Tags
802.11k, 802.11r FT, 802.11v, FToA, FToDS, MBO, OKC, WiFiTraining
To continue the development of digital-courses for WiFi Traning, I have developed my 2nd digital course named “Fast Roaming Lessons“. It is around 5hrs of video training that covers all grounds of wireless roaming. Here is the course flow to get an understanding of what you will learn. I spent 15-20min on average for each sub-section.
Module 1 (Understand Client Roaming)
1.1 Roaming Triggers
1.2 Roaming Frame Capture
1.3 Client Roam in RSN
1.4 Roaming with PSK
1.5 Roaming with 802.1X
1.6 Key Caching (SKC & OKC)
Module 2 (Fast Transition-802.11r)
2.1 FT Key Hierarchy
2.2 FT Information Elements
2.3 FT Initial Association
2.4 FT over-the-Air
2.5 FT over-the-DS
Module 3 (Deployment Consideration)
3.1 General Challenges
3.2 Roaming with 802.11k
3.3 Roaming with 802.11v
3.4 FT Compatibility Issues
3.5 Cisco Adaptive 11r
3.6 WiFi Agile Multiband
You will get the opportunity to analyze the roaming frame captures to understand the differences in each of those roaming scenarios. Even though I have used Cisco WLC & ISE in this lab topology, Fast Transition behavior is the standard solution which will be applicable for any vendor. In the last module, we will look at Cisco “Adaptive 11r” solution as well. You will get access to all the packet captures taken (Wireshark & Omnipeek) & follow it easily while going through training videos.
In the first module, we will discuss the basics of client roaming triggers, and how you capture frames in the client roaming scenario, details of frame flow in Open/ PSK/ 802.1X client roaming. Then finish off that module by discussing common Key caching methods (PMKCaching & Opportunistic Key Caching – OKC). Below shows a high-level comparison diagram of those two Key Caching Methods.
In Module 2, we will explore Fast Transition in detail. We will go through FT Key Hierarchy, FT Information Elements, details of FT over-the-Air & FT over-the-DS frame flow exchanges. Below is a sample video from that module.
Here is a frame flow diagram for FT over the Air which is the most common method of FT deployment
In module 3, we will look at deployment considerations and look at 11k & 11v briefly. Then look at Adaptive 11r (Cisco specific solution for Apple & Samsung clients to get 11r without advertising it FT capability directly on SSID). Finishing off that module by talking about WiFi Agile Multiband (MBO), WiFi alliance certification to improve wireless user experience using 11k/v/r. It is a key component of WiFi Certified Vantage program.
If you are on your wireless journey, WiFi Training has developed lots of focused digital training material to help you with your studies. You can find all the digital courses available from WiFi Traning from this link.
mrn-cciew 
Hi
Mind if I ask a question? We want to migrate from aaa server that is steel belted radius, to ISE for authenticated wireless. Can we just put the ip address of the ISE machine on the top of the list? If it fails it will fall down to the SRB server, right?
Ken Hagen
Senior Network Engineer
CCIE#56460
Network Operations
SEATTLE INFORMATION TECHNOLOGY
T: 206.386.1503 | M: 206.459.0027 ken.hagen@seattle.gov
POWERFUL TECHNOLOGY SOLUTIONS FOR THE CITY AND PUBLIC WE SERVE
Hi Ken,
If the first server is completely unreachable, then only it will go to 2nd on the list. Have a look below CSC post that may give some useful hints
https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795
HTH
Rasika
Rasika,
This looks very compelling!
Hi Brad, I think you had some preview during our ENWLSI class. If you need to refresh client roaming method, it is the one… will helpful to CWSP/CWAP if you are on that joureny.
KIT
Rasika
Hi Rasika,
Congrats for those fantastic courses, I am actually exploring in depth the roaming topic because it is a major issue for us and I would like to understand the options available for a Cisco Platform. Something that I do not know if you are covering is the SESSION RESUME for PEAP and EAP-TLS. Even though this is more on the ISE side, it would be a nice complement to have.
thanks
Hi Abraham,
No, this course is not covering those topics (thank you for the suggestion). I hope you saw recording session of below Cisco live presentation that discuss about that feature on ISE.
Click to access BRKSEC-3699.pdf
HTH
Rasika
I forgot to ask about the courses, do you cover the configuration steps on WLC for each topic (where it applies)?.
Hi Abraham, I showed basic config of 9800 specific to FT. However not go into any details of 9800 configuration as course developed for anyone idenpendant of what hardware/software in use.
Rasika