Wireless Access


Pre-Authentication and Roaming



Im looking into the wireless Pre-Authentication mechanism and was wondering where in the Aruba 3200 series controller I could find whether or not this is enabled. The "Pre-Authentication" im talking about is described below:


"Pre-authentication enables WPA2 wireless clients that are connected to one wireless AP to perform 802.1X authentication with other wireless APs within its range. Pre-authentication stores the PMK and its associated information in the PMK cache. When the wireless client connects to a wireless AP with which it has pre-authenticated, it uses the cached PMK information to reduce the time required to authenticate and connect."


WPA2 client pre-authentication is only possible with wireless access points that broadcast pre-authentication capability in Beacon and Probe Response messages.

We run EAP-TLS so I want to make sure the users arent having to re-auth every single time they roam to another AP. How can I enable this feature in the Controller to make sure the APs are broadcasting the pre-auth capability in their Beacon and Probe responses? Im having trouble finding it. Thanks.

Guru Elite

Re: Pre-Authentication and Roaming

That would be OKC or opportunistic key caching, which is enabled by default.  Just about every client except for Mac OSX supports this.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase

Re: Pre-Authentication and Roaming



Thanks so much for the response. After you mentioned OKC I researched it and found this right away. It explains Arubas support for this in perfect detail! Thanks again!





Search Airheads
Showing results for 
Search instead for 
Did you mean: