No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Fast Roaming to Reduce Roaming Time in WPA2-802.1X Authentication Mode

Configuring Fast Roaming to Reduce Roaming Time in WPA2-802.1X Authentication Mode

WLAN roaming is classified into fast roaming and non-fast roaming based on the security policy used by STAs. As shown in Table 19-1, fast roaming can be implemented only when the security policy is WPA2-802.1X and STAs support fast roaming. When the security policy is not WPA2-802.1X, non-fast roaming is implemented regardless of whether STAs support fast roaming. When the security policy is WPA2-802.1X but STAs do not support fast roaming, non-fast roaming is implemented.
Table 19-1  Fast roaming and non-fast roaming
Security Policy Whether Access Authentication Is Required Again Whether STAs Support Fast Roaming Roaming Mode
WEP open system authentication No N/A Non-fast roaming
WEP shared key authentication No N/A Non-fast roaming
WPA/WPA2-PSK Yes N/A Non-fast roaming
WPA-802.1X Yes N/A Non-fast roaming
WPA2-802.1X Yes No Non-fast roaming
WPA2-802.1X No Yes Fast roaming

The roaming switchover time is a key factor that affects WLAN service experience during roaming. When the security policy is WPA2-802.1X or the security policy is WPA-WPA2-802.1X and the WPA2 authentication mode is configured on the 802.1X client, fast roaming allows the user to perform only key negotiation during roaming, without the need to perform 802.1X authentication again. In this case, fast roaming reduces the roaming delay and improves the WLAN service experience.

Fast roaming is implemented using pairwise master key (PMK) caching. In Figure 19-4, the fast roaming process is as follows:
Figure 19-4  WLAN roaming

  1. The STA accesses the Internet through RU_1 for the first time. When the STA is authenticated by the central AP and a PMK is generated, the STA and central AP save the PMK information. Each PMK has a PMK-ID, which is calculated based on the PMK, SSID, STA MAC address, and BSSID.
  2. During roaming, the STA sends RU_2 a Re-association Request packet that carries the PMK-ID.
  3. RU_2 receives the Re-association Request packet and then notifies the central AP that the STA needs to roam from RU_1 to RU_2.
  4. The central AP searches the PMK caching table for the PMK of the STA according to the PMK-ID carried in the Re-association Request packet. If the central AP finds a matching PMK, the central AP considers that 802.1X authentication has been performed on the STA and uses the cached PMK for key negotiation.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 115557

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next