Wireless Access

Reply
Occasional Contributor II

WPA-Fast-Handover

Hello,

 

Just wondering whether 'WPA-Fast-Handover' should only be used for VoIP deployments?  Can it be enabled for WPA/WPA2 dot1x and PSK deployments as well?  Should the 'reauthentication' check box be enabled as well?  We have a mix of clients on our campus (iOS, Android, Windows) and have had some issues with clients disconnecting or not roaming properly.  We currently have OKC and Validate PMKID enabled.

 

Thanks in advance.

-Luis

Re: WPA-Fast-Handover

No,not necessarily. We need to make sure if handset supports this feature.

WPA Fast Handover is applied only to 802.1x and this will allow the WPA clients to use a pre-authorized PMK to reduce the handover interruption. 

 

Make sure on handset increase the battery power to max, disable Power-save mode. You can refer to below link for VRD as well.

 

http://www.arubanetworks.com/wp-content/uploads/VoIPwMASAppNote-20120726.pdf

 

Please enable user-debug and show auth-tracebuf mac <mac address of the client> and post.

 

From configuration mode:-

-----------------------------------

 

logging level debugging user-debug <mac address of the client>

 

Thank you.

 

Occasional Contributor II

Re: WPA-Fast-Handover

Thanks for the quick reply.  So the device would need to support it correct?  My post was a question geared more towards devices such as iPhones, Androids, Windows Laptops, etc. and if there would be any benefit to enable this setting?  How about reauthentication in the dot1x authentication profile?  I would just like to understand this a little better.  Thanks again.

 

Cheers,

-Luis  

Re: WPA-Fast-Handover

Yes that`s correct, device needs to support it. There wouldnt be any benefit in your case as the devices Androids, iphones etc doesnt support it. 

 

Enabling Reauthentication will force the client to do 802.1x authentication after the expiration of default-timer.

 

 Default-value of the timer is 24 Hrs and this is disabled by default. I would recommend you set back the default (disable the re-authentication) unless and until you really want to force the client to reconnect over every period of time.

 

Thank you.