Showing results for 
Search instead for 
Did you mean: 




Telnet connections are disconnected when the client roams from one Access Point to another



Under normal circumstances, the disconnection of roaming clients is normal because the client has to be re-authenticated by the new Access Point (AP).To overcome this issue, use the Fast Secure Roaming feature on the AP. Also, the Telnet connectivity timeout should be increased so that the Telnet connections do not drop out.

The Fast Secure Roaming feature provides the ability for client devices to roam from one AP to another without requiring re-authentication by the main RADIUS server. By streamlining the roaming process, the Fast Secure Roaming feature provides support for client applications, such as VoIP, that require seamless roaming to avoid delays and gaps in transmission.


Understanding Fast Secure Roaming

Access points in many wireless LANs serve mobile client devices that roam from access point to access point throughout the installation. Some applications running on client devices require fast reassociation when they roam to a different access point. Voice applications, for example, require seamless roaming to prevent delays and gaps in conversation.


During normal operation, LEAP-enabled client devices mutually authenticate with a new access point by performing a complete LEAP authentication, including communication with the main RADIUS server, as in Figure.






When you configure your wireless LAN for fast, secure roaming, however, LEAP-enabled client devices roam from one access point to another without involving the main RADIUS server. Using Cisco Centralized Key Management (CCKM), a device configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and authenticates the client so quickly that there is no perceptible delay in voice or other time-sensitive applications. Figure shows client authentication using CCKM.


Client Reassociation Using CCKM and a WDS Access Point





The WDS device maintains a cache of credentials for CCKM-capable client devices on your wireless LAN. When a CCKM-capable client roams from one access point to another, the client sends a reassociation request to the new access point, and the new access point relays the request to the WDS device. The WDS device forwards the client's credentials to the new access point, and the new access point sends the reassociation response to the client. Only two packets pass between the client and the new access point, greatly shortening the reassociation time. The client also uses the reassociation response to generate the unicast key.  "Configuring Fast Secure Roaming" section for instructions on configuring access points to support fast, secure roaming.


Problem Type

Roams between access points continuously



Access point



Wireless client to AP


Device Access Method




Understanding Fast Secure Roaming

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Quick Links