Cisco Cisco 2504 Wireless Controller 기술 매뉴얼
clients to be used on this WLAN should be completed if this is really needed.
It is very important to understand that fast-secure roaming methods are developed in order to
accelerate the WLAN roaming process when you move between APs if the WLAN/SSID has
security enabled. When no security is in place, there is nothing to accelerate, as the client-AP
simply exchanges the wireless management frames that are always required when roaming
between APs before data frames are sent (Open System Authentication from the client, Open
System Authentication from the AP, Reassociation Request, and Reassociation Response).
Therefore, this cannot move any faster. If you encounter roaming issues without security, then
there are no fast-roaming methods to improve roaming, only methods in order to confirm if the
WLAN/SSID setup and design are appropriate for the wireless client stations to roam
accordingly between the AP coverage cells.
It is very important to understand that fast-secure roaming methods are developed in order to
accelerate the WLAN roaming process when you move between APs if the WLAN/SSID has
security enabled. When no security is in place, there is nothing to accelerate, as the client-AP
simply exchanges the wireless management frames that are always required when roaming
between APs before data frames are sent (Open System Authentication from the client, Open
System Authentication from the AP, Reassociation Request, and Reassociation Response).
Therefore, this cannot move any faster. If you encounter roaming issues without security, then
there are no fast-roaming methods to improve roaming, only methods in order to confirm if the
WLAN/SSID setup and design are appropriate for the wireless client stations to roam
accordingly between the AP coverage cells.
●
802.11r/FT is implemented with WPA2-PSK in order to accelerate roaming events with this
security by avoiding the 4-Way handshake, as explained within the 802.11r section.
security by avoiding the 4-Way handshake, as explained within the 802.11r section.
●
All of the methods have their advantages and disadvantages, but in the end, you must always
verify if the wireless client stations support the specific method that you want to implement,
and if the Cisco WLAN infrastructure supports all of the methods available. Thus, you must
select the best method that is actually supported by the wireless clients that connect to the
specific WLAN/SSID. For example, in some deployments you might create a WLAN/SSID with
CCKM for Cisco wireless IP Phones (which support WPA2/AES with CCKM, but not 802.11r),
and then another WLAN/SSID with WPA2/AES via 802.11r/FT for wireless clients that support
this Fast Secure Roaming method (or use OKC, if this is what is supported).
verify if the wireless client stations support the specific method that you want to implement,
and if the Cisco WLAN infrastructure supports all of the methods available. Thus, you must
select the best method that is actually supported by the wireless clients that connect to the
specific WLAN/SSID. For example, in some deployments you might create a WLAN/SSID with
CCKM for Cisco wireless IP Phones (which support WPA2/AES with CCKM, but not 802.11r),
and then another WLAN/SSID with WPA2/AES via 802.11r/FT for wireless clients that support
this Fast Secure Roaming method (or use OKC, if this is what is supported).
●
If the wireless clients do not support any of the fast-secure roaming methods available, then
you might need to accept the fact that those clients will always experiment the delays
explained in this document when roaming between APs on a WLAN/SSID with 802.1X/EAP
security (which can cause disruptions on the client apps/services).
you might need to accept the fact that those clients will always experiment the delays
explained in this document when roaming between APs on a WLAN/SSID with 802.1X/EAP
security (which can cause disruptions on the client apps/services).
●
All methods, except SKC (WPA2 PMKID Caching), are supported for fast-secure roaming
between APs managed by different WLCs (intercontroller roaming), as long as they are on the
same mobility group.
between APs managed by different WLCs (intercontroller roaming), as long as they are on the
same mobility group.
●
Related Information
●
●