KNet wireless CWLAT 1 0 student guide vol 1 2006
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (19.36 MB, 410 trang )
CWLAT
Cisco Wireless LAN
Advanced Topics
Volume 1
Version 1.0
Student Guide
Text Part Number: xx-xxxx-xx
Copyright © 2006, Cisco Systems, Inc. All rights reserved.
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax
numbers are listed on the Cisco Web site at www.cisco.com/go/offices.
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica Croatia • Czech
Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary
India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands
New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia
Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey Ukraine •
United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Copyright © 2006, Cisco Systems, Inc. All rights reserved. CCIP, the Cisco Powered Network mark, the
Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ
Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy,
ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We
Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and
iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,
CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,
Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,
Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers
logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus,
Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in
the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of
the word partner does not imply a partnership relationship between Cisco and any other company. (0201R)
Table of Contents
Volume 1
Course Introduction .......................................................................................................... 1
Overview ......................................................................................................................................1
Course Goal and Objectives ........................................................................................................3
Course Flow.................................................................................................................................4
Additional References..................................................................................................................5
Cisco Unified Wireless Network Concepts .................................................................. 1-1
Describing Cisco Aironet Autonomous Access Points .............................................. 1-3
Overview ...................................................................................................................................1-3
Features and Components .......................................................................................................1-4
Cisco Integrated Services Routers .........................................................................................1-16
Lesson Self-Check..................................................................................................................1-19
Summary.................................................................................................................................1-21
Describing the Cisco Unified Wireless Network........................................................ 1-23
Overview .................................................................................................................................1-23
Dynamic RF Management ......................................................................................................1-25
Security and VLANs................................................................................................................1-26
Link Aggregation .....................................................................................................................1-31
Guest Tunnel and Anchor Mobility..........................................................................................1-39
Dynamic Frequency Selection ................................................................................................1-56
QoS.........................................................................................................................................1-72
Multicast..................................................................................................................................1-86
WiSM ......................................................................................................................................1-93
Cisco Wireless LAN Controller Module...................................................................................1-99
Cisco Enhanced Security Module .........................................................................................1-108
Mesh Support........................................................................................................................1-112
Lesson Self-Check................................................................................................................1-114
Summary...............................................................................................................................1-116
Describing WLAN Controller and Lightweight Access Point Architecture ........... 1-117
Overview ...............................................................................................................................1-117
Lightweight Access Point Protocol........................................................................................1-118
WLAN Controller Hunting, Discovery, and Join Process ......................................................1-125
Implementation Basics..........................................................................................................1-131
Advanced Deployment Concepts..........................................................................................1-137
Controller Placement and Deployment Strategies ................................................................1-144
Lesson Self-Check................................................................................................................1-150
Summary...............................................................................................................................1-152
Copyright © 2006, Cisco Systems, Inc.
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
1
Implementing the WLAN with Cisco WCS ....................................................................2-1
Installing the Cisco WLAN Controller ...........................................................................2-3
Overview .................................................................................................................................. 2-3
Controller Initial Setup using the Console Port ........................................................................ 2-4
Controller Initial Setup using the Service Port ......................................................................... 2-7
Lesson Self-Check................................................................................................................. 2-18
Summary................................................................................................................................ 2-20
Installing the Cisco Wireless Control System............................................................ 2-21
Overview ................................................................................................................................ 2-21
Cisco Wireless Control System Overview.............................................................................. 2-23
Installing the Cisco WCS ....................................................................................................... 2-35
Cisco WCS Browser Overview .............................................................................................. 2-41
Administer the Cisco WCS..................................................................................................... 2-46
Populate the Cisco WCS Database ....................................................................................... 2-55
Adding Maps to the Cisco WCS............................................................................................. 2-60
Viewing Maps......................................................................................................................... 2-71
Editing Maps on the Cisco WCS............................................................................................ 2-75
Configure the WLAN .............................................................................................................. 2-86
Lesson Self-Check............................................................................................................... 2-106
Summary.............................................................................................................................. 2-109
The Cisco Core Feature Set...........................................................................................3-1
Introducing the Cisco Core Feature Set based on Autonomous Access Points ......3-3
Overview .................................................................................................................................. 3-3
Configure the CiscoWorks WLSE Network Information ........................................................... 3-5
Switch and Router Setup ......................................................................................................... 3-6
AAA Server Setup.................................................................................................................... 3-8
Connecting to the Device....................................................................................................... 3-12
Login with Setup .................................................................................................................... 3-13
Enter Setup Prompts.............................................................................................................. 3-14
Enter SSL Certification Configuration Information ................................................................. 3-15
Verify Configuration ............................................................................................................... 3-16
Configure Fast Secure Roaming for Voice ............................................................................ 3-39
Lesson Self-Check................................................................................................................. 3-54
Summary................................................................................................................................ 3-56
Implementing Radio Management for Cisco Autonomous Access Points.............. 3-57
Overview ................................................................................................................................ 3-57
RM Theory of Operation ........................................................................................................ 3-59
CiscoWorks WLSE RM Operation ......................................................................................... 3-68
Self-Healing ........................................................................................................................... 3-79
Ad-Hoc Network Detection..................................................................................................... 3-84
2
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
Location Manager and Assisted Site Survey ..........................................................................3-89
Antenna Support ...................................................................................................................3-109
WDS Radio Management Verifier.........................................................................................3-122
Lesson Self-Check................................................................................................................3-124
Summary...............................................................................................................................3-126
Copyright © 2006, Cisco Systems, Inc.
