Fast Roaming for Wireless Clients
Instant supports the following features that enable fast roaming of clients:
- Opportunistic Key Caching
- Fast BSS Transition (802.11r Roaming)
- Radio Resource Management (802.11k)
- BSS Transition Management (802.11v)
- Fast Roaming for Wireless Clients
Opportunistic Key Caching
Instant supports OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. -based roaming. In OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. -based roaming, the Instant AP stores one PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. per client, which is derived from the last 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication completed by the client in the network. The PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. cache is used to identify authenticated clients when it roams to a new Instant AP. This allows faster roaming of clients between the Instant APs in a cluster, without requiring a complete 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. The ageout period of client entries in the PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. cache is 8 hours, after which the client entry is deleted and the client must re-authenticate into the network.
OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. roaming (when configured in the 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. Authentication profile) is supported on WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. clients. If the wireless client (the 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. supplicant) does not support this feature, a complete 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is required whenever a client roams to a new Instant AP.
Configuring an Instant AP for OKC Roaming
The following procedure describes how to enable OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. roaming on a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. by using the Instant WebUI:
- Navigate to Networks page >
- Under select the network you want to configure and click .
- Select the tab.
- In the drop-down list box, select .
- In the Key management drop-down list box, select or .
- Under toggle the switch to enable.
- Click and then .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command enables OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. roaming on a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile "<name>")# opmode {wpa2-aes| wpa-tkip,wpa-aes,wpa2-tkip,wpa2-aes}
(Instant AP)(SSID Profile "<name>")# okc
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command disables OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. roaming on a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile "<name>")# opmode {wpa2-aes|wpa-tkip,wpa-aes,wpa2-tkip,wpa2-aes}
(Instant AP)(SSID Profile "<name>")# no okc
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command displays the client entries in the PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. cache:
(Instant AP)# show ap pmkcache
Configuring the Ageout Time for PMK Cache Entries
The PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. cache stores the details of connected clients for authenticating clients roaming between different APs. By default, the client details in the PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. cache is stored for about 8 hours after the client disconnects or gets timed out from the network. However, client entries in the PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. cache can be deleted immediately after a client disconnects or gets timed out from the network. This is configured in the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile by enabling the delete-pmkcache parameter using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command deletes the client details in the PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. cache immediately after client disconnection or timeout:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile "<name>")# delete-pmkcache
Fast BSS Transition (802.11r Roaming)
802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. is a roaming standard defined by IEEE Institute of Electrical and Electronics Engineers.. When enabled, 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. reduces roaming delay by pre-authenticating clients with multiple target Instant APs before a client roams to an Instant AP. With 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. implementation, clients pre-authenticate with multiple Instant APs in a cluster.
As part of the 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. implementation, Instant supports the Fast BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. Transition protocol. The Fast BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. Transition mechanism reduces client roaming delay when a client transitions from one BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. to another within the same cluster. This minimizes the time required to resume data connectivity when a BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. transition happens.
Fast BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. Transition is operational only if the wireless client supports 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. standard. If the client does not support 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. standard, it falls back to the normal WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. authentication method.
Configuring an Instant AP for 802.11r support
The following procedure describes how to configure 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. support for a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. by using the Instant WebUI:
- Navigate to Networks page >
- Under select the network you want to configure and click .
- Select the tab.
- Under , toggle the switch to enable.
- Click and then .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command enables 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. roaming on a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# dot11r
Mobility Domain Identifier
In a network of standalone Instant APs within the same management VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. roaming does not work. This is because the mobility domain identifiers do not match across Instant APs. They are auto-generated based on a virtual controller key. Instant introduces a an option for users to set a mobility domain identifier for 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. SSIDs Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. For standalone Instant APs in the same management VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. roaming works only when the mobility domain identifier is configured with the same value.
You can configure a mobility domain identifier by using the Instant WebUI:
- Navigate to Networks page >
- Under select the network you want to configure and click .
- Select the tab.
- Under , toggle the switch to enable.
- In the text box, enter the mobility domain identifier.
