Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
759
Views
0
Helpful
1
Replies

Fast Transitioning

Michiel Vercoutter
Level 1
Level 1

‎08-10-2021 04:54 AM

Hi,

 

I am running multiple WLCs with version 8.10.151.0, both the virtual model and model 3502.

 

I have a WLAN with 802.1X authentication and I want to enable Fast Transitioning (802.11r), but I also want clients not supporting 802.11r still be able to connect.

 

When I try the following Layer 2 Security configuration:

Fast Transitioning: Enabled

Over the DS: Disabled

802.1X-SHA1: Enabled

FT 802.1X: Enabled

 

I get the following warning pop-up when trying to apply to config:

"Warning!! Non-802.11r Clients will not be able to connect on this WLAN.Press OK to Continue."

 

In older version you could just enable 802.1X and FT 802.1X as Authentication Key Management, and both 802.11r-capable clients and non-802.11r capable clients shoud be able to connect (https://community.cisco.com/t5/wireless/802-11r-can-same-wlan-be-used-for-802-11r-capable-and-non/td-p/3214096 and https://mac-wifi.com/ciscos-802-11r-ft-settings-adaptive-mode-explained/)

 

Can anyone confirm that both 802.11r-capable clients and non-802.11r capable clients can connect to a WLAN with 802.1X-SHA1 and FT 802.1X enabled as AKM? Meaning the warning is incorrect?

 

There is also a bug of this: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvj40316

 

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-10-2021 01:52 PM

Before enabling FT, you need to test it extensively in a test bed. Most of the devices if not running latest driver firmware can malfunction and cause issues. Also use the information you gather from your test bed to analyze whether enabling FT is going to give you any advantage as most of the new wireless chips are well programmed (Provided the firmware is bug less) to roam. In your case I would recommend to keep both 802.1x and FT 802.1x ticked and FT in enabled state, but test it yourslef and come to a conclusion as we are not aware what clients will be connecting to ur infra and how it will behave.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card