What is CCKM, and how does it affect Fast and Secure Roaming?
Some applications that run on a client device may require fast roaming between Access Points (APs). Voice applications, for example, require seamless roaming to prevent delays and gaps in conversation. Support for fast roaming is available for LEAP-enabled clients in Install Wizard version 1.1 or later.
CCKM Fast Secure Roaming
CCKM (Cisco Centralized Key Management) fast secure roaming is enabled automatically for CB21AG and PI21AG clients using WPA/WPA2/CCKM with LEAP, EAP-FAST, EAP-TLS, PEAP (EAP-GTC), or PEAP (EAP-MSCHAP V2). However, this feature must be enabled on the access point.
During normal operation, EAP-enabled clients mutually authenticate with a new access point by performing a complete EAP authentication, including communication with the main RADIUS server. However, when you configure your wireless LAN for CCKM fast secure roaming, EAP-enabled clients securely roam from one access point to another without the need to reauthenticate with the RADIUS server. Using Cisco Centralized Key Management (CCKM), an access point that is configured for wireless domain services (WDS) uses a fast rekeying technique that enables Cisco client devices to roam from one access point to another typically in under 150 milliseconds (ms). CCKM fast secure roaming ensures that there is no perceptible delay in time-sensitive applications such as wireless Voice over IP (VoIP), enterprise resource planning (ERP), or Citrix-based solutions.
If you want to enable CCKM fast secure roaming on the client adapter, you must choose the WPA/WPA2/CCKM security option on the Profile Management (Security) window, regardless of whether you want the adapter to use WPA or WPA2. The configuration of the access point to which your client adapter associates determines whether CCKM will be used with 802.1x, WPA, or WPA2.
Access points must use Cisco IOS Release 12.2(11)JA or later to enable CCKM fast secure roaming. Refer to the documentation for your access point for instructions on enabling this feature.
The Microsoft Wireless Configuration Manager and the Microsoft 802.1X supplicant, if installed, must be disabled in order for CCKM fast secure roaming to operate correctly. If your computer is running Windows XP and you chose to configure your client adapter using ADU during installation, these features should already be disabled. Similarly, if your computer is running Windows 2000, the Microsoft 802.1X supplicant, if installed, should already be disabled. Refer to Chapter 10, if you need additional information.
Cisco Centralized Key Management (CCKM) helps to improve roaming. Only the client can initiate the roaming process, which depends on factors such as these:
Overlap between APs
Distance between APs
Channel, signal strength, and load on the AP
Data rates and output power
A wireless client that starts to search for a stronger signal depends on its roaming algorithm, which is different for different client cards. A Cisco wireless client card continualy scans for a better AP. This causes the client card to look for a better AP when the signal strength of its associated AP is less than the specified value.
The user can specify the time and signal strength in ACU version 6.1 or later, which is included in Install Wizard version 1.1 or later.
CCKM-authenticated client devices can roam from one AP to another without any perceptible delay during reassociation. An AP on the network provides Wireless Domain Services (WDS) and creates a cache of security credentials for CCKM-enabled client devices on the subnet. The WDS APs cache of credentials dramatically reduces the time required for re-association when a CCKM-enabled client device roams to a new AP. When a client device roams, the WDS AP forwards the client's security credentials to the new AP. The re-association process is reduced to a two-packet exchange between the roaming client and the new AP. Roaming clients reassociate so quickly that there is no perceptible delay in voice or other time-sensitive applications.
CCKM (Cisco Centralized Key Management)
Wireless Domain Services (WDS)
CCKM settings can be configured on both the AP (Cisco IOS ) and the client. CCKM is not supported on Vx-works-based APs.
Hello EveryoneWe have a very serious issue going on with our cisco access points. This is our fourth AP which is fully burned out. We are using cisco WS-C2960X-48LPD-L to connect these access points. And i am getting following errors on the switch.&n...
Hello All, I have an issue where we had a 3rd party contractor mount and connect a large number of 2802 AP's around a building and patch in 2 cables to each AP so that both ports are connected. Its not a problem as we only patched in a single c...
I have a problem with vWLC (8.10.151) and multicast. I don't have this problem with a 2504 controller, with which everything works perfectly. At this stage I'd just like to know if it is in fact possible to do what I need or if this is not supported ...
I am researching using open roaming and I found cisco documentation on how to enable open roaming on meraki devices. It all seems straight forward but where I am lost is how do I capture the info of the authorized user? If a user authenticates with ...
Hello, I'm facing an issue setting up a RootAP(With DHCP) and a Repeater.When I connect a wireless device to my RootAP (192.168.1.240), no problem, is authenticates, gets and IP, and reaches what is behind the ethernet port (192.168.1.10 for example).But,...