Archives 2025

Wi-Fi Roaming Performance in MDUs: Navigating Seamless Connectivity

By In 802.11 Networks Corp
Wi-Fi Roaming Performance in MDUs: Navigating Seamless Connectivity



Introduction: The Quest for Uninterrupted Connectivity

At 802.11 Networks Corp, we’re driven by a passion for Enterprise Wireless. We believe in demystifying complex topics, diving deep into the technical intricacies, and presenting our findings in a way that sparks conversation and propels industry-wide improvements. Today, we’re focusing on a critical aspect of modern living: Wi-Fi roaming in Multi-Dwelling Units (MDUs).

Think bustling apartment complexes, vibrant student housing, comfortable senior living facilities, and modern condominiums. Why this focus?

  • Ubiquity of MDU Living: A significant portion of the population resides in MDUs. In the US, estimates range from 30% to 42%, highlighting the sheer scale of this living arrangement.
  • The Promise of Managed Wi-Fi: MDUs offer a unique opportunity for property-wide, managed Wi-Fi solutions. When implemented effectively, these systems deliver substantial technical and economic advantages to residents.

A cornerstone of a successful managed Wi-Fi deployment is seamless roaming. Residents expect their connected devices to transition smoothly between access points (APs) as they move throughout the property. This eliminates frustrating disconnections and ensures a consistent user experience.

In this post, we’ll dissect common MDU deployment architectures, exploring their strengths and weaknesses. We’ll start by differentiating between managed and non-managed environments, then delve into four specific client authentication and roaming scenarios. Our goal is not to declare a “winner” but to foster a constructive dialogue that enhances human connectivity.

Understanding MDU Wi-Fi Architectures

To fully understand the results of the performance test, we must first understand the architectures that are being tested.

1. Traditional Residential Deployments: The “Home Router” Approach

  • Each apartment operates its own dedicated home router.
  • These networks typically feature:
    • A private SSID secured with WPA2-Personal for individual residents.
    • A universal SSID, often utilizing Passpoint with pre-installed profiles, enabling limited roaming across the complex.
  • Technical Characteristics:
    • NAT (Network Address Translation) is standard, isolating each apartment’s network.
    • 802.11r (Fast Transition) is generally absent.
    • Some APs may implement key caching to expedite re-authentication for returning devices.
  • Limitations:
    • Limited roaming performance.
    • Interference between many routers.
    • Difficult to manage as a whole.

2. Managed MDU Deployments: Centralized Control

  • A professionally designed RF network covers the entire property.
  • APs are strategically placed based on a thorough RF survey, ensuring optimal coverage.
  • A single, unified SSID is broadcast throughout the property.
  • Technical Characteristics:
    • VLANs (Virtual Local Area Networks) are employed to segregate resident traffic, ensuring privacy and security.
    • Authentication options include:
      • Passpoint-like systems with pre-installed profiles (ideal for smartphones and laptops).
      • Multi-PSK (MPSK) solutions with RADIUS authentication (offering a balance of security and ease of use, and better IoT compatibility).
  • Key Points:
    • Allows 802.11r to be implemented
    • Centralized management and troubleshooting.
    • Enhanced security and privacy relative to using a single, shared PSK.
    • Ability to fine tune the network.

Quantifying Roaming Performance: The Test Bed

To objectively assess roaming performance, we constructed a test bed that replicated the scenarios described above. We distilled the myriad of possible configurations into four representative cases:

  1. WPA2-Enterprise (TLS) + Bridged + 802.11r:
    • Represents a managed MDU with Passpoint or similar pre-installed profiles.
    • Bridged network: Clients retain their IP address during roaming.
    • 802.11r: Rapid authentication using R1 keys distributed via the Distribution System (DS).
  2. WPA2-Enterprise (TLS) + NAT’d + Key-Caching:
    • Mirrors the universal roaming SSID in traditional residential deployments (e.g., Xfinity Mobile Hotspot).
    • NAT’d network: DHCP lease renewal and Layer 3 (L3) connection break during roaming.
    • Key caching: Speeds up re-authentication for returning clients, but no 802.11r.
  3. MPSK-RADIUS + Bridged + 802.11r (or Key-Caching):
    • Represents a managed MDU with MPSK and RADIUS authentication.
    • Bridged network: Maintains L3 connection.
    • 802.11r availability based on capabilities of backend MPSK solution used
    • Each resident gets a unique PSK tied to a VLAN.
  4. MPSK-RADIUS + NAT’d + Key-Caching:
    • While less common, it was tested to provide a complete view.
    • NAT’d network.
    • Key Caching.