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
3
4
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
CWLAT
Course Introduction
Overview
This course is designed to give students a firm understanding of the components, features and
proper deployment of the Cisco Unified Wireless Network. The course focuses on advanced
WLAN design, integrating Cisco wireless components into a wired infrastructure. Deployment
topics include managing the WLAN by using the Cisco Wireless Control System (WCS) to
manage the advanced feature set and using the CiscoWorks Wireless LAN Solutions Engine
(WLSE) to manage the core feature set. Security topics focus on integrating WLAN security
using the WLAN controllers and lightweight access points as well as the autonomous access
points in conjunction with the Cisco Secure ACS, and Network Access Controller (NAC).
Security also includes Cisco WCS and CiscoWorks WLSE Intrusion Detection Systems.
Troubleshooting the WLAN is also included.
Learner Prerequisite Skills and Knowledge
This subtopic lists the skills and knowledge that learners must possess to benefit fully from the
course. The subtopic also includes recommended Cisco learning offerings that learners should
first complete to benefit fully from this course.
Learner Skills and Knowledge
• Basic Computer Literacy
• Knowledge of fundamental networking components and
terminology
• Knowledge of the Open Systems Interconnection (OSI)
reference model
• Knowledge of basic LAN components and functions
© 2006 Cisco Systems, Inc. All rights reserved.
2
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
CWLAT v1.0—3
Copyright © 2006, Cisco Systems, Inc.
Course Goal and Objectives
This topic describes the course goal and objectives.
Course Goal
“To provide System Engineers and Field Engineers
with a more in-depth understanding of the most
innovative and comprehensive suite of WLAN
solutions in the industry, spanning a wide range of
customer sizes and needs”.
Cisco Wireless LAN Advanced Topics
© 2006 Cisco Systems, Inc. All rights reserved.
CWLAT v1.0—4
Upon completing this course, you will be able to meet these objectives:
Describe detailed technical features, functions and benefits of the WLAN product offerings
available from Cisco
Install advanced feature set hardware so that it functions optimally
Install and manage the CiscoWorks WLSE and infrastructure devices so that it functions
optimally
Install and administer WLAN management devices
Troubleshoot and maintain a wireless network
Administer security so that the network is safe from attack
Copyright © 2006, Cisco Systems, Inc.
Course Introduction
3
Course Flow
This topic presents the suggested flow of the course materials.
Course Flow
Day 1
Day 2
Day 3
Course
Introduction
A
M
Cisco Unified
Wireless Network
Concepts
The Cisco Core
Feature Set
Implementing
the WLAN with
Cisco WCS
WLAN
Management
(Cont.)
Wireless Network
Troubleshooting
Day 4
Cisco WLAN
Security
Lunch
P
M
Implementing
the WLAN with
Cisco WCS
(Cont.)
WLAN
Management
© 2006 Cisco Systems, Inc. All rights reserved.
Wireless Network
Troubleshooting
(Cont.)
Cisco WLAN
Security
(Cont.)
CWLAT v1.0—5
The schedule reflects the recommended structure for this course. This structure allows enough
time for the instructor to present the course information and for you to work through the lab
activities. The exact timing of the subject materials and labs depends on the pace of your
specific class.
4
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
Additional References
This topic presents the Cisco icons and symbols that are used in this course, as well as
information on where to find additional technical references.
