C H A P T E R
11
802.11r, 802.11k, 802.11v, 802.11w Fast Transition
Roaming
802.11r Fast Transition Roaming
The 802.11r Fast Transition (FT) Roaming is an amendment to the 802.11 IEEE standards. It is a new
concept for roaming. The initial handshake with the new Access Point (AP) occurs before client roams
to the target AP, called as Fast Transition (FT).
Initial handshake allows the client and APs to do Pairwise Master Key (PMK) calculation in advance.
Once the client performs the re-association request or response exchange with the new AP, the PMK keys
are applied to the client and AP. The FT key hierarchy allows clients to make fast Base Station Subsystem
(BSS) transitions between APs without the need for re-authentication at every AP. 802.11r eliminates
the handshake overhead while roaming and thereby reduces the hand off times between APs, which
provides security and QoS. It is useful for client devices with delay-sensitive applications, such as, voice
and video over Wi-Fi.
Methods of Client Roaming
For a client to move from the current AP to target AP using FT protocols, the message exchanges are
performed using one of the following methods:
• Over-the-Air FT Roaming
Over-the-DS (Distribution System) FT Roaming
Over-the-Air Fast Transition Roaming
The client communicates directly with the target AP using IEEE 802.11 authentication with the FT
authentication algorithm.
Enterprise Mobility 8.1 Design Guide
11-1
802.11r Fast Transition Roaming
Chapter 11 802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming
Figure 11-1
Fast BSS Transition over-the Air in RSN
Roaming Over-the-Air Intra Controller
When a client is roaming between AP1 and AP2 that are connected to the same controller, the following
steps takes place by default:
Step 1
Step 2
Step 3
Step 4
Client associates with AP1 and requests to roam with AP2.
Client sends a FT Authentication Request to AP2 and receives a FT Authentication Response from AP2.
Client sends a FT Re-association Request to AP2 and receives a FT Re-association Response from AP2.
Client completes its roam from AP1 to AP2.
Enterprise Mobility 8.1 Design Guide
11-2
Chapter 11 802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming
802.11r Fast Transition Roaming
Figure 11-2
Over-the- Air Intra Controller Roam
Roaming Over the Air Inter Controller
When a client is roaming between AP1 and AP2 which are connected to different controllers such as
WLC1 and WLC2, respectively, within mobility group, the following steps takes place by default:
Step 1
Step 2
Client associates with AP1 and requests to roam with AP2.
Client sends a FT Authentication Request to AP2 and receives a FT Authentication Response from AP2.
Step 3 WLC-1 sends PMK and mobility message to WLC-2 about the roaming client that uses mobility
infrastructure.
Step 4
Client completes its roam from AP1 to AP2.
Enterprise Mobility 8.1 Design Guide
11-3
802.11r Fast Transition Roaming
Chapter 11 802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming
Figure 11-3
Over- the- Air Inter Controller Roam
Over-the-Distribution System Fast Transition Roaming
In roaming over the DS, the client communicates with the target AP through the current AP. The
communication is in FT action frames between the client and the current AP through the controller.
Enterprise Mobility 8.1 Design Guide
11-4
Chapter 11 802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming
802.11r Fast Transition Roaming
Figure 11-4
Roaming Over the DS
Roaming Over the DS Intra Controller
When a client is roaming between AP1 and AP2 that are connected to the same controller, the following
steps takes place by default:
Step 1
Step 2
Step 3
Step 4
Step 5
Client associates with AP1 and requests to roam with AP2.
Client sends a FT Authentication Request to AP1 and receives a FT Authentication Response from AP1.
The controller sends the pre-authentication information to AP2 as the APs are connected to the same
controller.
Client sends a FT Re-association Request to AP2 and receives a FT Re-association Response from AP2.
Client completes its roam from AP1 to AP2.
Enterprise Mobility 8.1 Design Guide
11-5
802.11r Fast Transition Roaming
Chapter 11 802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming
Figure 11-5
Over the DS intra controller roam
Roaming Over the DS Inter Controller
When a client is roaming between AP1 and AP2 that are connected to the different controllers such as
WLC1 and WLC2 respectively within a mobility group, the following steps takes place by default:
Step 1
Step 2
Client associates with AP1 and requests to roam with AP2.
Client sends a FT Authentication Request to AP1 and receives a FT Authentication Response from AP1.
Step 3 WLC-1 sends Pairwise Master Key (PMK) and mobility message to WLC-2 about the roaming client.
Step 4
Client completes its roam from AP1 to AP2.
Enterprise Mobility 8.1 Design Guide
11-6
Chapter 11 802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming
802.11r Fast Transition Roaming
Figure 11-6
Over the DS Inter Controller Roam
Configuring Fast Transition Roaming using GUI
To configure FT Roaming using GUI, perform the following steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Click WLANs.
Choose WLAN ID > Edit page.
Choose Security > Layer 2 tab.
Choose WPA+WPA2 from the drop-down list.
The Authentication Key Management parameter for FT appears.
Check the Fast Transition check box to enable FT.
Check the Over the DS check box to enable FT over a DS.
Note
The Over the DS check box gets enabled only when you enable FT.
Step 7
In the Reassociation Timeout field, enter the number of seconds after which the reassociation attempt
of a client to an AP must time out. The valid range is 1 to 100 seconds.
Note
The Reassociation Timeout field gets enabled only when you enable FT.
Enterprise Mobility 8.1 Design Guide
11-7
802.11r Fast Transition Roaming
Chapter 11 802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming
Figure 11-7
Setting up Reassociation Timeout
Step 8
Under Authentication Key Management, check the Enable check box of either FT 802.1X or FT PSK
to enable the key. To disable the key, uncheck the Enable check box.
Note
If you check the FT PSK check box, from the PSK Format drop-down list, choose ASCII or
Hex and enter the key value.
Step 9
Choose Enable or Disable from the WPA gtk-randomize State drop-down list, to configure the WPA
Group Temporal Key (GTK) to randomize state.
Enterprise Mobility 8.1 Design Guide
11-8