Proactive KEY Caching

Unanswered Question
Jul 23rd, 2008

I want to test PKC in our office in a roaming scenario.Does Cisco have any AP's or LWAPP's supporting this feature?If I would like to use cisco 4400 WLC what are the AP's that I can use for testing PKC feature?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
didyap Tue, 07/29/2008 - 14:45

PKC was designed as an extension to the 802.11i IEEE standard.

PKC is a feature enabled in Cisco 2006/410x/440x Series Controllers which permits properly equipped wireless clients to roam without full re-authentication with an AAA server. In order to understand PKC, you first need to understand Key Caching. Key Caching is a feature that was added to WPA2. This allows a mobile station to cache the master keys (Pairwise Master Key [PMK]) it gains through a successful authentication with an access point (AP), and re-use it in a future association with the same AP. This means that a given mobile device needs to authenticate once with a specific AP, and cache the key for future use. Key Caching is handled via a mechanism known as the PMK Identifier (PMKID), which is a hash of the PMK, a string, the station and the MAC addresses of the AP. The PMKID uniquely identifies the PMK. Even with Key Caching, a wireless station must authenticate with each AP it wishes to get service from. This introduces significant latency and overheads, which delay the hand-off process and can inhibit the ability to support real-time applications. In order to resolve this issue, PKC was introduced with WPA2. PKC allows a station to re-use a PMK it had previously gained through a successful authentication process. This eliminates the need for the station to authenticate against new APs when roaming. But PKC does not work with Aironet Desktop Utility (ADU) as the client supplicant.


This Discussion