Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter 设计指南
4-17
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Compatible Extensions
Figure 4-12
Proactive Key Caching Architecture
Cisco Centralized Key Management (CCKM) is a Cisco standard supported by Cisco Compatible
Extensions clients to provide fast secure roaming (FSR). The principle mechanism for accelerating the
roaming process is the same as PKC, which is to use a cached PMK. However, the implementation in
CCKM is slightly different, which makes the two mechanisms incompatible with each other. For a
detailed description of FSR and CCKM, see the following URL:
Extensions clients to provide fast secure roaming (FSR). The principle mechanism for accelerating the
roaming process is the same as PKC, which is to use a cached PMK. However, the implementation in
CCKM is slightly different, which makes the two mechanisms incompatible with each other. For a
detailed description of FSR and CCKM, see the following URL:
.
The state of the key cache for each WLAN client can be seen with the show pmk-cache all command.
This identifies which clients are caching the keys, and which key caching mechanism is being used.
This identifies which clients are caching the keys, and which key caching mechanism is being used.
The 802.11r workgroup is responsible for the standardization of an FSR mechanism for 802.11. The
WLC controller supports both CCKM and PKC on the same WLAN -802.1x+CCKM, as shown in the
following example:
WLC controller supports both CCKM and PKC on the same WLAN -802.1x+CCKM, as shown in the
following example:
WLAN Identifier.................................. 1
Network Name (SSID).............................. wpa2
…
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
…
(Cisco Controller) >show pmk-cache all
PMK-CCKM Cache
Entry
Type Station Lifetime VLAN Override IP Override
------ -------------- -------- ------------------ ---------------
CCKM 00:12:f0:7c:a3:47 43150 0.0.0.0
RSN 00:13:ce:89:da:8f 42000 0.0.0.0
PMK
PTK n
PTK n+x
PTK n+1
PTK n
PTK n+x
PTK n+1
Enterprise
Network
Mobility
group
PMK
Authentication
190653
LWAPP
LWAPP
LWAPP
LWAPP
LW
APP
LWAPP
Encryption