- Click and then .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command enables MDID on a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# mdid <Mobility domain ID>
Radio Resource Management (802.11k)
The 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. standard provides mechanisms for Instant APs and clients to dynamically measure the available radio resources and enables stations to query and manage their radio resources. In an 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN.-enabled network, Instant APs and clients can share radio and link measurement information, neighbor reports, and beacon reports with each other. This allows the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network infrastructural elements and clients to assess resources and make optimal mobility decisions to ensure QoS Quality of Service. It refers to the capability of a network to provide better service and performance to a specific network traffic over various technologies. and seamless continuity.
Instant supports the following radio resource management information elements with 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. support enabled:
- —The power constraint element contains the information necessary to allow a client to determine the local maximum transmit power in the current channel.
- Instant AP channel report element contains a list of channels in a regulatory class where a client is likely to find an Instant AP, including the Instant AP transmitting the Instant AP channel report. —The
- —The RRM-enabled capabilities element signals support for radio measurements in a device. The clients use this IE to specify their radio measurement capabilities.
- BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. load element contains information on the density of clients and traffic levels in the QBSS. —The
- TPC Transmit Power Control. TPC is a part of the 802.11h amendment. It is used to regulate the power levels used by 802.11a radio cards. IE contains transmit power and link margin information. —The
- 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. Quiet IE information elements. When you enable RRM Quiet IE, the Instant AP will advertise in beacon and probe responses from Quiet IE, which is used to silence the channel for measurement purposes. When an AP uses Quiet IE to schedule a quiet interval, stations will not transmit on that channel during the interval. : Turn off the toggle switch to disable Quiet IE and disable transmission of
- IEEE Institute of Electrical and Electronics Engineers. 802.11 802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. station. —The extended capabilities IE carries information about the capabilities of an
Beacon Report Requests and Probe Responses
The beacon request frame is sent by an Instant AP to request a client to report the list of beacons detected by the client on all channels.
- The beacon request is sent using the radio measurement request action frame.
- It is sent only to those clients that have the capability to generate beacon reports. The clients indicate their capabilities through the RRM enabled capabilities IE sent in the association request frames.
- By default, the beacon request frames are sent at a periodicity of 60 seconds.
Configuring a WLAN SSID for 802.11k Support
The following procedure describes how to enable 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. support on a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. by using the Instant WebUI:
- Navigate to Networks page >
- Under select the network you want to configure and click .
- Select the tab.
- Under , toggle the switch to enable.
- Click and then .
To allow the Instant AP and clients to exchange neighbor reports, ensure that Client Match is enabled through in the WebUI or by executing the command in the configuration sub-command mode.
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command enables the 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. profile:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# dot11k
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command is used to view the beacon report details:
(Instant AP)# show ap dot11k-beacon-report <mac>
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command is used to view the neighbor details:
(Instant AP)# show ap dot11k-nbrs
Example
(Instant AP)(config)# wlan ssid-profile dot11k-profile
(Instant AP)(SSID Profile "dot11k-profile")# dot11k
BSS Transition Management (802.11v)
The 802.11v 802.11v is an IEEE standard that allows client devices to exchange information about the network topology and RF environment. This information is used for assigning best available radio resources for the client devices to provide seamless connectivity. standard provides Wireless Network Management enhancements to the IEEE Institute of Electrical and Electronics Engineers. 802.11 802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and PHY. It extends radio measurements to define mechanisms for wireless network management of stations including BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. transition management.
Instant APs support the generation of the BSS Basic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. transition management request frames to the 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. clients when a suitable Instant AP is identified for a client through Client Match.
Configuring a WLAN SSID for 802.11v Support
The following procedure describes how to enable 802.11v 802.11v is an IEEE standard that allows client devices to exchange information about the network topology and RF environment. This information is used for assigning best available radio resources for the client devices to provide seamless connectivity. support on a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. by using the Instant WebUI:
- Navigate to Networks page >
- Under select the network you want to configure and click .
- Select the tab.
- Under , toggle the switch to enable.
- Click and then .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command enables the 802.11v 802.11v is an IEEE standard that allows client devices to exchange information about the network topology and RF environment. This information is used for assigning best available radio resources for the client devices to provide seamless connectivity. profile:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# dot11v
Example
(Instant AP)(config)# wlan ssid-profile dot11v-profile
(Instant AP)(SSID Profile "dot11v-profile")# dot11v