Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
3
Replies

Roaming Trouble

Augustgood
Level 5
Level 5

‎07-03-2015 07:57 AM - edited ‎07-05-2021 03:30 AM

Hi all,

In a mixed environment with different client type (apple iphone/ipad/xp/ms 7/ms 8), what is the best method for roaming on wlan with wpa2-aes (eap-tls) ? 

the controller work with 7.6.x release, in my opinion the best is the default method , OCK, but new apple device support only SKC and 802.11r...

Can be enabled SKC with OCK (together) ?

 

 

 

Labels:
0 Helpful
3 Replies 3

ali aqrabawi
Level 8
Level 8

‎07-03-2015 05:01 PM

yes you are right , some of apple devices will only work with SKC , but no you can't enable both .

but instead of effecting all clients with legacy SKC in order to support some of apple clients  , i recommend you to enable OKC, 

0 Helpful

mohanak
Cisco Employee
Cisco Employee

‎07-07-2015 03:05 AM

WPA2 Pairwise Master Key ID (PMKID) caching, or Sticky Key Caching (SKC), is the first fast-secure roaming method suggested by the IEEE 802.11 standard within the 802.11i security amendment, where the main purpose is to standardize a high level of security for WLANs. The fast-secure roaming technique was added as an optional method for WPA2 devices in order to improve roaming when this security was implemented.

Proactive Key Caching (PKC) or Opportunistic Key Caching (OKC) is basically an enhancement of the WPA2 PMKID caching method described previously, which is why it is also named Proactive/Opportunistic PMKID Caching. Hence, it is important to note that this is not a fast-secure roaming method defined by the 802.11 standard and is not supported by many devices.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116493-technote-technology-00.html

 

0 Helpful

gohussai
Level 8
Level 8

‎07-07-2015 06:10 AM

No both can't be enabled at the same time.

 

I think you create different SSID with different security and for Apple devices just use SKC. Hope this will achieve Fast roaming what you are expecting.

 

Please also share you experience after testing the mention methods.

 

Good luck 🙂

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card