The Test Setup: Precision and Control

  • Two Enterprise OpenWiFi APs broadcasted the four SSIDs, each corresponding to a test case.
  • The APs were connected to a Linux-based router (providing DHCP, RADIUS, and NAT) via a switch.
  • FreeRADIUS was used for RADIUS authentication.
  • All tests were conducted in RF isolation chambers to ensure accuracy.
  • Roaming events were manually triggered for consistent results.

Test Architecture Diagram:

A diagram of a computer network AI-generated content may be incorrect.

Test Execution: Measuring Roaming Dynamics

  • Each test began with a pre-authenticated client connected to AP1.
  • A continuous ping to 8.8.8.8 (Google DNS) was executed with a 1-second interval.
  • Four manual roaming events were triggered during the 100-ping test.
  • Latency and packet loss were recorded for each scenario.

Results: A Clear Picture of Performance

  • WPA2-Enterprise (TLS) + Bridged + 802.11r:
    • Packet Loss: 4%
    • Average Latency: 16.98 ms
  • WPA2-Enterprise (TLS) + NAT’d + Key-Caching:
    • Packet Loss: 12%
    • Average Latency: 19.91 ms
  • MPSK-RADIUS + Bridged + 802.11r:
    • Packet Loss: 1%
    • Average Latency: 18.20 ms
  • MPSK-RADIUS + NAT’d + Key-Caching:
    • Packet Loss: 9%
    • Average Latency: 18.07 ms

Analysis and Conclusion: Optimizing MDU Wi-Fi

Why Roaming Matters: Seamless roaming is essential for a positive user experience in MDUs. Disruptions lead to frustration and decreased productivity.

Best Solutions:

  • Managed MDUs:
    • Regardless of the authentication method (MPSK/WPA2-Enterprise), Bridged networks with 802.11r offer excellent performance.
    • MPSK-RADIUS with VLANs adds user-friendlinesss for IoT devices
  • Traditional Residential:
    • NAT’d networks with key caching are common, but less ideal.
    • Requires separate, universal SSID for Roaming across property.

Client Considerations:

  • Passpoint benefits devices with pre-installed profiles.
  • MPSK-RADIUS accommodates IoT and other devices with limited capabilities.

Comparison Matrix:

FeatureWPA2-Enterprise (TLS) + Bridged + 802.11rWPA2-Enterprise (TLS) + NAT’d + Key-CachingMPSK-RADIUS + Bridged + 802.11rMPSK-RADIUS + NAT’d + Key-Caching
Network ModeBridgedNAT’dBridgedNAT’d
Roaming Support802.11rKey-Caching802.11r (partial)Key-Caching
AuthenticationPasspoint (pre-installed profiles)Passpoint (pre-installed profiles)MPSK MPSK 
Traffic SegmentationVLANsPer-user NATVLANsPer-user NAT
Packet Loss4%12%1%9%
Average Latency (ms)16.9819.9118.2018.07
Best Use CaseManaged MDU, devices with Passpoint profilesTraditional Residential Model (Separate NAT’d Home Router per unit)Managed MDU, diverse client device typesLess Common deployment use cases. TBD.
ProsLowest latency, seamless roamingSimpler NAT isolationVery low packet loss, diverse client ecosystemTBD
ConsPasspoint reliance can limit IoT device supportHigher packet loss, DHCP renewalsPartial 802.11r supportHigher packet loss compared to Bridged 802.11r

Key Takeaway: By understanding these technical nuances, Professional WLAN experts, like 802.11 Networks Corp, can help ISPs & MDU Network Operators to deliver exceptional roaming experiences.