Fast Roaming and CCKM

Similar Messages

• CCKM/Fast Roaming CCXv3 and CCXv4 Clients

  I am trying to verify for sure if CCXv3 clients can connect to a wlan configured with 802.1X+CCKM, and security WPA2/AES and do fast roaming?
  It appears that CCXv3 clients do not support CCKM with 802.1X/EAP TLS.

  Keep in mind PMK is specific to an ap and client. If a client roams away from the ap and comes back it doesnt have to reauth becuase it uses the PMK. OKC, uses the orginal PMK generated during your first auth and then shares it with other aps to negate auth .. clients need to support OKC to take full advantage
  For flex ..
  FlexConnect Groups and CCKM
  FlexConnect Groups are required for CCKM fast roaming to work with FlexConnect access points. CCKM fast roaming is achieved by caching a derivative of the master key from a full EAP authentication so that a simple and secure key exchange can occur when a wireless client roams to a different access point. This feature prevents the need to perform a full RADIUS EAP authentication as the client roams from one access point to another. The FlexConnect access points need to obtain the CCKM cache information for all the clients that might associate so they can process it quickly instead of sending it back to the controller. If, for example, you have a controller with 300 access points and 100 clients that might associate, sending the CCKM cache for all 100 clients is not practical. If you create a FlexConnect that includes a limited number of access points (for example, you create a group for four access points in a remote office), the clients roam only among those four access points, and the CCKM cache is distributed among those four access points only when the clients associate to one of them.
  Note CCKM fast roaming among FlexConnect and non-FlexConnect access points is not supported. See the "Configuring WPA1 +WPA2" section for information on configuring CCKM.
  FlexConnect Groups and Opportunistic Key Caching
  Starting in the 7.0.116.0 release, FlexConnect groups enable Opportunistic Key Caching (OKC) to enable fast roaming of clients. OKC facilitates fast roaming by using PMK caching in access points that are in the same FlexConnect group.
  This feature prevents the need to perform a full authentication as the client roams from one access point to another. Whenever a client roams from one FlexConnect access point to another, the FlexConnect group access point calculates the PMKID using the cached PMK.
  To see the PMK cache entries at the FlexConnect access point, use the show capwap reap pmk command. This feature is supported on Cisco FlexConnect access points.
  Note The FlexConnect access point must be in connected mode when the PMK is derived during WPA2/802.1x authentication.
  When using FlexConenct groups for OKC or CCKM, the PMK-cache is shared only across the access points that are part of the same FlexConnect group and are associated to the same controller. If the access points are in the same FlexConnect group but are associated to different controllers that are part of the same mobility group, the PMK cache is not updated and CCKM roaming will fail.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Eap-fast and cckm

  Is it possible to use eap-fast authentication with CCKM on 7920 phone with WLC.
  It is working when configuring 802.1x and wep 104 bits on controller but it does not work with wpa1+wpa2.

  If the client doesn't have a PAC and automatic PAC provisioning is enabled on the ACS, then the first authentication attempt will result in a failure, which is the session where the client will receive the PAC. The 7920 only supports automatic PAC provisioning. The default PAC settings should be ok, but may want to decrease or increase based on company's security policy. Also with CCKM, this will help when roaming with an expired PAC, otherwise there will be a 20 second gap in voice when roaming with an expired PAC, where a new PAC will need to be obtained.

• WPA2+CCKM fast roaming not happening

  Hello,
  I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless
  connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.
  The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail. Any ideas?
  Thanks
  - Bill

  Preauthentication has nothing to do with WPA2 Proactive key caching nor with CCKM.
  If you enable CCKM on the SSID you would expect the clients to use CCKM for roaming, no ?
  Most clients don't support WPA2 with CCKM combined as they have overlapping roaming mechanism. What are your test clients exactly ? Did you verify if they support WPA2 with cckm ?

• CCKM, WPA, fast roaming issues

  I have a 4404 LAN controller with 1131a/g light AP's. Clients are Cisco a/b/g cards using WPA2, PEAP MSCHAPv2 and the Odyssey supplicant.
  Sometimes my clients roam between access points without losing a single packet, but other times they lose connectivity for up to 15 seconds while the client reauthenticates. Obviously, I would like to improve roaming time.
  On the WLAN controller I have WPA2 configured with AES and "auth key managment" set to 802.1x. I just upgraded to the latest (4.0) code on the controller and noticed there is a new "auth key management" setting called 802.1x + cckm.
  After much research on cckm tonight, I seem to have more questions than answers.
  Can/should cckm be used WITH WPA2?
  If not, can both WPA2 and cckm be supported on the same WLAN?
  Which auth key management setting should I be using, 802.1x or 802.1x + cckm?
  Does cckm require support of both supplicant and NIC?
  Is there anything else I can do to make roaming more seamless?

