What is opportunistic key caching (OKC) and should OKC be enabled for WPA WLANs?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all ArubaOS versions.


What is Opportunistic key caching?


Opportunistic key caching (OKC) helps reduce the time needed for authentication. When OKC is used, multiple APs can share Pairwise Master Keys (PMKs) among themselves, and the station can roam to a new AP that has not visited before and reuse a PMK that was established with the current AP. OKC allows the station to roam quickly to an AP it has never authenticated to, without having to perform pre-authentication.


Should OKC be enabled for WPA WLANs?


OKC is available specifically on WPA2 SSIDs only. OKC helps stations to roam faster by caching the PMK.

When the PMK is cached, WPA2 stations can bypass 802.1X authentication and derive new encryption keys when they roam between APs.


WPA stations do not have any equivalent mechanisms and hence cannot take advantage of OKC. For WPA WLANs, it is best to leave OKC disabled.

Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 03:53 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: