IEEE  802.11k-2008 defines Radio Resource Management (RRM) mechanism that enable 802.11k capable client’s radio to better understand the RF environment that they exist which will help clients to have better roaming. In this post we will enable this 802.11k support on a wlan configured on Cisco 3850 WLC (IOS-XE 3.6E) & see how it works. Here is the topology for this post where I have 3 APs registered to my WLC. I have used iPhone5 as client since it support 802.11k (refer this doc for detail)

802.11k-06I have set the CH of these AP & set the power level to lower value as this is a lab setup. I have shown how to do this using CLI for LAP4 as an example.

3850-1#ap name LAP4 dot11 5ghz shutdown
3850-1#ap name LAP4 dot11 5ghz txpower 6
3850-1#ap name LAP4 dot11 5ghz channel 44      
3850-1#ap name LAP4 dot11 5ghz channel width 20
3850-1#ap name LAP4 no dot11 5ghz shutdown

3850-1#show ap dot11 5ghz summary 
AP Name            MAC Address     Slot  Admin State  Oper State  Channel             Width  TxPwr   
LAP4               0024.9788.48e0     1  Enabled      Up          44                     20    6( )  
LAP2               2c3f.382a.b120     1  Enabled      Up          40                     20    7( )  
LAP1               64a0.e7af.4740     1  Enabled      Up          36                     20    7( )

Here is the SSID configuration on my 3850. It is simple 802.1X/EAP SSID. I have not shown all other configuration like AAA, etc.

 client vlan 22
 security dot1x authentication-list MRN-DOT1X
 no shutdown

When you configure an SSID like above, there are certain default settings applied to it. You can view all these using “show run all” command as shown below. As you can see below 802.11k or AP assisted roaming is disabled by default.

3850-1#sh run all | sec wlan MRN-EAP
 no assisted-roaming dual-list
 no assisted-roaming neighbor-list
 ccx aironet-iesupport
 channel-scan defer-priority 4
 channel-scan defer-priority 5
 channel-scan defer-priority 6
 channel-scan defer-time 100
 client association limit ap 0
 client association limit radio 0
 client association limit 0
 client vlan 22
 no device-classification
 dtim dot11 24ghz 1
 dtim dot11 5ghz 1
 exclusionlist timeout 60
 ip access-group web 
 ip access-group 
 ip dhcp server
 ipv6 traffic-filter web none
 ipv6 traffic-filter none
 mfp client
 mfp infrastructure-protection
 mobility anchor sticky
 no profiling local http
 no profiling radius http
 radio all
 security wpa
 security wpa akm dot1x
 no security wpa wpa1
 security wpa wpa2
 security wpa wpa2 ciphers aes
 security dot1x authentication-list MRN-DOT1X
 security dot1x encryption 104
 security ft over-the-ds
 security ft reassociation-timeout 20
 security pmf association-comeback 1
 security pmf saquery-retry-time 200
 security static-wep-key authentication open
 security tkip hold-down 60
 security web-auth authentication-list 
 security web-auth parameter-map 
 service-policy client input unknown
 service-policy client output unknown
 service-policy input unknown
 service-policy output unknown
 service-policy type control subscriber 
 session-timeout 1800
 wmm allowed

Let’s enable assisted roaming & see how it works. I have simply enable this for 802.11k compliant clients.  You can configure cisco WLC to provide some predictive neighbor report even clients are not 802.11k capable. You can refer this config guide for more detail.

3850-1(config)#wlan MRN-EAP
3850-1(config-wlan)#assisted-roaming ?
  dual-list      Configures dual band 802.11k neighbor list a WLAN
  neighbor-list  Configures 802.11k neighbor list support on the WLAN
  prediction     Configures assisted-roaming Prediction optimization on the

3850-1(config-wlan)#assisted-roaming neighbor-list 
3850-1(config-wlan)#no shut

In my case client associated to LAP4 & here is the wireless frame capture on CH44.  (Beacon & ACK frame filtered for simplistic view). As you can see below you can see additonal “Action” frames compare to normal 802.1X/EAP frame exchange.802.11k-01Here is a Beacon Frame send by AP. As you can see it has “Radio Measurement or RM” capability enabled.802.11k-02If client is 802.11k compliant, then it will include its RM capability in Association Request frame. In Association Response frames coming from AP also included this RM capability.802.11k-03802.11k capable client will dynamically request Neighbor Report from the current AP. This will help to find a potential target AP to roam. As you can see below iPhone5 (04:f7:e4:ea:5b:66) send below Neighbor Report Request to currently connected LAP4 (BSSID-0024.9788.48ee)802.11k-04So current AP respond with the Neighbor Report Response. As you can see below it included both LAP1(64a0.e7af.474e) & LAP2 (2c3f.382a.b12e) AP information like channel they operate, BSSID capability. In this way client is already aware the potential neighbor AP where it can roam.802.11k-05Still client station will make the roaming decision, but definetely neighbor report provided by AP assisting client to make that decision, hence called “AP Assisted Roaming

1. iphone5-80211k (packet capture used for this post)
2. CWSP-Official Study Guide -Chapter 7
3. 802.11r, 802.11k, and 802.11w Deployment Guide, Cisco IOS-XE Release3.3

Related Posts