  Is it possible to use
  WPA1 + TKIP + Auth Key Mgmt="CCKM"
  or
  WPA1 + TKIP + Auth Key Mgmt="802.1x + CCKM"
  My WLC have Software Version 4.0.179.8.
  With this configuration I will need client card CCX v4 ??
  Thanks

• Roaming and 2.4 vs 5.0 on 1250 series AP design help

  Hello,
  I will be upfront and honest and state that although I am familiar with some wireless technologies, most of this stuff is a mystery to me. I have done some homework and have researched quite a bit, but have ind of hit a wall.
  I have been handed four Aironet 1250 series AP's all with the dual radio modules (2.4 and 5.0). I really need to use only one of the modules so that we can power it via POE and not enchanced POE (long story).
  So, I need help with a design. Here's what I'd like to see.
  1.       I would like to setup "roaming" so that when a wireless client goes from one AP to another it is seamless to the user and the users NIC will associate with the strongest AP signal. Can I do this by simply setting the same SSID and security on each AP, or must I have a controller to do this?
  2.       Also, I cannot seem to get older legacy clients to communicate with the 5.0 Ghz radio module (they can’t even see it) but they work fine when I switch it out for the 2.4. I know this is a very noob question, but can the older clients (non N) work on the 5.0 module)
  I have looked through a ton of documentation but there doesn’t seem to be a configuration guide that I can find for what I need to do.
  That’s it. Can someone please have mercy on me and point me in the right direction? I will be looking in the mean time but I have a lot of unknowns. I think if I can get the two questions answered above, then I can mark as resolved and run with it.
  Thanks a bushel,
  dt

  Hi Dave,
  1. Yes, the conditions for a proper roaming are : same SSID, same security settings, and the APs serving the same client subnet (so that client doesn't have to change its ip address).
  This is sufficient for data, Fast roaming is required for applications like voice and you can then look into using cckm as key mechanism and configure one AP to act as WDS to centralize the roaming keys.
  2. This is not related. 11n is available on both 2.4 and 5 ghz band. The question is if your old adapters are capable of 802.11a or not. 11a is the 54Mbps speed in the 5ghz band. I would guess they are not capable of it.
  Adapters that are on laptop now are often "abgn" meaning they can do N speeds on both 2.4 and 5ghz band. An adapter that would be "bg" or "bgn" would typically be restricted to only 2.4 Ghz.
  Hope this helps,
  Nicolas
  ===
  Please rate answers that you find useful

• Question regarding roaming and data usage

  I am currently out of my main country of service, and as such I have a question regarding roaming and data usage.
  I am told that the airplane mode is sufficient from keeping the phone off from roaming, but does this apply to any background data usage for applications and such?
  If the phone is in airplane mode, are all use of the phone including wifi and application use through the wifi outside of all extra charges from roaming?

  Ann154 wrote:
  If you are getting charged to use the wifi, then it is possible.  Otherwise no
  Just to elaborate here, Ann154 is referring to access charges for wifi, which is nothing to do with Verizon, so if you are using it in a plane, hotel, an internet cafe etc that charges for Wifi rather than being free .   Verizon does not charge you (or indeed know about!) wifi usage, or any other usage that is not on their cellular network (such as using a foreign SIM for example in global phones)  So these charges, if any, will not show up on the verizon bill app.  Having it in airplane mode prevents all cellular data traffic so you should be fine

• Hi...lags animations in games and messages and album pic..when disable assistive touch,it's true and fix..please release update to fix this in ios 7.1..i need assistive touch and fast game and animation booth!!

  Hi...lags animations in games and messages and album pic..when disable assistive touch,it's true and fix..please release update to fix this in ios 7.1..i need assistive touch and fast game and animation booth!!

  No Apple here, user to user forum.
  I will not be releasing any version of iOS ever.

• How do you run to Drives on the same screen. I installed a ssd and a hhd to my mac but i can only view the content of the drive only if i boot of that drive. Im try to have my ssd for fast boots and hhd for my music,movies etc. Please help.

  I installed a samsung 840 pro SSD to my primary slot and relocated my 1.5 TB HDD to a data double where my optical drive was. I transfered my apps and Mac OS X to my SSD for fast boots and all my itunes movies, music, Iphoto etc to my HDD. I rebooted off my SSD then seen all the data on my HHD itunes movies, music, iphotos etc i cannot view on my SSD. So my question is how do you view all the content on both the ssd and hdd on the same screen with having to boot off one or the other?

