cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
21410
Views
65
Helpful
27
Replies
GRAEME DANIELSON
Beginner

PKC or OKC ???

What exactly is the difference between PKC and OKC?
Seems to be a lot of confusion out there. What are the cold hard facts?

The WLC FAQ says
   "PKC is a feature enabled in Cisco 2006/410x/440x ..."

The Debug Guide says
   "The WLC only supports OKC..."

Wireless LAN Controller (WLC) Design and Features FAQ

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml

Q. What is PKC and how does it work with the Wireless LAN Controller (WLC)?

A. PKC stands for Proactive Key Caching. It was designed as an extension to the 802.11i IEEE standard. PKC is a feature enabled in Cisco 2006/410x/440x Series Controllers which permits properly equipped wireless clients to roam without full re-authentication with an AAA server.


WLC Debug and Show Commands

http://www.cisco.com/en/US/partner/products/ps6366/products_tech_note09186a0080b3e118.shtml#pmkid

PMKID Caching Fails
Check if the client supports opportunistic key cache (OKC).
Note: OKC is not the same as proactive key cache (PKC) as specified in 802.11I. The WLC only supports OKC.

27 REPLIES 27
joeypadden
Beginner

George and Nicolas, you two appear to be the wizards of roaming. I am new to roaming so thanks for all of your awesome and informative answers in the forums here, they have been helpful.

Is there a list of clients that support OKC/PKC and/or CCKM? That would be super helpful.

Also, I see that CCKM was added to CCX3.0 and later. On the internet, I can find whether chipsets support CCX. However I am unclear on the following: if a chipset supports CCX, does that mean any device using that chip automatically supports CCX? 

Lastly, 802.11r was ratified in 2008 right? You guys have mentioned it coming soon. When? Whats the hold up?

Thanks for any/all help.

-Joey

for CCKM, any client that supports ccx should be able to do it.

Http://www.cisco.com/go/ccx

The WLC has had 802.11r support ready to go sine version 5.2. The hold up is the clients that will actually support it. For 802.11r to work the client needs to support it as well as the AP. kind of like beamforming s a part of the specs for 802.11n, not all implementations are the same, and if a piece is optional the manufacturer am not support it or nly partially support it.

Steve

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Hi Joe and welcome to CSC...

Q: Is there a list of clients that support OKC/PKC and/or CCKM? That would be super helpful.

A:This is a tricky question. OKC/PKC you need to actually test a client to be 100% sure. As for CCKM the client needs t support CCX as you mentioned.

Q:Also,  I see that CCKM was added to CCX3.0 and later. On the internet, I can  find whether chipsets support CCX. However I am unclear on the  following: if a chipset supports CCX, does that mean any device using  that chip automatically supports CCX? 

A: If the chips supports 3 or later then yes it should support CCKM. HOWEVER, this also depends on how the VENDOR implements it.

A:Lastly, 802.11r was ratified in 2008 right? You guys have mentioned it coming soon. When? Whats the hold up?

Q: Hooks are in the WLC, but clients dont support it yet

It is always best to test romaing never take a vendors word. By this I mean captures.  IN FACT, if you use WIN7 for a wifi client it uses OKC. If you use Cisco anyconnect 3.x on that same WIN7 box, you lost ALL advance romaing. Even though the document state that it does. I asked Cisco and I was told they cant access the API in WIN7 to support OKC/PKC.

Does this help ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Holy Cow! You and Steve are impressively responsive. Thanks!

Both of your answers are very informative. Not what I was hoping for, but great answers.

Is there anything to do to the WLC to enable .11r? I want to test it with some clients that might have support. A quick web search and you can find that the TI WL1271 and WL1273 chips both appear to support 802.11r. Those chips show up in the Motorla Droid and Droid X respecively.

Would I need to turn anything on to test if the devices actually support it?

No, there isnt anthing to turn on for "r". Although I think its not fully supported till 7.2 code, this is what was mentioned at Cisco Live in June.

But now you peeked my interest I may need to test this myself. Do you have the links you mentioned about the moto and driod?

Thanks for the rating ...

If you want to learn more about roaming, check out the CWSP book.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

TI link

http://processors.wiki.ti.com/index.php/OMAP_Wireless_Connectivity_mac80211_basic_Architecture

It cites WL12xx Driver and WL12xx Hardware which would include WL1271 and 1273. Halfway down it has:

Supported WPA/IEEE 802.11i/EAP/IEEE 802.1X features

  • WPA-PSK ("WPA-Personal")
  • WPA with EAP (with integrated EAP server or an external RADIUS backend authentication server) ("WPA-Enterprise")
  • key management for CCMP, TKIP, WEP104, WEP40
  • WPA and full IEEE 802.11i/RSN/WPA2
  • RSN: PMKSA caching, pre-authentication
  • IEEE 802.11r
  • IEEE 802.11w
  • RADIUS accounting
  • RADIUS authentication server with EAP
  • Wi-Fi Protected Setup (WPS)

Then for Droid references:

http://www.chipworks.com/en/technical-competitive-analysis/resources/recent-teardowns/2010/08/teardown-of-the-motorola-droid-x-smart-phone/

And

http://www.ifixit.com/Teardown/Motorola-Droid-Teardown/1436/2

Turns out they both have WL1271A.

Lemme know if you test it out. I will have to track down a Droid before I can test.

Hello,

The code 7.2 has been release in february, I still haven't had the oppurtunity to test 802.11r...

For the moment, my customers haven't migrated to 7.2 and I don't have 802.11r compatible client...

Has someone been able to test it ?

Thanks a lot,

Best Regards,

Gérald.

George,

Above you reference Win7 not allowing access to the API for OKC to third party devs. Do you know if Apple OSX allows third party devs access to the right APIs?

And Android?

Thanks,

Jp

P.S. I haven't spent much time finding a Droid to test yet.

I've got 7.2 release installed onto WiSM2 and it doesn't look like there is an option anywhere to enable the 802.11r... I assume it's enabled by default...

Though in the release notes it states "In the 7.2.103.0 release, you can configure the controller to provide faster roaming to client models from vendors such as Apple and Motorola (Fusion 3.0) that support WPA2 PKC(SKC) roaming"

From the wording it reads as if it has to be enabled...

It would appear to be that way.  I see that the CLI command "config wlan security wpa wpa2 cache sticky enable " is now available in 7.2.103.0.  Unfortunately, that command is not listed in the WLC 7.2 Command Reference guide.  To verify if it is enabled or not, from the CLI, run the "show wlan " command.  Look for:

SKC Cache Support.......................... Disabled

This is the default state.  I just enabled it on two  SSIDs that we are putting almost ready to pilot.  I'll see if that helps  with the roaming, particularly for the Motorola scan guns, Windows 7, and Apple devices.   Unfortunately, it does require using the CLI (so can't push it out with  an NCS template) and it requires disabling the SSID before applying it.   After applying I did see fewer drops when roaming with a Motorola  MC9090G, though they didn't always match up (roams and drops).  I'll try to remember to  post again after we've had a chance to test some more.

NCS should have all the functions of WCS, so you should be able to build a CLI template that you could push to your WLC.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

True.  I was meaning that the setting is not part of the WLAN template.  You can definitely build the CLI template.  Hopefully your SSID WLAN IDs match up between all of your controllers when doing that, or you'll need to build several templates.

Thank you Jason. That's exactly what I was looking for!

Create
Recognize Your Peers
Content for Community-Ad