It's been just shy of 2 years now since the IEEE ratification of the 802.11r amendment in July 2008, and there is little sign of vendors, either infrastructure or client, moving to implement it.
Perhaps this is a testament to the value of pre-standard fast roaming techniques such as CCKM and Opportunistic Key Caching (OKC). OKC has been available on Windows platforms since Windows XP, albeit administrators were required to install a special package (KB917021). Funk Odyssey has also included support for OKC for quite some time prior to their purchase by Juniper. CCKM, meanwhile has only been implemented by a marginal subset of client vendors due to the more proprietary nature of the protocol, and usually only when pushed by large customers with Cisco infrastructures.
However, the value of a standards-based fast roaming method cannot be underscored. It's value will be tremendous with the growth and adoption of voice of wireless technologies, especially as ABI Research and Gartner have released studies predicting large adoption of VoWiFi and Fixed Mobile Convergence (FMC) in the enterprise by 2014. Smartphone adoption of WiFi is set to explode as well.
http://www.abiresearch.com/press/1465-Enterprise+FMC+Will+Grow+at+a+CAGR+of+27%25,+Reaching+Over+27+Million+by+2014
http://www.wi-fi.org/news_articles.php?f=media_news&news_id=795
http://www.abiresearch.com/press/1579-802.11n+To+Feature+in+87%25+of+Wi-Fi-Enabled+Smartphones+in+2014
Also, I am disappointed by the slow progress of the WiFi Alliance in developing interoperability certifications for fast roaming. They have been talking about releasing the Voice-Enterprise certification for some time, but have been slow to act in developing this program. They have released the Voice-Personal certification, but that only includes testing of voice quality on single access point, and does not include enterprise-grade equipment with multiple access point deployments requiring client roaming. What's the deal WiFi Alliance, let's get this program moving!
I am encouraged by some recent developments by the largest wireless vendor, Cisco. In their latest release of controller code just last week, version 7.0 includes the ability to enable 802.11r fast BSS transition on a per-WLAN basis. Kudos to Cisco for stepping out in front and putting a stake in the ground saying "let's get this technology moving people." Now it's time for other vendors to follow (I'm talking to you client vendors!!!).
Here are the commands to view and configure the 802.11r fast roaming in WLC 7.0 code:
(Cisco Controller) >show wlan 6
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
(Cisco Controller) >config wlan security wpa akm ?
802.1x Configures 802.1x support
cckm Configures CCKM support
psk Configures PSK support
ft Configures 802.11r fast transition 802.1x support
Now, everyone, let's get moving on this! The business need is upon us, let's not let WiFi be the barrier to new and exciting service opportunities.
Andrew
P.S. - For an overview of 802.11r Fast BSS Transition, see the excellent CWNP whitepaper of the same title (free account registration required).
http://www.cwnp.com/index/training/freeresources/whitepapers
SO..... where's all the client support for 802.11r?
ReplyDeleteExcellent post Andrew. Voice-Enterprise (802.11r, 802.11k, 802.11v) is the most important interoperability certification in the pipeline (IMHO). I think Marcus over at CWNP agrees. It's been slow-going with that WFA TG for various reasons (part of which has been client vendor support).
ReplyDeleteBTW, thanks for the kudos on the CWNP whitepaper. :) You'll be happy to know that just this week, it was decided to move ahead with Plugfest #4 at the WFA for Voice-Enterprise. I was indeed happy about this, as it takes 5 infrastructure and 5 client vendors to make this happen. Hopefully we'll see something solid on Voice-Enterprise near mid 2011. We've been doing some testing with Win7, and OKC just doesn't seem to work. Have you guys had any luck?
Devin Akin
Chief Wi-Fi Architect
Aerohive Networks
I've tried to enable 802.11r on wlc running 7.0.116 code and have problem with connecting clients to my wlan. Tested on Blackberries and Intel cards with IntelProset, or Win7 zero conf. Had anyone similiar problems?
ReplyDeleteKarel Navratil
Hella
Hi Karel,
ReplyDeleteNo clients to my knowledge support 802.11r yet, so they are probably not understanding the key negotiation properly. It would be best to leave it off until you know that your clients support it.
I believe a Wi-Fi Alliance working group was working on finalizing interoperability testing this summer. Once that comes out, it should make adoption easier for manufacturers.
Andrew
Andrew,
ReplyDeleteI am starting to look at 802.11r implementation for a customer seeking fast handoff in the home, do you know if 802.11r is targeted for in home networks, or only for enterprise authentications?
The customer is seeking to have two access points in the home, a main and an "extender" AP.
Thanks
Ehud Kedar
Lantiq
Hi Andrew,
ReplyDeleteDo you know how to check for 802.11r client support?
Can you give some extra information on how to configure 802.11r?
I found the following information about the client
Show client detail
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Fast BSS Transition Details:
Client Statistics:
And from the access point:
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Regards,
Martijn
Hi Martijn,
ReplyDeleteUnfortunately, the industry will have to wait until the Wi-Fi Alliance Voice Enterprise certification is released in order to check for client interoperability and support for 802.11r.
I don't have details on configuration for 802.11r on Cisco equipment yet. It won't work with any clients on the market today, so it's best not to try to enable it. Wait for the official feature release from Cisco and client support before configuring it.
Andrew
Hi Ehud,
ReplyDelete802.11r fast roaming is mainly targeted for enterprise applications where the need is far greater than in typical consumer homes. I would doubt that many, if any, home networking products will include support for 11r. You will likely need to buy enterprise class equipment to get this feature.
Also, note that most homes do not use 802.1X authentication, where fast roaming becomes important. Rather, most consumers use pre-shared keys which does not require fast roaming enhancements since PSK does not go through the EAP authentication exchanges. Hence, all PSK networks have fast roaming capability inherently.
Cheers,
Andrew
Hi Andrew and thanks for all information!
ReplyDeleteI have big issues with iPad wifi roaming at my company.
I can enable 802.11r when the ssid is disabled, but as soon as I enables the ssid the 802.11r gets disabled. Cisco wlc 7.0.220.0.
Thanks!!!
Same problem as you. After enabling 802.11r and re-enabling the WLAN, it goes back to disabled. Running 7.0.235.3
Delete