Cisco Cisco 2504 Wireless Controller Manual Técnica
in order to analyze and explain the events that occur for each roaming method described.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
IEEE 802.11 WLAN Fundamentals
●
IEEE 802.11 WLAN Security
●
IEEE 802.1X/EAP Basics
●
Components Used
The information in this document is based on Cisco WLAN Controller Software Version 7.4, but
most of the debug outputs and behaviors described might apply to any software version that
supports the methods discussed.
most of the debug outputs and behaviors described might apply to any software version that
supports the methods discussed.
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Background Information
Before a description of the different fast-secure roaming methods available for WLANs is given, it
is important to understand how the WLAN association process works, and how a regular roaming
event occurs when there is no security configured on the Service Set Identifier (SSID).
is important to understand how the WLAN association process works, and how a regular roaming
event occurs when there is no security configured on the Service Set Identifier (SSID).
When an 802.11 wireless client connects to an Access Point (AP), before it begins to pass traffic
(wireless data frames), it first must pass the basic 802.11 Open System authentication process.
Then, the association process must be completed. Think of the Open System authentication
process as "connecting the cable" on the AP that the client selects. This is very important to
understand, because it is always the wireless client that selects which AP is preferred, and bases
the decision on multiple factors that vary between vendors. This is why the client begins this
process by sending the Authentication frame to the selected AP, as shown later in this document.
The AP cannot request that you establish a connection.
(wireless data frames), it first must pass the basic 802.11 Open System authentication process.
Then, the association process must be completed. Think of the Open System authentication
process as "connecting the cable" on the AP that the client selects. This is very important to
understand, because it is always the wireless client that selects which AP is preferred, and bases
the decision on multiple factors that vary between vendors. This is why the client begins this
process by sending the Authentication frame to the selected AP, as shown later in this document.
The AP cannot request that you establish a connection.
Once the Open System authentication process is completed successfully with a response from the
AP ("cable connected"), the association process essentially finishes the 802.11 Layer 2 (L2)
negotiation that establishes the link between the client and the AP. The AP assigns an association
ID to the client if the connection is successful, and prepares it in order to pass traffic or perform a
higher-level security method if configured on the SSID. The Open System authentication process
consists of two management frames as well as the association process. Authentication and
Association frames are wireless management frames, not data frames, which are basically the
ones used for the connection process with the AP.
AP ("cable connected"), the association process essentially finishes the 802.11 Layer 2 (L2)
negotiation that establishes the link between the client and the AP. The AP assigns an association
ID to the client if the connection is successful, and prepares it in order to pass traffic or perform a
higher-level security method if configured on the SSID. The Open System authentication process
consists of two management frames as well as the association process. Authentication and
Association frames are wireless management frames, not data frames, which are basically the
ones used for the connection process with the AP.
Here is a capture of the wireless frames over-the-air for this process: