Saturday, June 12, 2010

It's Time for 802.11r

It's been just shy of 2 years now since the IEEE ratification of the 802.11r amendment in July 2008, and there is little sign of vendors, either infrastructure or client, moving to implement it.

Perhaps this is a testament to the value of pre-standard fast roaming techniques such as CCKM and Opportunistic Key Caching (OKC). OKC has been available on Windows platforms since Windows XP, albeit administrators were required to install a special package (KB917021). Funk Odyssey has also included support for OKC for quite some time prior to their purchase by Juniper. CCKM, meanwhile has only been implemented by a marginal subset of client vendors due to the more proprietary nature of the protocol, and usually only when pushed by large customers with Cisco infrastructures.

However, the value of a standards-based fast roaming method cannot be underscored. It's value will be tremendous with the growth and adoption of voice of wireless technologies, especially as ABI Research and Gartner have released studies predicting large adoption of VoWiFi and Fixed Mobile Convergence (FMC) in the enterprise by 2014. Smartphone adoption of WiFi is set to explode as well.

http://www.abiresearch.com/press/1465-Enterprise+FMC+Will+Grow+at+a+CAGR+of+27%25,+Reaching+Over+27+Million+by+2014

http://www.wi-fi.org/news_articles.php?f=media_news&news_id=795

http://www.abiresearch.com/press/1579-802.11n+To+Feature+in+87%25+of+Wi-Fi-Enabled+Smartphones+in+2014

Also, I am disappointed by the slow progress of the WiFi Alliance in developing interoperability certifications for fast roaming. They have been talking about releasing the Voice-Enterprise certification for some time, but have been slow to act in developing this program. They have released the Voice-Personal certification, but that only includes testing of voice quality on single access point, and does not include enterprise-grade equipment with multiple access point deployments requiring client roaming. What's the deal WiFi Alliance, let's get this program moving!

I am encouraged by some recent developments by the largest wireless vendor, Cisco. In their latest release of controller code just last week, version 7.0 includes the ability to enable 802.11r fast BSS transition on a per-WLAN basis. Kudos to Cisco for stepping out in front and putting a stake in the ground saying "let's get this technology moving people." Now it's time for other vendors to follow (I'm talking to you client vendors!!!).

Here are the commands to view and configure the 802.11r fast roaming in WLC 7.0 code:

(Cisco Controller) >show wlan 6


Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled


(Cisco Controller) >config wlan security wpa akm ?


802.1x Configures 802.1x support
cckm Configures CCKM support
psk Configures PSK support
ft Configures 802.11r fast transition 802.1x support


Now, everyone, let's get moving on this! The business need is upon us, let's not let WiFi be the barrier to new and exciting service opportunities.

Andrew

P.S. - For an overview of 802.11r Fast BSS Transition, see the excellent CWNP whitepaper of the same title (free account registration required).

http://www.cwnp.com/index/training/freeresources/whitepapers

10 comments:

  1. SO..... where's all the client support for 802.11r?

    ReplyDelete
  2. Excellent post Andrew. Voice-Enterprise (802.11r, 802.11k, 802.11v) is the most important interoperability certification in the pipeline (IMHO). I think Marcus over at CWNP agrees. It's been slow-going with that WFA TG for various reasons (part of which has been client vendor support).

    BTW, thanks for the kudos on the CWNP whitepaper. :) You'll be happy to know that just this week, it was decided to move ahead with Plugfest #4 at the WFA for Voice-Enterprise. I was indeed happy about this, as it takes 5 infrastructure and 5 client vendors to make this happen. Hopefully we'll see something solid on Voice-Enterprise near mid 2011. We've been doing some testing with Win7, and OKC just doesn't seem to work. Have you guys had any luck?

    Devin Akin
    Chief Wi-Fi Architect
    Aerohive Networks

    ReplyDelete
  3. I've tried to enable 802.11r on wlc running 7.0.116 code and have problem with connecting clients to my wlan. Tested on Blackberries and Intel cards with IntelProset, or Win7 zero conf. Had anyone similiar problems?

