10-22-2003 08:06 AM - edited 07-04-2021 09:06 AM
What is the purpose of CCKM (Cisco Centralized Key Management)? Is there a need to use it if you are using LEAP or PEAP of some other form of 802.1x?
I've read all kinds of documents on Cisco's web site but I can't find anything that explains its purpose or use...
Any help would be greatly appreciated.
10-24-2003 08:25 AM
Here. I hate to copy and paste it but cisco provided a brief explination on it. The following might point you in the right direction:
// startquote //
Authenticated Key Management
WPA and CCKM are the new authenticated key management solutions. Wi-Fi Protected Access (WPA) is the new interim solution from the Wireless Ethernet Compatibility Alliance (WECA). WPA, mostly synonymous to Simple Security Network (SSN), relies on the interim version of IEEE Standard 802.11i. WPA supports TKIP and WEP encryption algorithms as well as 802.1X and EAP for simple integration with existing authentication system. WPA key management uses a combination of encryption methods to protect communication between client devices and the access point. Currently, WPA key management supports two mutually exclusive authenticated key management: WPA and WPA-PSK.
If authentication key management is WPA, the client and authentication server authenticate to each other using an EAP authentication method (e.g., EAP-TLS) and generate a Pairwise Master Key. If authentication key management is WPA-PSK, the pre-shared key is used directly as the PMK.
Using Cisco Centralized Key Management (CCKM), authenticated client devices can roam from one access point to another without any perceptible delay during reassociation. An access point on your network acts as a wireless domain services (WDM) and creates a cache of security credentials for CCKM-enabled client devices on the subnet. The WDM's cache of credentials dramatically reduces the time required for reassociation when a CCKM-enabled client device roams to a new access point.
To enable CCKM for an SSID, you must configure network-EAP authentication. To enable WPA for an SSID, you must also enable Open authentication and/or Network-EAP.
Note: Before you can enable CCKM or WPA, you must set the encryption mode for the SSID's VLAN to one of the cipher suite options.
// end quote //
10-24-2003 10:55 AM
In a nutshell, CCKM is a variation on WPA designed to provide fast secure roaming in addition to Secure authentication and Encryption (via 802.1x and TKIP/MIC).
CCKM works for LEAP only today, and provides layer 2 roaming including 802.1x authentication with sub-150ms Latency.
Details on CCKM are available at the following URL; www.cisco.com/go/srnd Look for the link at the bottom of the page called "Wireless LAN Fast Secure roaming"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide