Solved: Seamless Roaming within same Controller

mina_raouf · ‎04-26-2018

Hi All,

I have a regional controller serving multiple sites where access points are in local switching mode,

what happens if the client roams from AP1 to AP2 with no flex-connect groups are configured, is it a seamless roaming? noting that AP1 and AP2 are both managed by the same regional WLC

Rasika Nayanajith · ‎04-26-2018

If you configure any fast roaming mechanisms (CCKM/OKC/802.11r/etc), then that to work , you have to configure FlexConnect Group. Then only those key chaching will distribute among APs within that flexconnect group.

See below

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/ch7_HREA.html

"

FlexConnect Groups are required for CCKM/OKC fast roaming to work with FlexConnect access points. Fast roaming is achieved by caching a derivative of the master key from a full EAP authentication so that a simple and secure key exchange can occur when a wireless client roams to a different access point. This feature prevents the need to perform a full RADIUS EAP authentication as the client roams from one access point to another. The FlexConnect access points need to obtain the CCKM/OKC cache information for all the clients that might associate so they can process it quickly instead of sending it back to the controller. If, for example, you have a controller with 300 access points and 100 clients that might associate, sending the CCKM/OKC cache for all 100 clients is not practical. If you create a FlexConnect Group comprising a limited number of access points (for example, you create a group for four access points in a remote office), the clients roam only among those four access points, and the CCKM/OKC cache is distributed among those four access points only when the clients associate to one of them."

HTH

Rasika

*** Pls rate all useful responses ***

View solution in original post

Rasika Nayanajith · ‎04-26-2018

If you configure any fast roaming mechanisms (CCKM/OKC/802.11r/etc), then that to work , you have to configure FlexConnect Group. Then only those key chaching will distribute among APs within that flexconnect group.

See below

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/ch7_HREA.html

"

FlexConnect Groups are required for CCKM/OKC fast roaming to work with FlexConnect access points. Fast roaming is achieved by caching a derivative of the master key from a full EAP authentication so that a simple and secure key exchange can occur when a wireless client roams to a different access point. This feature prevents the need to perform a full RADIUS EAP authentication as the client roams from one access point to another. The FlexConnect access points need to obtain the CCKM/OKC cache information for all the clients that might associate so they can process it quickly instead of sending it back to the controller. If, for example, you have a controller with 300 access points and 100 clients that might associate, sending the CCKM/OKC cache for all 100 clients is not practical. If you create a FlexConnect Group comprising a limited number of access points (for example, you create a group for four access points in a remote office), the clients roam only among those four access points, and the CCKM/OKC cache is distributed among those four access points only when the clients associate to one of them."

HTH

Rasika

*** Pls rate all useful responses ***