03-04-2013 09:52 AM - edited 07-03-2021 11:40 PM
Hello,
I have a Cisco 5508 WLC with AIR-CAP3502E-E-K9 APs. I want to enable 802.11r (Fast Transition) and understand that some legacy clients may not support 802.11r and therefore if you select, for example, FT 802.1X as an authentication key management, legacy clients may not be able to connect. The Cisco documentation suggests creating a second WLAN with the same SSID, so one WLAN uses FT 802.1X and the other WLAN uses 802.1X.
But when you edit the layer 2 security for a WLAN it is possible to select FT 802.1X and 802.1X. Does this mean there isn't a need for two WLANs with the same SSID? If the client can't authenticate using FT 802.1X will it fall back to 802.1X? Or is the recommendation to always create two WLANs with the same SSID but different authentication key management and the client will connect to which ever one has the "best capabilities"?
For testing I can't find any non-802.11r devices so it's difficult for me to see what would happen if I had one WLAN but with both FT 802.1X and 802.1X selected
Many thanks.
Solved! Go to Solution.
03-04-2013 10:04 AM
From what I know is that there is no fallback. It is hard to say if it will work or not, but seeing if your legacy clients can authenticate is a start. When I tested this in the past, my legacy clients did not connect.
Sent from Cisco Technical Support iPhone App
03-04-2013 10:07 AM
Read
https://supportforums.cisco.com/thread/2173074
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
03-04-2013 09:57 AM
All you can do is test it out. See if your legacy devices work or not.
Sent from Cisco Technical Support iPhone App
03-04-2013 10:04 AM
Thanks Scott.
It looks like Apple iOS 6 supports 802.11r so I'll see if I can find an old device that's running iOS 5 or below and test it out. If I can find one I'll report back my findings.
03-04-2013 10:06 AM
Understand iOS6 is supporting 802.11r, but it is not supported across alll hardware platforms.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
03-04-2013 10:07 AM
Read
https://supportforums.cisco.com/thread/2173074
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
03-04-2013 10:04 AM
From what I know is that there is no fallback. It is hard to say if it will work or not, but seeing if your legacy clients can authenticate is a start. When I tested this in the past, my legacy clients did not connect.
Sent from Cisco Technical Support iPhone App
03-05-2013 03:31 AM
Thanks for the replies.
I've grabbed an old iPhone 3G and created a WLAN with FT 8021.X and 802.1X selected. The device won't authenticate. So you do have to create two WLANs with the same SSID but different authentication key management settings.
Seems like this is a GUI "annoyance" with the WLC? If you select 802.1X it seems as though FT 802.1X should be greyed out and vice-versa since it's pointless being able to select both?
03-05-2013 03:48 AM
David,
This is a big issue not just with 802.11r, but look at the WPA encryption. The GUI and CLI allow you to mix and match encryption methods and select possibly all: WPA/TKIP & AES - WPA2/TKIP & AES. This is wrong since the standard for WPA is to use TKIP and WPA2 uses AES. So swing what you seeing in the GUI can cause confusion. Most of the time it's learning the hard way.
Sent from Cisco Technical Support iPhone App
03-05-2013 04:52 AM
If you remove FT from the WLAN, does the 3G connect ? When FT is enabled, some clients wont connect, thats been my experience.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
03-05-2013 08:13 AM
Well I just tested it out. It does work fine with only 802.11r devices, not legacy devices. The iPhone 4S and iPhone 5 with iOS 6 supports 802.11r along with other listed here.
http://support.apple.com/kb/HT5535
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide