Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
25426
Views
0
Helpful
9
Replies

802.11r (Fast Transition) - multiple WLANs required for legacy clients?

Go to solution
david.ramsden
Level 1
Level 1

‎03-04-2013 09:52 AM - edited ‎07-03-2021 11:40 PM

Hello,

I have a Cisco 5508 WLC with AIR-CAP3502E-E-K9 APs. I want to enable 802.11r (Fast Transition) and understand that some legacy clients may not support 802.11r and therefore if you select, for example, FT 802.1X as an authentication key management, legacy clients may not be able to connect. The Cisco documentation suggests creating a second WLAN with the same SSID, so one WLAN uses FT 802.1X and the other WLAN uses 802.1X.

But when you edit the layer 2 security for a WLAN it is possible to select FT 802.1X and 802.1X. Does this mean there isn't a need for two WLANs with the same SSID? If the client can't authenticate using FT 802.1X will it fall back to 802.1X? Or is the recommendation to always create two WLANs with the same SSID but different authentication key management and the client will connect to which ever one has the "best capabilities"?

For testing I can't find any non-802.11r devices so it's difficult for me to see what would happen if I had one WLAN but with both FT 802.1X and 802.1X selected

untitled.JPG

Many thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-04-2013 10:04 AM

From what I know is that there is no fallback. It is hard to say if it will work or not, but seeing if your legacy clients can authenticate is a start. When I tested this in the past, my legacy clients did not connect.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to George Stefanick

‎03-04-2013 10:07 AM

Read

https://supportforums.cisco.com/thread/2173074

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-04-2013 09:57 AM

All you can do is test it out. See if your legacy devices work or not.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
david.ramsden
Level 1
Level 1
In response to Scott Fella

‎03-04-2013 10:04 AM

Thanks Scott.

It looks like Apple iOS 6 supports 802.11r so I'll see if I can find an old device that's running iOS 5 or below and test it out. If I can find one I'll report back my findings.

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to david.ramsden

‎03-04-2013 10:06 AM

Understand iOS6 is supporting 802.11r, but it is not supported across alll hardware platforms.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to George Stefanick

‎03-04-2013 10:07 AM

Read

https://supportforums.cisco.com/thread/2173074

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-04-2013 10:04 AM

From what I know is that there is no fallback. It is hard to say if it will work or not, but seeing if your legacy clients can authenticate is a start. When I tested this in the past, my legacy clients did not connect.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
david.ramsden
Level 1
Level 1

‎03-05-2013 03:31 AM

Thanks for the replies.

I've grabbed an old iPhone 3G and created a WLAN with FT 8021.X and 802.1X selected. The device won't authenticate. So you do have to create two WLANs with the same SSID but different authentication key management settings.

Seems like this is a GUI "annoyance" with the WLC? If you select 802.1X it seems as though FT 802.1X should be greyed out and vice-versa since it's pointless being able to select both?

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to david.ramsden

‎03-05-2013 03:48 AM

David,

This is a big issue not just with 802.11r, but look at the WPA encryption. The GUI and CLI allow you to mix and match encryption methods and select possibly all: WPA/TKIP & AES - WPA2/TKIP & AES. This is wrong since the standard for WPA is to use TKIP and WPA2 uses AES. So swing what you seeing in the GUI can cause confusion. Most of the time it's learning the hard way.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to david.ramsden

‎03-05-2013 04:52 AM

If you remove FT from the WLAN, does the 3G connect ? When FT is enabled, some clients wont connect, thats been my experience.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-05-2013 08:13 AM

Well I just tested it out. It does work fine with only 802.11r devices, not legacy devices. The iPhone 4S and iPhone 5 with iOS 6 supports 802.11r along with other listed here.

http://support.apple.com/kb/HT5535

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card