cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Configure 802.11r WLAN using CLI and GUI on Converged Access (5760 WLC and Catalyst 3850)

3305
Views
15
Helpful
0
Comments
Rising star

Configure 802.11r WLAN using CLI and GUI on Converged Access (5760 WLC and Catalyst 3850)

Karthickeyan Prabanandhan is a Senior Test Engineer (CCNP,CWNP) in Wireless Engineering Team currently preparing for his CCIE Wireless lab. In this video series Karthick will explain "How to configure a 11r WLAN using CLI and GUI and show us the 11r roaming " on Converged Access (Cisco 5760 WLC and Cisco Catalyst 3850).

802.11r Introduction

802.11r is also known, as Fast Transition (FT) is the IEEE standard for fast secure roaming. It introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP. The initial handshake allows the client and APs to do the Pairwise Transient Key (PTK) calculation in advance. These PTK keys are applied to the client and AP after the client does the re-association request or response exchange with new target AP.

 The FT key hierarchy is designed to allow clients to make fast BSS transitions between APs without requiring re-authentication at every AP. The summary of the key hierarchy is given below.  802.11r eliminates much of the handshaking overhead while roaming thus reducing the handoff times between APs while providing security and QoS. This is useful for client devices that have delay-sensitive applications like voice and video and is key requirement for voice over Wi-Fi.

Summary of the key hierarchy:

  1. An MSK is still derived on the client supplicant and the Authentication Server from the initial 802.1X/EAP authentication phase (transferred from the Authentication Server to the Authenticator (WLC) once the authentication is successful). This MSK, like in the other methods, is used as the seed for the FT key hierarchy. When you use WPA2−PSK instead of an EAP authentication method, the PSK is basically this MSK.
  2. A Pairwise Master Key R0 (PMK−R0) is derived from the MSK, which is the first−level key of the FT key hierarchy. The key holders for this PMK−R0 are the WLC and the client.
  3. A second−level key, called a Pairwise Master Key R1 (PMK−R1), is derived from the PMK−R0, and the key holders are the client and the APs managed by the WLC that holds the PMK−R0.
  4. The third and final level key of the FT key hierarchy is the PTK, which is the final key used in order to encrypt the 802.11 unicast data frames (similar to the other methods that use WPA/TKIP or WPA2/AES). This PTK is derived on FT from the PMK−R1, and the key holders are the client and the APs managed by the WLC.

Video Series:

 

 

https://supportforums.cisco.com/video/12335326/80211r-psk-configuration-and-roaming

 


 

https://supportforums.cisco.com/video/12306481/11r-psk-and-dot1x-gui-configuration

 

 

https://supportforums.cisco.com/video/12306566/11r-dot1x-configuration-and-roam

802.11r Web UI Configuration

 

Reference Links

CreatePlease to create content
Content for Community-Ad

This widget could not be displayed.