  No, what I'm saying is that once you boot into OSX, you should be able to see both drives listed.  If you don't then either OSX is hiding the other drive because it sees it as a boot drive and is trying to protect the contents from novice users or there's another problem.  If it's the first thing (i.e. it's a protection thing), then your only option would be to boot into the old drive, copy off all your personal data to an external backup drive, then reboot into the SSD and go into Disk Utilities and wipe/reformat the second drive so that you can see it as a regular secondary drive.  Then when you see it as that, you can copy your data back to it.
  Be carefull poking around in Disk Utility as you can easily lose your data.  It's possible the Mac just isn't mounting that second drive because it sees it as another boot drive.  Whatever you do, don't accidentally erase it without getting a copy of your data off of it because you obviously don't have that on your SSD now.

• When I reboot my iMac I'll get hard disk selection instead of fast login and I am not using boot camp! Any help is greatly appriciated!

  When I reboot my iMac I'll get hard disk selection instead of fast login and I am not using boot camp! Any help is greatly appriciated!

  Have you selected which disk you want to boot from? In System Preferences, click startup disk and choose the drive you want as your default boot drive.

• Using avid m-audio fast track and avid m-audio fast track solo together

  I Wanted to use avid m-audio fast track and avid m-audio fast track solo together so that I can get 4 inputs
  i I tried to select it, but could enable any one only. How can I use them together??

  You can use only one device at a time I Logic. However, in the Audio MIDI Setup utility (Applications>Utilities) you can create an aggregate device, which effectively combines multiple devices into one "virtual" device, which you can then choose in Logics' coreaudio device setup.
  How to combine multiple audio interfaces by creating an aggregate device

• Can I setup "Roaming" and "Extended Network" on the same device?

  I have 2 buildings that need wifi coverage.  In the main building, I have 2 Apple Airport Extremes.  I have one as the main router.  The 2nd has a network cable from the 1st unit and is setup as "Roaming".  I would like to add "Extended Network" (wireless) function to the 2nd unit.  Then I would place a 3 Airport Extreme at the 2nd building.  I have signal at the 2nd building, but I would like it to be stronger. 
  Can I setup an Airport Extreme with Roaming and Extended Network functions and if so, how would I do it.
  Thank you.

  Yes, that should be no problem.
  Windows 7 uses 5.6 airport utility.. what model extreme are you setting up??
  But it is relatively simple.. you do not need to generally do anything now for the AE setup for roaming..
  On the one you will extend, simply plug it into a computer.. run the airport utility.. go to the wireless tab and put in the extend wireless with the name and security of the wireless you are extending.

• International Roaming and Whats it all about.

