Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
0
Helpful
1
Replies

Questions about CCKM & WPA relating to FSR

psmith
Level 1
Level 1

‎03-09-2005 01:29 PM - edited ‎07-04-2021 10:33 AM

I'm configuring FSR in my WLAN and I think I have it right, I'm just a little confused about some of the log messages I'm seeing.

All of my AP's and MN's are registered with the WLSM.

I have my AP's configured to use both WPA and CCKM for key-management:

authentication key-management wpa cckm

I have a mixture of 350-series and CB21AG clients. In the ACU on the 350 clients I've selected both "WPA" and "Allow Fast Roaming (CCKM)". In the ADU on the CB21AG clients there is no separate box for CCKM so I've selected "WPA" with LEAP as the "EAP method".

The AP logs show the CB21AG clients associating with "KEY_MGMT[WPA]". The CB21AG Install and Config guide states "Fast roaming is enabled automatically for LEAP-enabled CB21AG and PI21AG clients using WPA but must be enabled on the access point" so I assume they're set correctly and using FSR.

My confusion comes from the AP logs showing the 350 clients sometimes associating with "KEY_MGMT[CCKM]" and sometimes with "KEY_MGMT[CCKM FastRoaming]". Is there a difference?

Do I understand correctly in thinking that CCKM is required for FSR and is in addition to WPA (in other words, configuring them both on the AP is what I want to do for FSR)? Is it correct that WPA can be configured on 350 clients without CCKM but that the client will then do a full LEAP authentication when it roams (not what I want, so I need to manually select CCKM on those clients)?

Labels:
0 Helpful
1 Reply 1

herbert.aichhorn
Level 1
Level 1

‎03-16-2005 05:43 AM

I had the same issue (this fact is not documented from the cisco side):

cckm can be concurrently configured on the ssid but is not intended to be a addition. the cb21ag is associating always with wpa when enabled both wpa and cckm on the ssid.

cckm with fsr works correctly with both cb21ag card and pcm352 when only cckm is enabled on the ssid.

the workaround for not cckm capable tkip-clients is to set up a second ssid for wpa-keymanagement.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card