cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3779
Views
10
Helpful
10
Replies

Wireless 802.11r and .k on WLC

oguarisco
Level 3
Level 3

Hello all,

I've seen that in 7.4 and later Release on the WLC5508 you can configure 802.11r and 11k support using Fast Transaction so that iOS7 won't experience connection loss during Roaming...my question is on the same WLAN can I configure 802.1X and FT-802.1X Authentication so that I'll be able to have on the same SSID non802.11r and 802.11r capable client? Or this setup will create association problem ?

BR

OG

1 Accepted Solution

Accepted Solutions

Maybe this can help explain it also:

http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_0111.html#d155467e2632a1635

Legacy clients cannot associate with a WLAN that has 802.11r enabled if the driver of the supplicant that is responsible for parsing the Robust Security Network Information Exchange (RSN IE) is old and not aware of the additional AKM suites in the IE. Due to this limitation, clients cannot send association requests to WLANs. These clients, however, can still associate with non-802.11r WLANs. Clients that are 802.11r capable can associate as 802.11i clients on WLANs that have both 802.11i and 802.11r Authentication Key Management Suites enabled. The workaround is to enable or upgrade the driver of the legacy clients to work with the new 802.11r AKMs, after which the legacy clients can successfully associate with 802.11r enabled WLANs. Another workaround is to have two SSIDs with the same name but with different security settings (FT and non-FT).


Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

10 Replies 10

Scott Fella
Hall of Fame
Hall of Fame

Once you enable 802.11r, clients that don't support it will not connect. I have two SSID's with different names, one has 802.21r enabled and the other doesn't. Both use 802.1x.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hello Scott,

thanks for the useful info...but this means that before connecting the device to the WLAN you have to know if it's 802.11r capable or not, only then you can authenticate and associate to the specific WLAN defined ...

It will be easier to have a single WLAN that permit 802.11r capable and non802.11r client to associate to the same SSID, I've seen that WLC 7.4 permit a configuration on a SSID for both 802.1x and FT-802.1x authentication method...

OG

It's either on or not. I too would wish I can have one ssid with it enabled and non 802.11t devices still connect, but it doesn't work that way. When you try to enable 802.11r, the WLC will prompt you with a warning.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Maybe this can help explain it also:

http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_0111.html#d155467e2632a1635

Legacy clients cannot associate with a WLAN that has 802.11r enabled if the driver of the supplicant that is responsible for parsing the Robust Security Network Information Exchange (RSN IE) is old and not aware of the additional AKM suites in the IE. Due to this limitation, clients cannot send association requests to WLANs. These clients, however, can still associate with non-802.11r WLANs. Clients that are 802.11r capable can associate as 802.11i clients on WLANs that have both 802.11i and 802.11r Authentication Key Management Suites enabled. The workaround is to enable or upgrade the driver of the legacy clients to work with the new 802.11r AKMs, after which the legacy clients can successfully associate with 802.11r enabled WLANs. Another workaround is to have two SSIDs with the same name but with different security settings (FT and non-FT).


Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Thanks a lot for the detailed info...so basically you have two WLANs one FT and other non-FT BUT with same SSID ...

Yes you can do it that way, or have different ssid names. Again, you can always test it out. Configure a new ssid with 802.11r enabled and see what devices connect and what devices fail to connect.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott,

Thank you for this reply. I was about to dig in to this incopatibility myself and you hit the nail! So in time.

Vlad.

not good this one ...

I've noticed that configuring FT-802.1X on an SSID WLC warns about the chance that client non802.11r capable won't been able to associate...

Yup... I have an older iPad 1st gen that I test with and it doesn't join. Only my iPhone and iPad that supports 802.11r.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

oguarisco
Level 3
Level 3

I'll test it in the next weeks and let you know

OG

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: