Table of Contents
Advertisement
6 - 16 WiNG 5.6 Access Point System Reference Guide
9. Define the
Fast Roaming
Using 802.11i can speed up the roaming process from one access point to another. Instead of doing a complete 802.1x
authentication each time a client roams between access points, 802.11i allows a client to re-use previous PMK
authentication credentials and perform a four-way handshake. This speeds up the roaming process. In addition to reusing
PMKs on previously visited access points,
amongst themselves. This allows a client to roam to an access point it has not previously visited and reuse a PMK from
another access point to skip 802.1x authentication.
Pre-Authentication
Pairwise Master Key
(PMK) Caching
Opportunistic Key
Caching
10. Set the following
TKIP Countermeasure
Hold Time
Exclude WPA2-TKIP
Use SHA256
configuration used only with 802.1x EAP-WPA/WPA2 authentication.
NOTE: Fast Roaming is available only when the authentication is EAP or EAP-PSK and
the selected encryption is either WPA/WPA2-TKIP or WPA-CCMP.
Opportunistic Key Caching
Selecting this option enables an associated client to carry out an 802.1x authentication
with another access point before it roams to it. This enables a roaming client to send and
receive data sooner by not having to conduct an 802.1x authentication after roaming.
With pre-authentication, a client can perform an 802.1X authentication with other
detected access points while still connected to its current access point. When a device
roams to a neighboring access point, the device is already authenticated on the access
point, thus providing faster re-association.
Pairwise Master Key (PMK) Caching is a technique for sidestepping the need to
re-establish security each time a client roams to a different switch. Using PMK caching,
clients and switches cache the results of 802.1X authentications. Therefore, access is
much faster when a client roams back to a switch to which the client is already
authenticated.
This option enables the access point to use a PMK derived with a client on one access
point, with the same client when it roams over to another access point. Upon roaming,
the client does not have to do 802.1x authentication and can start sending and receiving
data sooner.
Advanced
settings for the WPA/WPA2-TKIP encryption scheme:
The TKIP Countermeasure Hold Time is the time a WLAN is disabled, if TKIP
countermeasures have been invoked on the WLAN. Use the drop-down menu to define a
value in either Hours (0-18), Minutes (0-1,092) or Seconds (0-65,535). The default setting
is 60 seconds.
Select this option to advertise and enable support for only WPA-TKIP. This option can be
used if certain older clients are not compatible with newer WPA2-TKIP information
elements. Enabling this option allows backwards compatibility for clients that support
WPA-TKIP and WPA2-TKIP, but do not support WPA2-CCMP. Motorola Solutions
recommends enabling this feature if WPA-TKIP or WPA2-TKIP supported clients operate
in a WLAN populated by WPA2-CCMP enabled clients. This feature is disabled by default.
Select this option to enable SHA-256 authentication key management suite. This suite
consists of a set of algorithms for key agreement, key derivation, key wrapping, and
content encryption and provide a minimum cryptographic security level of 128 bits.
allows multiple access points to share PMKs
- Quick Links:
- Accessing the Web Ui
Hide quick links:
Advertisement
Table of Contents
