Telnet connections are disconnected when the client roams from one Access Point to another
Under normal circumstances, the disconnection of roaming clients is normal because the client has to be re-authenticated by the new Access Point (AP).To overcome this issue, use the Fast Secure Roaming feature on the AP. Also, the Telnet connectivity timeout should be increased so that the Telnet connections do not drop out.
The Fast Secure Roaming feature provides the ability for client devices to roam from one AP to another without requiring re-authentication by the main RADIUS server. By streamlining the roaming process, the Fast Secure Roaming feature provides support for client applications, such as VoIP, that require seamless roaming to avoid delays and gaps in transmission.
Understanding Fast Secure Roaming
Access points in many wireless LANs serve mobile client devices that roam from access point to access point throughout the installation. Some applications running on client devices require fast reassociation when they roam to a different access point. Voice applications, for example, require seamless roaming to prevent delays and gaps in conversation.
During normal operation, LEAP-enabled client devices mutually authenticate with a new access point by performing a complete LEAP authentication, including communication with the main RADIUS server, as in Figure.
When you configure your wireless LAN for fast, secure roaming, however, LEAP-enabled client devices roam from one access point to another without involving the main RADIUS server. Using Cisco Centralized Key Management (CCKM), a device configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and authenticates the client so quickly that there is no perceptible delay in voice or other time-sensitive applications. Figure shows client authentication using CCKM.
Client Reassociation Using CCKM and a WDS Access Point
The WDS device maintains a cache of credentials for CCKM-capable client devices on your wireless LAN. When a CCKM-capable client roams from one access point to another, the client sends a reassociation request to the new access point, and the new access point relays the request to the WDS device. The WDS device forwards the client's credentials to the new access point, and the new access point sends the reassociation response to the client. Only two packets pass between the client and the new access point, greatly shortening the reassociation time. The client also uses the reassociation response to generate the unicast key. "Configuring Fast Secure Roaming" section for instructions on configuring access points to support fast, secure roaming.