cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1135
Views
0
Helpful
8
Replies

WLC needs to have PKC turned off ?

annmarie.harper
Level 1
Level 1

I have a customer who is telling me that they are using Windows phones and they need PKC turned off.

We are using WPA2 - which seems to me turns on PKC automatically.

Is there anyway I can turn this off ?

If so where ? I have been all over the controller ( using the GUI ) and I have not found it yet ?

 

 

2504 running version - 7.6.130.1

 

 

 

8 Replies 8

George Stefanick
VIP Alumni
VIP Alumni

I don't think I've ever seen this asked. PKC I assume you mean OKC. I think this is automatic.

 

did they say why they need it off? 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I wonder if they mean sticky key..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I have gone back to ask them what exactly is the issue.

The incident ticket I was assigned stated " need to log back in when the phones are rebooted"

So I thought sounds pretty standard to me.

There is a microsoft consultant there , that said it is a known issue between Windows phone and the AP's.

and it is an issue with the Windows phone and turning off the Proactive Key Caching is a work around .

 

Normally PKC is used to prevent that .. You may be best served open a tag case .. 

 

Did the provide you an article of reference for this request from ms where they state this ? 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

They stated that the phones do not support it.

 

If it's not supported the PMKID should be ignored or not even generated .. 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Samrai Bhandari
Level 1
Level 1

PKC proactive key caching (a.k.a OKC) is an enhancement of Sticky key caching (introduced in 802.11i). 
PKC/OKC is not a configurable parameter on the WLC and it always enabled by default, however we can enable/disable  SKC ( PMKID caching)

Basically PKC allows the client and WLC to cache the PMK ( derived from MSK received after the initial EAP authentication with the Radius server) thereby not have the client to re-authenticate again upon roaming from one AP to another, therby drastically cuting down the roam time.

When the client initiates roaming to a new AP and sends the Reassociation Request frame, it adds the PMKID on the WPA2 RSN Information Element if it wants to inform the AP that if it wants to use the cached PMK to do the Fast secure roam.

Hence if the client never sends this PMKID to the WLC then PKC ( fast secure roam) will not take place for the client.

PKC can only take place if the client supports it .hence if the phones do not support it then they shall not participate in it.

It could be possible that the phones may have troubles doing SKC since they have to cache 8 different PMKID (max limit).

 

annmarie.harper
Level 1
Level 1

Sorry I have not gotten around to this yet , tks everyone for the replies.

This is what I have discovered.  The tablets work fine no issues.  The only issue is the windows 7 phones that they use.  They have to keep authenticating as they get disconnected.   We do see in the log that the clients authentication expire every 30 min.

 

 

 

 

 


 

Review Cisco Networking for a $25 gift card