Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Pre-Authentication and Roaming

This thread has been viewed 4 times

  • 1.  Pre-Authentication and Roaming

    Posted Aug 30, 2017 05:05 PM

    Community,

     

    Im looking into the wireless Pre-Authentication mechanism and was wondering where in the Aruba 3200 series controller I could find whether or not this is enabled. The "Pre-Authentication" im talking about is described below:

     

    "Pre-authentication enables WPA2 wireless clients that are connected to one wireless AP to perform 802.1X authentication with other wireless APs within its range. Pre-authentication stores the PMK and its associated information in the PMK cache. When the wireless client connects to a wireless AP with which it has pre-authenticated, it uses the cached PMK information to reduce the time required to authenticate and connect."

    Note

    WPA2 client pre-authentication is only possible with wireless access points that broadcast pre-authentication capability in Beacon and Probe Response messages.

    We run EAP-TLS so I want to make sure the users arent having to re-auth every single time they roam to another AP. How can I enable this feature in the Controller to make sure the APs are broadcasting the pre-auth capability in their Beacon and Probe responses? Im having trouble finding it. Thanks.



  • 2.  RE: Pre-Authentication and Roaming
    Best Answer

    EMPLOYEE
    Posted Aug 30, 2017 08:04 PM

    That would be OKC or opportunistic key caching, which is enabled by default.  Just about every client except for Mac OSX supports this.



  • 3.  RE: Pre-Authentication and Roaming

    Posted Aug 31, 2017 10:15 AM

    Colin,

     

    Thanks so much for the response. After you mentioned OKC I researched it and found this right away. It explains Arubas support for this in perfect detail! Thanks again!

     

    https://community.arubanetworks.com/aruba/attachments/aruba/115/1097/1/Aruba+OKC+Implementation.pdf

     

     



  • 4.  RE: Pre-Authentication and Roaming

    Posted Nov 15, 2018 01:05 PM

    Running Version 6.3.1.14 on the controllers.

    How can I find find out the clients are using OKC succesfully ?

    Can you please share some detailed commands to check ?



  • 5.  RE: Pre-Authentication and Roaming

    EMPLOYEE
    Posted Nov 15, 2018 01:08 PM

    the command would be "show auth-tracebuf".   The output of that command is in the document linked in the post above this.