Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 700 Series

171

172

173

174

175

176

177

178

179

180

11-3

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-5260-01

Chapter 11 Configuring WDS, Fast Secure Roaming, and Radio Management

Understanding Fast Secure Roaming

Role of Access Points Using the WDS Device

The access points on your wireless LAN interact with the WDS device in these activities:

• Discover and track the current WDS device and relay WDS advertisements to the wireless LAN.

• Authenticate with the WDS device and establish a secure communication channel to the WDS

device.

• Register associated client devices with the WDS device.

• Report radio data to the WDS device.

Understanding Fast Secure Roaming

Access points in many wireless LANs serve mobile client devices that roam from access point to access

point throughout the installation. Some applications running on client devices require fast reassociation

when they roam to a different access point. Voice applications, for example, require seamless roaming

to prevent delays and gaps in conversation.

During normal operation, LEAP-enabled client devices mutually authenticate with a new access point

by performing a complete LEAP authentication, including communication with the main RADIUS

server, as in Figure 11-1.

Figure 11-1 Client Authentication Using a RADIUS Server

When you configure your wireless LAN for fast, secure roaming, however, LEAP-enabled client devices

roam from one access point to another without involving the main server. Using Cisco Centralized Key

Management (CCKM), a device configured to provide Wireless Domain Services (WDS) takes the place

of the RADIUS server and authenticates the client so quickly that there is no perceptible delay in voice

or other time-sensitive applications. Figure 11-2 shows client authentication using CCKM.

Access point

or bridge

Wired LAN

Client

device

Server

1. Authentication request

2. Identity request

3. Username

(relay to client)

(relay to server)

4. Authentication challenge

5. Authentication response

(relay to client)

(relay to server)

6. Authentication success

7. Authentication challenge

(relay to client)

(relay to server)

8. Authentication response

9. Successful authentication

(relay to server)

65583