Cisco Icons and Symbols
Wireless Dual
Mode Access
Point
Access
Point
Network
Management
Appliance
Router
CiscoWorks
Workstation
File
Server
Line: Ethernet
Laptop
WLAN Controller
Wireless
Connectivity
Cisco
5500
Family
Workgroup
Switch
Access point
Wireless Dual
Mode Access
Point
Network
Cloud,
White
Tablet
© 2006 Cisco Systems, Inc. All rights reserved.
CWLAT v1.0—6
Cisco Glossary of Terms
For additional information on Cisco terminology, refer to the Cisco Internetworking Terms and
Acronyms glossary of terms at />
Copyright © 2006, Cisco Systems, Inc.
Course Introduction
5
6
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
Module 1
Cisco Unified Wireless
Network Concepts
Overview
This module describes wireless LAN basics.
Module Objectives
Upon completing this module, you will be able to describe detailed technical features, functions
and benefits of the WLAN product offerings available from Cisco. This ability includes being
able to meet these objectives:
Determine the components and basic configurations of Cisco core feature set
Determine the components and basic configurations of the Cisco WLAN Controllers and
lightweight access points
Describe the architecture of the WLAN controller and lightweight access point WLAN.
1-2
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
Lesson 1
Describing Cisco Aironet
Autonomous Access Points
Overview
This lesson discusses implementing a WLAN solution using Cisco Aironet autonomous access
points.
Objectives
Upon completing this lesson, you will be able to determine the components and basic
configurations of Cisco core feature set. This ability includes being able to meet these
objectives:
Describe the features and components of the WLAN core products using autonomous
access points
Identify Cisco Integrated Service Routers that support Wireless Domain Services
Features and Components
This topic describes the features and components of the WLAN core products using
autonomous access points.
WLAN Core Products Components
Hardware components:
• Cisco Aironet series autonomous access points
• Cisco Integrated Service Routers
• CiscoWorks WLSE
• Cisco Secure ACS
• Optional: Cisco Aironet Wireless LAN client adapters, Cisco Compatible
Extensions client devices, and third-party
Software requirements:
• Cisco IOS software release 12.2.(15)XR for Cisco Aironet 1100 Series and
1200 Series access points
• Cisco IOS software release 12.3(2)JA for Aironet 1130 Series and 1230
Series access points
• Cisco IOS software release 12.3(7)JA1 for Aironet 1240 Series access points
• Release 2.7(1) for CiscoWorks Wireless LAN Solution Engine (WLSE)
• Support for all EAP types requires Secure ACS release 3.2.3 or higher
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-2
Cisco WLAN core products include:
Cisco Aironet series autonomous access points or bridges
Cisco Integrated Service Routers
CiscoWorks WLSE
Cisco Secure ACS
Optional: Cisco Aironet wireless LAN client adapters, Cisco Compatible Extensions client
devices, and third-party non-Cisco client adapters
Note
The Cisco Compatible Extensions program provides third-party verification of Cisco Aironet
wireless infrastructure products and wireless client devices from third-party companies.
Additional information about the Cisco Compatible Extensions program can be found at
/>
In addition to the hardware requirements, the minimal software requirements for this solution
are the following:
Cisco IOS software release 12.2.(15)XR for Cisco Aironet 1100 Series and 1200 Series
access points, Cisco IOS software release 12.3(2)JA for Aironet 1130 Series and 1230
Series access points, Cisco IOS software release 12.3(7)JA for Aironet 1240 Series access
points.
Release 2.7(1) for CiscoWorks WLSE
The software requirements for Cisco Secure ACS depend on the type of Extensible
Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP
Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
1-4
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
CiscoWorks WLSE 1130 Hardware
Rack-mounted server
Support 5000 RF interfaces per CiscoWorks WLSE
• Single-band access points count as 1 RF interface
• Dual-band access points count as 2 RF interface
• 2500 dual-mode access points may be supported by WLSE
Supports 3600 RF interfaces when Radio
Management (RM) is being used
• Single-band access points count as 1 RF interface
• Dual-band access points count as 2 RF interface
• 1800 dual-mode access points may be supported by WLSE
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-3
The following outlines the technical specifications of CiscoWorks WLSE.
