02-13-2014 02:31 AM - edited 07-05-2021 12:11 AM
Dear all,
WLC 7.4 Release Notes states that with both Local/Central Switching:
- Mobility in the same Flex Group with CCKM is Fast Roaming if WLAN is mapped to same VLAN
- Mobility between different Flex Group with CCKM cause a Full Auth
Using CCK with EAP-Fast during a call with Cisco IP Phone 7921G and 7925G we notice a gap when roaming from an AP belonging to FC GroupA to an AP belonging to FC Group B...so the only solution to do Fast Romaing is to use PMK(OKC) since CCKM will do a complete authentication each time moving from FC Group.
Where do we enable OKC for a specific WLAN? In the FlexConnect Group Menu?
Thanks a lot for sharing answer and suggestion
BR
O.G.
02-13-2014 04:52 AM
Might want to reference this link
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_wlan.html#wp1702871
By default, Sticky PMKID Caching (SKC) is disabled and Opportunistic PMKID caching (OKC) is enabled.
Sent from Cisco Technical Support iPhone App
02-13-2014 05:12 AM
Hello Scott,
thanks for the explanation...
So if in 7.4.121 OKC is enabled by default I don't understand why I'm having a full Authentication when roaming from AP of FC Group A to AP to FC Group B instead of Fast-Roaming...and this is happening in all FC Group configured (6x).
Should I disable CCKM flag in the WLAN definition?!?!
FC Groups and Mobility
O.G
02-13-2014 05:18 AM
Cisco phones require CCKM for fast roaming. The issue is the FlexConnect Group max at 25 AP's on the 5508 and there is no roaming support between FlexConnect groups. That's the limitation. Why it's like that, maybe because of the CPU and memory on an Access point. This is a limit however and don't know if there will be a workaround.
Sent from Cisco Technical Support iPhone App
02-13-2014 05:34 AM
Yes Cisco phones require CCKM for fast Roaming..checking the document "FC Groups and Mobility" it states that Roaming can be done with different FC Group but CCKM will perform a full-auth creating the gap which during a call is very annoying but it seems that OKC will do a Fast Roaming solving that.
You're right with 5508 the max number of AP in an FC Group are 25... so if you have it 100 you have to create at least 4 FC Groups and I can't believe that the only solution is to do a full-auth when roaming from a group to another creating the problem during a user call.
No chance to use OKC? or should I not configure FC Group and leave the AP without this setting?!?!
02-13-2014 06:02 AM
It's something you need to try. Remove the FlexConnect Group and see if it helps. The thing is, Cisco never really wanted have that many AP's in FlexConnect at a site, but through the years, it started happening. Back when it was called h-reap, there were no h-reap groups and you relied in the phones roaming well. You just have to test and see what works well for you. There are others who rely on just PSK or using 802.1x with cckm. Have you also looked at this guide?
https://supportforums.cisco.com/docs/DOC-26863
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide