What exactly is the difference between PKC and OKC?
Seems to be a lot of confusion out there. What are the cold hard facts?
The WLC FAQ says
"PKC is a feature enabled in Cisco 2006/410x/440x ..."
The Debug Guide says
"The WLC only supports OKC..."
Wireless LAN Controller (WLC) Design and Features FAQ
Q. What is PKC and how does it work with the Wireless LAN Controller (WLC)?
A. PKC stands for Proactive Key Caching. It was designed as an extension to the 802.11i IEEE standard. PKC is a feature enabled in Cisco 2006/410x/440x Series Controllers which permits properly equipped wireless clients to roam without full re-authentication with an AAA server.
WLC Debug and Show Commands
PMKID Caching Fails
Check if the client supports opportunistic key cache (OKC).
Note: OKC is not the same as proactive key cache (PKC) as specified in 802.11I. The WLC only supports OKC.
George and Nicolas, you two appear to be the wizards of roaming. I am new to roaming so thanks for all of your awesome and informative answers in the forums here, they have been helpful.
Is there a list of clients that support OKC/PKC and/or CCKM? That would be super helpful.
Also, I see that CCKM was added to CCX3.0 and later. On the internet, I can find whether chipsets support CCX. However I am unclear on the following: if a chipset supports CCX, does that mean any device using that chip automatically supports CCX?
Lastly, 802.11r was ratified in 2008 right? You guys have mentioned it coming soon. When? Whats the hold up?
Thanks for any/all help.
for CCKM, any client that supports ccx should be able to do it.
The WLC has had 802.11r support ready to go sine version 5.2. The hold up is the clients that will actually support it. For 802.11r to work the client needs to support it as well as the AP. kind of like beamforming s a part of the specs for 802.11n, not all implementations are the same, and if a piece is optional the manufacturer am not support it or nly partially support it.
Sent from Cisco Technical Support iPad App
Hi Joe and welcome to CSC...
Q: Is there a list of clients that support OKC/PKC and/or CCKM? That would be super helpful.
A:This is a tricky question. OKC/PKC you need to actually test a client to be 100% sure. As for CCKM the client needs t support CCX as you mentioned.
Q:Also, I see that CCKM was added to CCX3.0 and later. On the internet, I can find whether chipsets support CCX. However I am unclear on the following: if a chipset supports CCX, does that mean any device using that chip automatically supports CCX?
A: If the chips supports 3 or later then yes it should support CCKM. HOWEVER, this also depends on how the VENDOR implements it.
A:Lastly, 802.11r was ratified in 2008 right? You guys have mentioned it coming soon. When? Whats the hold up?
Q: Hooks are in the WLC, but clients dont support it yet
It is always best to test romaing never take a vendors word. By this I mean captures. IN FACT, if you use WIN7 for a wifi client it uses OKC. If you use Cisco anyconnect 3.x on that same WIN7 box, you lost ALL advance romaing. Even though the document state that it does. I asked Cisco and I was told they cant access the API in WIN7 to support OKC/PKC.
Does this help ?
Holy Cow! You and Steve are impressively responsive. Thanks!
Both of your answers are very informative. Not what I was hoping for, but great answers.
Is there anything to do to the WLC to enable .11r? I want to test it with some clients that might have support. A quick web search and you can find that the TI WL1271 and WL1273 chips both appear to support 802.11r. Those chips show up in the Motorla Droid and Droid X respecively.
Would I need to turn anything on to test if the devices actually support it?
No, there isnt anthing to turn on for "r". Although I think its not fully supported till 7.2 code, this is what was mentioned at Cisco Live in June.
But now you peeked my interest I may need to test this myself. Do you have the links you mentioned about the moto and driod?
Thanks for the rating ...
If you want to learn more about roaming, check out the CWSP book.
It cites WL12xx Driver and WL12xx Hardware which would include WL1271 and 1273. Halfway down it has:
Supported WPA/IEEE 802.11i/EAP/IEEE 802.1X features
Then for Droid references:
Turns out they both have WL1271A.
Lemme know if you test it out. I will have to track down a Droid before I can test.
The code 7.2 has been release in february, I still haven't had the oppurtunity to test 802.11r...
For the moment, my customers haven't migrated to 7.2 and I don't have 802.11r compatible client...
Has someone been able to test it ?
Thanks a lot,
Above you reference Win7 not allowing access to the API for OKC to third party devs. Do you know if Apple OSX allows third party devs access to the right APIs?
P.S. I haven't spent much time finding a Droid to test yet.
I've got 7.2 release installed onto WiSM2 and it doesn't look like there is an option anywhere to enable the 802.11r... I assume it's enabled by default...
Though in the release notes it states "In the 220.127.116.11 release, you can configure the controller to provide faster roaming to client models from vendors such as Apple and Motorola (Fusion 3.0) that support WPA2 PKC(SKC) roaming"
From the wording it reads as if it has to be enabled...
It would appear to be that way. I see that the CLI command "config wlan security wpa wpa2 cache sticky enable
SKC Cache Support.......................... Disabled
This is the default state. I just enabled it on two SSIDs that we are putting almost ready to pilot. I'll see if that helps with the roaming, particularly for the Motorola scan guns, Windows 7, and Apple devices. Unfortunately, it does require using the CLI (so can't push it out with an NCS template) and it requires disabling the SSID before applying it. After applying I did see fewer drops when roaming with a Motorola MC9090G, though they didn't always match up (roams and drops). I'll try to remember to post again after we've had a chance to test some more.
NCS should have all the functions of WCS, so you should be able to build a CLI template that you could push to your WLC.
Sent from Cisco Technical Support iPhone App
True. I was meaning that the setting is not part of the WLAN template. You can definitely build the CLI template. Hopefully your SSID WLAN IDs match up between all of your controllers when doing that, or you'll need to build several templates.