Core Logic
Drives
Ports
Power
CPU
Intel Pentium IV processor, 3.06 GHz
Front side bus
533 MHz
Hard drives
One 40-GB Integrated Drive Electronics (IDE) hard drive
CD-ROM drive
Slim type, low-profile IDE CD-ROM drive
Disk drive
One 3.5-inch, 1.44-MB disk drive
Serial
One 9-pin connector
USB
One USB connector in front and two in rear
RJ-45
Two RJ-45 connectors for connection to two 10/100/1000
Ethernet controllers
AC power supply
wattage
230 W
AC power supply
voltage
100-120V at 50-60 Hz; 200-240V at 50-60 Hz
System battery
Physical
Environmental
CR2032 3V lithium coin cell
Rack mountable
1 rack unit
Height
1.68 in. (4.27 cm)
Depth
23 in. (58.4 cm)
Weight
28.6 lb (13 kg) maximum
Operating
temperature
50 to 95°F (10 to 35°C)
Storage temperature
-40 to 149°F (-40 to 65°C)
Copyright © 2006, Cisco Systems, Inc.
Cisco Unified Wireless Network Concepts
1-5
Radio Management Overview
Procedures
Features
Rogue AP Detection
Radio Manager Database
AP Radio Scan
AP Radio Scan
Radio Monitoring
(AP and Client)
Calibrated
Path-Loss
Model
RF Data per
Radio
Location
Client
Walkabout
Data
Radio
Parameters
Interference Detection
Radio Parameter
Generation
Auto Re-Site Survey
Self Healing
Scanning-Only AP
Ad-Hoc network
Detection
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-4
The Radio Manager consists of:
Procedures that gather data about the radio environment.
The Radio Manager database, which contains radio data and parameters.
Features that use the information in the database.
Access point radio scan is used to calculate a calibrated path-loss model of all the access points.
Client walk-about data is used to fine-tune the radio frequency (RF) information. The
calibrated path-loss model and client walkabout data are used to create RF data per location and
generate radio parameters.
This information is then used for the following:
1-6
Rogue access point detection
Interference detection
Radio parameter generation
Auto re-site survey
Self healing
Scanning-only access points
Ad-hoc network detection
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
Radio Parameter Generation
Use to recommend
optimal
• Radio transmit power
• Channel selection
• Beacon interval for each
access point
Two ways to generate
• Radio Management
• Assisted Site Survey
Wizard
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-5
Use selections under the Radio Manager (RM) or Location Manager tabs to recommend
optimal radio transmit power, channel selection, and beacon interval (optional) for each access
point, and then apply these configuration settings. There are two ways to generate radio
parameters and configure your access points:
RM Assisted Configuration
—
Use this option after you have collected data from an AP radio scanning and a client
walkabout.
Assisted Site Survey Wizard
—
Use this option, which is part of Location Manager, when you want to use a wizard
interface to step through AP radio scan, client walkabout, and radio parameter
generation.
The Radio Parameter Generation (RPG) operation is a non-real-time process where previously
gathered measurements are used to calculate RF design parameters for the WLAN network.
The RF measurements and client loading requirements are taken as the inputs to the RPG, and
the RF settings for the system’s access points are the output.
Copyright © 2006, Cisco Systems, Inc.
Cisco Unified Wireless Network Concepts
1-7
Radio Parameter Generation (Cont.)
Gives administrator an
RF deployment plan
This same type of data
is generated with an RF
Site Survey
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-6
The RM assisted configuration calculates the optimal radio transmit power, channel selection,
and beacon interval (optional), and then applies these configuration settings to the access points,
if desired.
Also, CiscoWorks Wireless LAN Solution Engine (WLSE) gives the administrator the option
of previewing the configuration before applying to the system.
This differs from many WLAN radio control implementations, where the system applies
configuration to the access points without any administrative control. WLSE permits
supervisory control of RF settings.
1-8
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
RF Coverage Display
Coverage display
changes upon any
changes in RF
performance
Coverage may be
displayed by:
• Data rate
• Signal strength
• Access point coverage
zone
• Receiver range
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-7
Location Manager gives a graphical view of the access points on each floor of the WLAN
environment. Note that this display is a combination of predicted and measured RF coverage.
The coverage display uses the measurements taken between access points to evaluate the RF
path loss and to map out the RF propagation characteristics of the facility. Using these
measurements, it is possible to detect areas of higher signal attenuation and show reduced RF
signal reach in these areas.
Note that all areas cannot be explicitly measured (on the outer fringe of a coverage area where
access points are not deployed) thus there is no inter-access point measurement possible. In
these areas, CiscoWorks WLSE uses an RF propagation model to predict the RF coverage. This
predicted coverage is also shown in cases where the access points have not yet taken any
measurements.