    Karel Navratil
    Hella

    ReplyDelete
  4. Hi Karel,
    No clients to my knowledge support 802.11r yet, so they are probably not understanding the key negotiation properly. It would be best to leave it off until you know that your clients support it.

    I believe a Wi-Fi Alliance working group was working on finalizing interoperability testing this summer. Once that comes out, it should make adoption easier for manufacturers.

    Andrew

    ReplyDelete
  5. Andrew,

    I am starting to look at 802.11r implementation for a customer seeking fast handoff in the home, do you know if 802.11r is targeted for in home networks, or only for enterprise authentications?

    The customer is seeking to have two access points in the home, a main and an "extender" AP.

    Thanks

    Ehud Kedar
    Lantiq

    ReplyDelete
  6. Hi Andrew,
    Do you know how to check for 802.11r client support?

    Can you give some extra information on how to configure 802.11r?

    I found the following information about the client

    Show client detail
    Client Capabilities:
    CF Pollable................................ Not implemented
    CF Poll Request............................ Not implemented
    Short Preamble............................. Implemented
    PBCC....................................... Not implemented
    Channel Agility............................ Not implemented
    Listen Interval............................ 10
    Fast BSS Transition........................ Not implemented
    Fast BSS Transition Details:
    Client Statistics:

    And from the access point:
    Security

    802.11 Authentication:........................ Open System
    Static WEP Keys............................... Disabled
    802.1X........................................ Disabled
    Wi-Fi Protected Access (WPA/WPA2)............. Enabled
    WPA (SSN IE)............................... Disabled
    WPA2 (RSN IE).............................. Enabled
    TKIP Cipher............................. Disabled
    AES Cipher.............................. Enabled
    Auth Key Management
    802.1x.................................. Enabled
    PSK..................................... Disabled
    CCKM.................................... Disabled
    FT(802.11r)............................. Disabled
    FT-PSK(802.11r)......................... Disabled
    FT Reassociation Timeout......................... 20
    FT Over-The-Air mode............................. Enabled
    FT Over-The-Ds mode.............................. Enabled
    CCKM tsf Tolerance............................... 1000
    CKIP ......................................... Disabled
    Web Based Authentication...................... Disabled
    Web-Passthrough............................... Disabled
    Conditional Web Redirect...................... Disabled

    Regards,

    Martijn

    ReplyDelete
  7. Hi Martijn,
    Unfortunately, the industry will have to wait until the Wi-Fi Alliance Voice Enterprise certification is released in order to check for client interoperability and support for 802.11r.

    I don't have details on configuration for 802.11r on Cisco equipment yet. It won't work with any clients on the market today, so it's best not to try to enable it. Wait for the official feature release from Cisco and client support before configuring it.

    Andrew

    ReplyDelete
  8. Hi Ehud,
    802.11r fast roaming is mainly targeted for enterprise applications where the need is far greater than in typical consumer homes. I would doubt that many, if any, home networking products will include support for 11r. You will likely need to buy enterprise class equipment to get this feature.

    Also, note that most homes do not use 802.1X authentication, where fast roaming becomes important. Rather, most consumers use pre-shared keys which does not require fast roaming enhancements since PSK does not go through the EAP authentication exchanges. Hence, all PSK networks have fast roaming capability inherently.

    Cheers,
    Andrew

    ReplyDelete
  9. Hi Andrew and thanks for all information!

    I have big issues with iPad wifi roaming at my company.

    I can enable 802.11r when the ssid is disabled, but as soon as I enables the ssid the 802.11r gets disabled. Cisco wlc 7.0.220.0.

    Thanks!!!

    ReplyDelete
    Replies
    1. Same problem as you. After enabling 802.11r and re-enabling the WLAN, it goes back to disabled. Running 7.0.235.3

      Delete