FSR/CCKM and PEAP

c.fuller · ‎03-16-2005

I am trying to prove that FSR is taking place within my WLAN. However, the logs tell me otherwise. It is my understanding that after a client initially authenticates with ACS when it roams then the reassociation/reauthentication is done against the WDS AP and not the ACS. Howevever the logs on the ACS show a user authentication taking place each time a roam occurs. I have CCKM/WPA/TKIP configured on the APs.

I am wondering if the fact that I am using PEAP is the reason for this? From what I am reading on L2 FSR, LEAP is only mentioned. Does anyone have any information on this? Can I not take advantage of FSR roaming and WDS caching features if using PEAP? Is my only option at this point to use LEAP? My clients are CCE VerII Compatible, so should support these roaming features.

Any input is greatly appreciated.

o-ziltener · ‎03-16-2005

FSR works not with wpa, you need to turn on the key-management cckm.

What kind of encryption does more or less no matter, but you have to use authentication leap or eap-fast.

Peap is not supported.

best regards

Oliver

herbert.aichhorn · ‎03-17-2005

the primary wds access point is always involved in reauthentication and fsr.

currently on leap (tkip or wep) is supported with fsr

c.fuller · ‎03-17-2005

Does anyone know if I can use TKIP/EAP-FAST together? If so what are the requirements as far as drivers, OS versions, CC Extensions, etc. Would I have to use CKIP if using EAP-FAST since EAP-FAST was developed by Cisco? I am trying to figure out what is the best security fit for my WLAN? PEAP, with it's certificate nature, seems more diffucult to manage and maintain and the fact it doesn't support FSR makes it even less desirable. I'm now looking into other options.