Controller-less WLANs

Opportunistic Key Caching on IAP

Aruba Employee
Few points about Opportunistic Key Caching (OKC)
-----------------------------------------------------------------------
 
  1. Basically enabling OKC helps to avoid full 802.1X authentication to any new AP the client roams.
  2. Also it overcome the Limit on how many PMKSAs client can cache.
  3. Helps to Share the PMK key info across all the APs in the swarm.
  4. OKC is enabled by default.
  5. Default PMK Cache time is 8 hrs as like controller configuration.
  6. Currently supported only on single swarm
  7. OKC is also applicable only to WPA2-Enterprise (WPA-2& WPA)


Note:-  This feature supports only from Instant 4.0 and make sure client supports OKC  for e.g Windows clients, Polycom Spectralink 8400 phones etc..

rtaImage.jpg


With out & WIth OKC feature
---------------------------------------
  rtaImage.png



rtaImage.png

How to configure OKC from WEBUI:-
-------------------------------------------------

rtaImage.jpg


From CLI:-
-------------

rtaImage.jpg

Commands to see the PMKcache table
-------------------------------------------------------

rtaImage.jpg






rtaImage.jpg


Here is the sample of auth-trace-buf output
----------------------------------------------------------

rtaImage.jpg

To verify the debug mgmt frames
------------------------------------------------

rtaImage.jpg

Few troubleshooting steps to configure syslog and user-debug
---------------------------------------------------------------------------------------

rtaImage.jpg


rtaImage.jpg

Thank you.

Version history
Revision #:
1 of 1
Last update:
‎06-27-2014 05:55 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.