and to assess the network on its PSK or its EAP configuration, not on the presence of fast roaming.

Harden the WPA2 underneath, because that is where the security lives. Choose a long, high-entropy passphrase so the inevitable handshake capture is computationally hopeless rather than a wordlist hit, since FT does nothing to help a weak PSK. Patch the FT key-reinstallation flaw (CVE-2017-13082) on every AP. Require PMF where the client fleet supports it to remove the deauthentication primitive. And for an enterprise estate, prefer FT over 802.1X (per-user EAP) rather than FT-PSK, so there is no shared passphrase to capture and crack at all; see WPA2-Enterprise.

• IEEE 802.11r-2008 - Fast BSS Transition, the amendment defining the mobility domain and the PMK-R0/PMK-R1 hierarchy.
• IEEE 802.11-2020 - the consolidated standard incorporating Fast BSS Transition.
• CVE-2017-13082 - key reinstallation in the 802.11r FT handshake (the AP-side KRACK variant).
• WPA2-Personal - the underlying method whose handshake and PMKID weaknesses FT inherits.