Pre-authentication is a feature that allows a mobile device to authenticate with other Cisco Access Points (APs) that it may roam to in the future. To achieve this, the mobile station authentication frames are forwarded by the AP to the target AP, over the wired network. The first time a client associates to the network, the client must complete a full authentication. However, if the client knows where it will roam, the client can pre-authenticate to a new AP.
Pre-authentication is similar to IEEE 802.1X. The client performs an authentication through the new AP, which acts as the authenticator. The pre-authentication packets traverse through the existing AP to the new AP. Once the authentication is successful, the pre-authentication completes with a PMK security association established between the client and the new AP.
The fact that mobile stations can authenticate with several APs at any given time creates a considerable load on the authentication server. Also, pre-authentication is performed at the IEEE 802 layer; it does not work across IP subnets. For these reasons, the Cisco Aironet products and Airespace WLAN systems do not support pre-authentication.
Technical product specification / features
WLAN adapters (wireless card) / ACU (Aironet Client Utility)
Hello everyone, I have encountered a problem recently, that is, the Android10 mobile phone cannot connect to the wireless network. For example, I set an SSID and use WPA2. After the mobile phone is connected, it keeps turning around. I don’t have this mob...
Hi There! I know it is possible using CPI to collect historical logs of users associated per ssid but is it possible to leverage WLC to get historical logs of users associated per SSID for at least a month? The goal is to determine if users are ...
Hello, we have a Cisco 5520 WLC. I'm looking into auto-containment of rogue devices found on the network or with our SSID. However I want to get an alert of when it happens. I know the WLC itself doesn't alert, but you can send syslogs and traps to a serv...