Fast Roaming and CCKM

Unanswered Question
Jun 13th, 2007
User Badges:

We have a WISM blade with two controllers enabled. Single mobility group and no AP groups. We keep having random disconects when our users are in Citrix. Some sugestions I read say that I should enable CCKM. We turned on 802.1x+CCKM on one controller and it seems to work. When we turned on only CCKM mode we can no longer associate clients to any APs on that controller. When would you use CCKM only and when 802.1x+CCKM mode of key mgmt is preffered?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
claeysg Wed, 06/13/2007 - 08:00
User Badges:

if you select 802.1x + CCKM, both 802.1x and CCKM compatible clients will be able to associate and authenticate. This is the preferred option if you are in a mixed environment (devices supporting and not supporting CCKM).


If you devices cannot associate to the WLAN network when only CCKM is selected, this means that these devices are not CCKM capable.

Another way to verify this is by using the following command on the controller (via telnet):

show pmk-cache summary


Please note that both the driver and the supplicant used need to support CCKM. the windows supplicant for example (Wireless Zero Config) does not support CCKM.

Also, there are a lot of issues with the Intel Pro Set cards. Best it to use a Cisco card with the Cisco utility, at least for the tests.


I hope that it helps.


Rgds

Gaetan

vantipov Wed, 06/13/2007 - 08:32
User Badges:

Thanks for your reply. show pmk-cache sum on my test controller tells me that there is no such command. I can do show pmk-cache all and I see a list of MACs. If I do this command on my controller that has all the APs on it - it shows the same list of MACs. Does 802.1x do the same caching as CCKM?

claeysg Wed, 06/13/2007 - 23:48
User Badges:

Hello,


This is the result of the command on my controller.


(Cisco Controller) >show pmk-cache all


PMK-CCKM Cache

Entry

Type Station Lifetime VLAN Override IP Override

------ -------------- -------- ------------------ ---------------

CCKM 00:19:79:49:98:bc 41925 0.0.0.0


You can also verify that your client uses CCKM with the following command

show client details "mac_add of the client"


this will give you

Authentication Key Management.................... CCKM


Rgds,

Gaetan


Actions

This Discussion

 

 

Trending Topics - Security & Network