Copyright © 2006, Cisco Systems, Inc.
Cisco Unified Wireless Network Concepts
1-9
Self Healing WLANs
Runs on WLSE
Performs two actions
• Monitors the floor
• Takes action if an access point is determined to be down
Wireless Network Manager (WNM)
CiscoWorks WLSE
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-8
Self Healing runs on the CiscoWorks WLSE and uses Simple Network Management Protocol
(SNMP) to adjust neighboring access points in response to a downed access point. To
determine if a radio is down, Self Healing uses beacon information that was obtained using
Wireless LAN Context Communication Protocol (WLCCP) via the Wireless Domain Services
(WDS[s]).
Self Healing performs two actions:
Monitors the floor
—
Takes action if an access point is determined to be down
—
Note
1-10
Self Healing uses path loss data collected from access point Radio Scan and Radio
Monitoring and WDS registration information to determine a set of radio links for
monitoring purposes. If all monitored links to a given access point are missing for
more than three measurement report intervals and the access point was not
administratively shut down, a self-healing event is triggered.
Using the information previously gathered from AP Radio Scans and Radio
Monitoring, Radio Manager adjusts the transmit power levels of neighboring access
points (which might or might not be on the same floor as the failed access point) to
cover the potential areas of lost coverage, then generates a self healing fault.
Note that the network must initially be deployed with less than full power in the access points
to permit access points to have their power adjusted up to compensate for a loss in
coverage from an adjacent access point.
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
Layer 2 Roaming
Layer 3
Subnet
A
Subnet B
Layer 2 Roaming
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-9
Layer 2 roaming occurs when a WLAN device physically moves so that its radio associates to a
different access point. The original and the updated access points offer coverage for the same
IP subnet, so that the WLAN client’s IP address is still valid after the roam.
Copyright © 2006, Cisco Systems, Inc.
Cisco Unified Wireless Network Concepts
1-11
Voice and Traditional Roaming
WAN
Cisco ACS
AAA server
AP2
1. 802.1X Initial
Authentication
Transaction
AP1
2. 802.1X
Reauthentication
After Roaming
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-10
A wireless IP phone reauthenticates every time it roams to a new access point. Additional
latency is introduced when this reauthentication requires a RADIUS server.
Step 1
Initially, a client authenticates to an access point. Lightweight Extensible
Authentication Protocol (LEAP) takes anywhere from 200 ms to 1.2 seconds.
Step 2
A Cisco Aironet client takes between 400 ms and 600 ms to roam at Layer 2. The
802.1X authentication adds even more latency (if it is enabled). 802.1X
authentication requires a roaming client to reauthenticate, adding an additional 500+
ms to the roam.
Roaming delay is not a big problem for most applications. But real-time applications such as
voice need delays of less than 150 ms end to end to maintain good voice quality.
1-12
Cisco Wireless LAN Advanced Topics (CWLAT) v1.0
Copyright © 2006, Cisco Systems, Inc.
Fast Secure Layer 2 Roaming
Cisco ACS Radius Server
1
WAN Link
WDS
Si
4
2
3
Transparent Layer 2 roaming between access points
© 2006 Cisco Systems, Inc. All rights reserved.
CWALT v1.0—1-11
Fast secure roaming at Layer 2 allows the client to roam from one access point to another
without having to reauthenticate to the authentication, authorization, and accounting (AAA)
server. When the client roams, it informs the WDS that it has roamed and the WDS forwards
the keying material to the new access point.
CCKM is an authentication method that permits the negotiation of session key from a cached
master key.
As an example, a client authenticates using 802.1X. The access point forwards the request to
the WDS which acts as the AAA client. The WDS forwards the request to the AAA server.
Once the AAA server and the client have authenticated each other, the following occurs.
Step 1
The AAA Server forwards the key to the WDS.
Step 2
The WDS forwards the key to the access point and the keying material to the client.
Step 3
The client roams to a new access point.
Step 4
The client requests the key be sent to the new access point and the WDS forwards
the key to the new access point.
Note
Fast Roam Times: Typical access point-to-access point roaming latency of <100 ms for a
WDS-access point.
Note
WAN Link Survivability: Because the local WDS handles reauthentication during roam, in
the event that the AAA server is located remotely over a WAN link, the WAN link is not
required, so the WLAN will continue to operate even if the link goes down.
Copyright © 2006, Cisco Systems, Inc.
Cisco Unified Wireless Network Concepts
1-13
