cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
917
Views
0
Helpful
7
Replies

Roaming verification

sundell810
Level 1
Level 1

hi, all, happy new year! got a question here.

I have a testbed with one WDS AP and two infrastructure APs, both infrastructure ones are registered with WDS AP via wlccp correctly, I can also associate wireless client using LEAP+CCKM on either of them, if the radio is shutdown on one of them, the client will roam from one to another, vice versa.

the issue is that, no fast roaming happened at all when clients roam, they always perform a full 4way handshak for some reason. I tried to find out if the keys have been cached, but it seems that there is no commands to do that in the IOS image, do any of you know there are something such as "show pmk-cache all" in IOS image? or any other method to check this out?

7 Replies 7

Hi ,



The Master key cached by the WDS when using CCKM will be retained for the duration of the user session which is specified by the RADIUS server. If no
session timeout is specified, the key is retained indefinitely.


Note that client & WDS must maintain state for this to happen however, so if the client device is reset, a new key must be negotiated.



I am not sure if there is a command which can show the cahced key .

Since the questiosn remainded unasnswered for  a while ,trying my luck

Regards ,

Sharath K.P.

Nicolas Darchis
Cisco Employee
Cisco Employee

Stupid one but I always forget about it too. Did you register your WDS with itself ? Otherwise you can't roam to the WDS in a quick manner.

Nicolas

Sorry, I believe your statement is 100 percent right but it doesn't seem related to my question, still appreciate your reply though.

I believe it is.

Let's say you have 2 APs and your WDS. If you client is roaming from AP1 to WDS AP, then the roaming will not be fast if the WDS is not registered to itself. That was my point.

Moreover, how do you know it's doing the 4 way handshake ? If you're doing an EAP authentication you should actually even do more than that if fast roaming is not happening.

Hey Nicolas,

I believe you have setup something like this before, did you actually try to verify if the Fast Roaming was happening? If so, can you share how?

Thanks

Yes indeed.

The easiest way to know if you did fast roaming or not when you are doing leap or whatever else as eap authentication is to check if the radius server was contacted for each roaming. If it was not, then you did fast roaming. As simple as that.

How did you verify on your side ?

Nicolas

That was exactly what I have used, turn down the radius after the client associates, then let it roam, the client will fail to do so. But I can clearly see the key management is when it associates.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: