Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

378

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 13

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

When you configure your wireless LAN for fast, secure roaming, however,
LEAP-enabled client devices roam from one access point to another without
involving the main RADIUS server. Using Cisco Centralized Key Management
(CCKM), a device configured to provide Wireless Domain Services (WDS)
takes the place of the RADIUS server and authenticates the client so quickly that
there is no perceptible delay in voice or other time-sensitive applications. This
figure shows client authentication by using CCKM.

Figure 98 - Client Reassociation by Using CCKM and a WDS Access Point

The WDS device maintains a cache of credentials for CCKM-capable client
devices on your wireless LAN. When a CCKM-capable client roams from one
access point to another, the client sends a reassociation request to the new access
point, and the new access point relays the request to the WDS device.

The WDS device forwards the client’s credentials to the new access point, and
the new access point sends the reassociation response to the client. Only two
packets pass between the client and the new access point, greatly shortening the
reassociation time. The client also uses the reassociation response to generate the
unicast key. Refer to the

Configuring Fast Secure Roaming on page 393

for

instructions on configuring access points to support fast, secure roaming.

103569

Reassociation request

Reassociation response

Pre-registration request

Pre-registration reply

Roaming client

device

Access point

Access point or switch

providing Wireless

Domain Services

Authentication server

Wired LAN

WDS