No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - WLAN-AC

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the concepts, configuration procedures, and configuration examples of WLAN-AC features.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Fast Roaming to Reduce Roaming Time in WPA2-802.1X Authentication Mode

Configuring Fast Roaming to Reduce Roaming Time in WPA2-802.1X Authentication Mode

WLAN roaming is classified into fast and non-fast roaming, based on the security policy used by STAs. Table 6-1 shows that fast roaming can be implemented only when the security policy is WPA2-802.1X and STAs support fast roaming. When the security policy is not WPA2-802.1X, non-fast roaming is implemented regardless of whether STAs support fast roaming. When the security policy is WPA2-802.1X but STAs do not support fast roaming, non-fast roaming is implemented.
Table 6-1  Fast and non-fast roaming
Security Policy Whether Access Authentication Is Required Again Whether STAs Support Fast Roaming Roaming Mode
WEP open system authentication No N/A Non-fast
WEP shared key authentication No N/A Non-fast
WPA/WPA2-PSK Yes N/A Non-fast
WPA-802.1X Yes N/A Non-fast
WPA2-802.1X Yes No Non-fast
WPA2-802.1X No Yes Fast

The roaming switchover time is a key factor that affects WLAN service experience during roaming. When the user uses the WPA2-802.1X security policy and supports fast roaming, the user does not need to perform 802.1X authentication again during roaming and only needs to perform key negotiation. In this case, fast roaming reduces the roaming delay and improves the WLAN service experience.

Fast roaming is implemented using pairwise master key (PMK) caching. In Figure 6-4, the fast roaming process is as follows:
Figure 6-4  WLAN roaming

  1. The STA accesses the Internet through AP_1 for the first time. When the STA is authenticated by the AC and a PMK is generated, the STA and AC save the PMK information. Each PMK has a PMK-ID, which is calculated based on the PMK, SSID, STA MAC address, and BSSID.
  2. During roaming, the STA sends AP_2 a Re-association Request packet that carries the PMK-ID.
  3. AP_2 receives the Re-association Request packet and then notifies the AC that the STA needs to roam from AP_1 to AP_2.
  4. The AC searches the PMK caching table for the PMK of the STA according to the PMK-ID carried in the Re-association Request packet. If the AC finds a matching PMK, the AC considers that 802.1X authentication has been performed on the STA and uses the cached PMK for key negotiation.
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100033726

Views: 33731

Downloads: 207

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next