Re: CCKM, WPA, fast roaming issues

loobitize · ‎11-04-2006

I have a 4404 LAN controller with 1131a/g light AP's. Clients are Cisco a/b/g cards using WPA2, PEAP MSCHAPv2 and the Odyssey supplicant.

Sometimes my clients roam between access points without losing a single packet, but other times they lose connectivity for up to 15 seconds while the client reauthenticates. Obviously, I would like to improve roaming time.

On the WLAN controller I have WPA2 configured with AES and "auth key managment" set to 802.1x. I just upgraded to the latest (4.0) code on the controller and noticed there is a new "auth key management" setting called 802.1x + cckm.

After much research on cckm tonight, I seem to have more questions than answers.

Can/should cckm be used WITH WPA2?

If not, can both WPA2 and cckm be supported on the same WLAN?

Which auth key management setting should I be using, 802.1x or 802.1x + cckm?

Does cckm require support of both supplicant and NIC?

Is there anything else I can do to make roaming more seamless?

sbilgi · ‎11-09-2006

For CCKM to support AES, AP needs to run 12.3(8)JA. A CB21AG client configured for WPA/WPA2/CCKM/EAP is unable to associate on an SSID that is configured for AES+CCKM. Configure the SSID for WPA2/AES but not for CCKM.

Maximiliano.Garcia.Solorzano · ‎12-20-2006

Is it possible to use

WPA1 + TKIP + Auth Key Mgmt="CCKM"

or

WPA1 + TKIP + Auth Key Mgmt="802.1x + CCKM"

My WLC have Software Version 4.0.179.8.

With this configuration I will need client card CCX v4 ??

Thanks