  Roaming and what’s it about?Roaming is when you are no longer able to Pick Up your home Network (O2-UK). This is normally when you are in another country. However it is possible to pick up French Network when in UK and the Irish Networks when you’re still in Northern Ireland.  But if you phone is displaying anything else beside O2-UK or BT Cellnet (On Some Older Phones), then you are Roaming on a Foreign Network and Roaming Charges will apply if Services are used. Is O2-IE the same as O2-UK?Answer is no. O2-IE is a completely independent business to O2-UK and therefore Roaming Charges would apply.O2-IE (O2 Ireland) and O2-UK (O2 United Kingdom) are both Part of the Telefonica Group, but this is all and is 2 Separate businesses  Do I need to Activate Roaming?If you are an O2 PAYG Customer then Roaming is activated automatically as you can only spend what you have in Credit.O2 Contract customers may need to call 202 to confirm they have Roaming Activated on their account if they have never used the service before or had issues in the past.  How does Roaming Work?When you travel outside your Home Network, your Mobile Phone Sim will ask the Roaming (Foreign) network first if it can use the services on their Network. (You IMEI number of your phone is also sent to verify it’s not the Stolen / Missing Database as well) The Foreign Network will take details from your Sim card and go back to the International Centre and check if O2 has an agreement first to use the Network and then if the Sim card is activated to use the Roaming. (This is why there is a delay sometimes in first switching on your mobile to you getting a signal and a Network Name) If all comes back ok, then the Sim will receive instruction and you notice the Roaming Network Name shown on your phone. What you may not know is that when the phone is authorised to use the Roaming Network, It is given a temporary allocated foreign number of the country you are visiting. So you may have someone calling you and they may notice that the Ring tone suddenly sounds different in their Earpiece and not like the UK Ring. This is because of the Foreign Number allocated and that you are roaming on their Countries Network. One this you will never know though is the Temporary Roaming Number as this is only a Forward number and changes.  So what charges do you pay for when roaming?Making Calls?                     Yes you pay for all of the Call.Receiving Calls?                                Yes you pay for the Roaming country Inbound Part of the Call.Sending a SMS?                                Yes you pay to send a SMS.Receiving a SMS?             No it’s free to receive a SMS.Sending a MMS?              Yes you pay to send a MMS.Receiving a MMS?           You may be charged for Data Usage to receive the MMS ( I never have on O2, But I know other UK networks charge)Data Usage                         Is all chargeable  The Person who is Calling or Texting you from the UK. This is where a lot of confusion becomes and people become worried regarding charges.                        Simple Fact to Remember:Even though the person you are contacting is abroad. You are still only calling their UK Mobile Number. So treat it as they are still in the UK. So for example: If you have free UK Text allowance, it will still be Free (Your Texting a UK mobile Number)If you have Free UK Minutes, then again you are calling a UK Mobile Number, so it will use your UK Minutes Allowance.If you don’t have Free Allowances, then you will be charged at your normal standard Rate of ringing a UK or Texting a UK Mobile number  Couple of Questions and Answers that may come in useful: Q)   I’m abroad and my friend is abroad, will I be charged to contact my friend as I’m only calling a UK Mobile numberA)   Yes, even though you are calling a UK Mobile Number. You are not in the UK and the person you are calling isn’t, so you will pay the Roaming Charges to make the call and the person who is receiving the call will pay the inbound part of the charge Q)   Why am I charged twice for Voice Mail Messages?A)   When someone tries to contact you and you don’t answer, the call is then passed back to the O2-UK voice mail as a return call, So you pay for the Return part of the call even though you didn’t answer your Mobile. Then when you want to listen to your voice mail, you pay to make the call and listen to it. So this is where Double Charges apply Q)   Why are inbound SMS free when I’m abroad?A)   This was set by the EU Telecoms Parliament, that any EU Mobile Company must allow their users to allow incoming SMS for Free anywhere in the world. Q)   What is the Difference between Roaming and Home Networks?A)   Your home network is in your network where you purchased the Sim from. So if you purchased your Sim card in the UK and from O2, your home network would be O2-UK and you would be allocated a UK Mobile number.Roaming is when you are no longer on your home network. So for example you go to Spain and you pick up Telefonica ES. This mean you are Roaming on a Spanish Network. If you have any other questions please ask and I will gladly try to answer them and will keep editing the 1st thread to make it easier for everyone to read.

  All calls to the UK to landline numbers use the international code +44 and drop the first zero. Mobiles you normally just dial the number as you would if in the UK but on some US networks you do have to use the +44.Some info here to call the BVI from the US.http://www.countrycallingcodes.com/results.php?FromCode=United+States&ToCode=British+Virgin+IslandsBe awre of the call costs from the USA :When in:       Calling:  Landlines - per minute99pMobiles - per minute£1.49 Receiving calls - per minute99pSending texts - per message49pCost per MB of using data:Data usage£6 

• My macbook pro 2006 fan goes high and then makes a fast beep and shuts down it been happening since i updated

  my macbook pro 2006 fan goes high and then makes a fast beep and shuts down it been happening since i updated it should i update to lion?

  No, this problem should be solved.
  The MBP shuts down when too hot, to protect itself. First see if it is a process running astray: start Activity Monitor (in Applications/Utilities) choose <all processes> and click the %CPU column: are there processes that are using more than 50% cpu power? If yes click it and quit it, and tell us which one.

• Subtitle buttons - fast-forward and rewinding issue

  I am new to DVD Studio Pro 4 and I have project that uses a subtitle button over a video track to provide users with the ability to go "back" to the previous menu - the menu in which they selected the track.
  There is a problem using this method however, when fast-forward or rewind is pressed, then the track starts to play again, the back button is now hosed. My thought is that this is because of the chapter markers not being refreshed in the middle of a subtitle, only at the begining and end like bookends.
  Is there a way around this? If not, are there any buggy issues with locking down the user controls for fast-forward and rewind? Any help would be much appreciated...
  -charlie

  You can lock out the User Ops for Fast Forward Rewind or whatever you want. Probably a good idea if you are using the track as a menu effectively.
  If however the track is amovie and you want them to go back to the menu where they selected it you can target the menu for any track to go back to a specific menu. Click on the track and check out the Inspector near the bottom where it syas Remote Control. Target the menu you want people to go to back to when they press Menu on their Remote
  Steve Kirkham