Table of Contents
Advertisement
Chapter 5
Configuring the Client Adapter
During normal operation, LEAP-enabled clients mutually authenticate with a new access point by
performing a complete LEAP authentication, including communication with the main RADIUS server.
However, when you configure your wireless LAN for fast roaming, LEAP-enabled clients securely roam
from one access point to another without the need to reauthenticate with the RADIUS server. Using
Cisco Centralized Key Management (CCKM), an access point that is configured for wireless domain
services (WDS) uses a fast rekeying technique that enables client devices to roam from one access point
to another in under 150 milliseconds (ms). Fast roaming ensures that there is no perceptible delay in
time-sensitive applications such as wireless Voice over IP (VoIP), enterprise resource planning (ERP),
or Citrix-based solutions.
This feature is enabled on the client adapter in two ways, depending on the software installed:
•
•
Regardless of how fast roaming is enabled on the client adapter, it must also be enabled on the access
point.
Note
Access points must use Cisco IOS Release 12.2(11)JA or greater to enable fast roaming. Refer to the
documentation for your access point for instructions on enabling this feature.
Note
If the Microsoft 802.1X supplicant is installed on your computer, you must disable one or two Windows
parameters in order for this feature to operate correctly. Refer to
for details.
Reporting Access Points that Fail LEAP Authentication
Client adapter firmware version 5.02.20 or greater and the following access point firmware versions
support a feature that is designed to detect access points that fail LEAP authentication:
•
•
An access point running one of these firmware versions records a message in the system log when a
client running firmware version 5.02.20 or greater discovers and reports another access point in the
wireless network that has failed LEAP authentication.
The process takes place as follows:
1.
2.
3.
4.
5.
6.
Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows
OL-1394-07
If you are using ACU version 6.2 and client adapter firmware version 5.30.15 (which is included in
Install Wizard version 1.2), you need to enable fast roaming in ACU. Refer to
"Enabling LEAP"
section for details.
If you are using client adapter firmware version 5.20.17 (which is included in Install Wizard version
1.1), fast roaming is supported automatically.
12.00T or greater (340, 350, and 1200 series access points)
Cisco IOS Release 12.2(4)JA or greater (1100 series access points)
A client with a LEAP profile attempts to associate to access point A.
Access point A does not handle LEAP authentication successfully, perhaps because the access point
does not understand LEAP or cannot communicate to a trusted LEAP authentication server.
The client records the MAC address for access point A and the reason why the association failed.
The client associates successfully to access point B.
The client sends the MAC address of access point A and the reason code for the failure to access
point B.
Access point B logs the failure in the system log.
Setting Network Security Parameters
Step 10
Step 13
in the
"Enabling LEAP"
in the
section
5-27
Advertisement
Table of Contents
Troubleshooting
