01-31-2011 03:01 AM - edited 07-03-2021 07:44 PM
What exactly is the difference between PKC and OKC?
Seems to be a lot of confusion out there. What are the cold hard facts?
The WLC FAQ says
"PKC is a feature enabled in Cisco 2006/410x/440x ..."
The Debug Guide says
"The WLC only supports OKC..."
Wireless LAN Controller (WLC) Design and Features FAQ
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml
Q. What is PKC and how does it work with the Wireless LAN Controller (WLC)?
A. PKC stands for Proactive Key Caching. It was designed as an extension to the 802.11i IEEE standard. PKC is a feature enabled in Cisco 2006/410x/440x Series Controllers which permits properly equipped wireless clients to roam without full re-authentication with an AAA server.
WLC Debug and Show Commands
http://www.cisco.com/en/US/partner/products/ps6366/products_tech_note09186a0080b3e118.shtml#pmkid
PMKID Caching Fails
Check if the client supports opportunistic key cache (OKC).
Note: OKC is not the same as proactive key cache (PKC) as specified in 802.11I. The WLC only supports OKC.
01-25-2012 04:15 PM
George and Nicolas, you two appear to be the wizards of roaming. I am new to roaming so thanks for all of your awesome and informative answers in the forums here, they have been helpful.
Is there a list of clients that support OKC/PKC and/or CCKM? That would be super helpful.
Also, I see that CCKM was added to CCX3.0 and later. On the internet, I can find whether chipsets support CCX. However I am unclear on the following: if a chipset supports CCX, does that mean any device using that chip automatically supports CCX?
Lastly, 802.11r was ratified in 2008 right? You guys have mentioned it coming soon. When? Whats the hold up?
Thanks for any/all help.
-Joey
01-25-2012 04:20 PM
for CCKM, any client that supports ccx should be able to do it.
Http://www.cisco.com/go/ccx
The WLC has had 802.11r support ready to go sine version 5.2. The hold up is the clients that will actually support it. For 802.11r to work the client needs to support it as well as the AP. kind of like beamforming s a part of the specs for 802.11n, not all implementations are the same, and if a piece is optional the manufacturer am not support it or nly partially support it.
Steve
Sent from Cisco Technical Support iPad App
01-25-2012 04:27 PM
Hi Joe and welcome to CSC...
Q: Is there a list of clients that support OKC/PKC and/or CCKM? That would be super helpful.
A:This is a tricky question. OKC/PKC you need to actually test a client to be 100% sure. As for CCKM the client needs t support CCX as you mentioned.
Q:Also, I see that CCKM was added to CCX3.0 and later. On the internet, I can find whether chipsets support CCX. However I am unclear on the following: if a chipset supports CCX, does that mean any device using that chip automatically supports CCX?
A: If the chips supports 3 or later then yes it should support CCKM. HOWEVER, this also depends on how the VENDOR implements it.
A:Lastly, 802.11r was ratified in 2008 right? You guys have mentioned it coming soon. When? Whats the hold up?
Q: Hooks are in the WLC, but clients dont support it yet
It is always best to test romaing never take a vendors word. By this I mean captures. IN FACT, if you use WIN7 for a wifi client it uses OKC. If you use Cisco anyconnect 3.x on that same WIN7 box, you lost ALL advance romaing. Even though the document state that it does. I asked Cisco and I was told they cant access the API in WIN7 to support OKC/PKC.
Does this help ?
01-25-2012 05:26 PM
Holy Cow! You and Steve are impressively responsive. Thanks!
Both of your answers are very informative. Not what I was hoping for, but great answers.
Is there anything to do to the WLC to enable .11r? I want to test it with some clients that might have support. A quick web search and you can find that the TI WL1271 and WL1273 chips both appear to support 802.11r. Those chips show up in the Motorla Droid and Droid X respecively.
Would I need to turn anything on to test if the devices actually support it?
01-25-2012 05:37 PM
No, there isnt anthing to turn on for "r". Although I think its not fully supported till 7.2 code, this is what was mentioned at Cisco Live in June.
But now you peeked my interest I may need to test this myself. Do you have the links you mentioned about the moto and driod?
Thanks for the rating ...
If you want to learn more about roaming, check out the CWSP book.
01-25-2012 06:35 PM
TI link
http://processors.wiki.ti.com/index.php/OMAP_Wireless_Connectivity_mac80211_basic_Architecture
It cites WL12xx Driver and WL12xx Hardware which would include WL1271 and 1273. Halfway down it has:
Supported WPA/IEEE 802.11i/EAP/IEEE 802.1X features
Then for Droid references:
And
http://www.ifixit.com/Teardown/Motorola-Droid-Teardown/1436/2
Turns out they both have WL1271A.
Lemme know if you test it out. I will have to track down a Droid before I can test.
03-15-2012 07:02 AM
Hello,
The code 7.2 has been release in february, I still haven't had the oppurtunity to test 802.11r...
For the moment, my customers haven't migrated to 7.2 and I don't have 802.11r compatible client...
Has someone been able to test it ?
Thanks a lot,
Best Regards,
Gérald.
02-01-2012 11:35 AM
George,
Above you reference Win7 not allowing access to the API for OKC to third party devs. Do you know if Apple OSX allows third party devs access to the right APIs?
And Android?
Thanks,
Jp
P.S. I haven't spent much time finding a Droid to test yet.
04-15-2012 10:14 PM
I've got 7.2 release installed onto WiSM2 and it doesn't look like there is an option anywhere to enable the 802.11r... I assume it's enabled by default...
Though in the release notes it states "In the 7.2.103.0 release, you can configure the controller to provide faster roaming to client models from vendors such as Apple and Motorola (Fusion 3.0) that support WPA2 PKC(SKC) roaming"
From the wording it reads as if it has to be enabled...
04-16-2012 10:09 AM
It would appear to be that way. I see that the CLI command "config wlan security wpa wpa2 cache sticky enable
SKC Cache Support.......................... Disabled
This is the default state. I just enabled it on two SSIDs that we are putting almost ready to pilot. I'll see if that helps with the roaming, particularly for the Motorola scan guns, Windows 7, and Apple devices. Unfortunately, it does require using the CLI (so can't push it out with an NCS template) and it requires disabling the SSID before applying it. After applying I did see fewer drops when roaming with a Motorola MC9090G, though they didn't always match up (roams and drops). I'll try to remember to post again after we've had a chance to test some more.
04-16-2012 10:19 AM
NCS should have all the functions of WCS, so you should be able to build a CLI template that you could push to your WLC.
Steve
Sent from Cisco Technical Support iPhone App
04-16-2012 12:30 PM
True. I was meaning that the setting is not part of the WLAN template. You can definitely build the CLI template. Hopefully your SSID WLAN IDs match up between all of your controllers when doing that, or you'll need to build several templates.
04-16-2012 04:30 PM
Thank you Jason. That's exactly what I was looking for!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide