System information
Command Line Reference
Wireless Security Commands
pre-authentication enable
This command enables WPA2 preauthentication for fast secure roaming. Use
the no form to disable preauthentication.
Syntax
pre-authentication enable
no pre-authentication
Default Setting
Disabled
Command Mode
SSID Wireless Interface Configuration
Command Usage
• Each time a client roams to another access point it has to be fully re-
authenticated. This authentication process is time consuming and can
disrupt applications running over the network. WPA2 includes a
mechanism, known as preauthentication, that allows clients to roam
to a new access point and be quickly associated. The first time a client
is authenticated to a wireless network it has to be fully authenticated.
When the client is about to roam to another access point in the
network, the access point sends preauthentcation messages to the
new access point that include the client’s security association infor-
mation. Then when the client sends an association request to the new
access point the client is known to be already authenticated, so it
proceeds directly to key exchange and association.
• To support preauthentication, both clients and access points in the
network must be WPA2 enabled.
• Preauthentication requires all access points in the network to be on
the same IP subnet.
Example
HP420(if-wireless-g-ssid-1)#pre-authentication enable
HP420(if-wireless-g-ssid-1)#
8-121