Showing results for 
Search instead for 
Did you mean: 

Support for the pre-authentication feature on Cisco WLAN devices



Pre-authentication is a feature that allows a mobile device to authenticate with other Cisco Access  Points (APs) that it may roam to in the future. To achieve this, the  mobile station authentication frames are forwarded by the AP to the target AP, over the wired network. The first time a client associates to the network, the client must complete a full authentication. However, if the client knows where it will roam, the client can pre-authenticate to a new AP.

Pre-authentication is similar to IEEE 802.1X. The client performs an authentication through the new AP, which acts as the authenticator. The pre-authentication packets traverse through the existing AP to the new AP. Once the authentication is successful, the pre-authentication completes with a PMK security association established between the client and the new AP.

The fact that mobile stations can authenticate with several APs at any given time creates a considerable load on the authentication server. Also, pre-authentication is performed at the IEEE 802 layer; it does not work across IP subnets. For these reasons, the Cisco Aironet products and Airespace WLAN systems do  not support pre-authentication.

Problem Type

Technical product specification / features


WLAN adapters (wireless card) / ACU (Aironet Client Utility)

Access point


Content for Community-Ad