What is the difference between OKC and PMK caching?
Product and Software: This article applies to all ArubaOS versions.
PMK and OKC caching need "fast-roaming" enabled in the controller. Although most of the wireless NIC cards will not send "Deauth" packets when they roam from one AP to another, some cards will. In such an environment, we have to enable "dos-prevention" also in order for PMK and OKC caching working. PMK and OKC caching will only work in single controller. That means if the users roam from one controller to another, they have to go through full 802.1x authentication packets exchange.
PMK caching is used when a station has authenticated to an AP, roams away from that AP, and comes back, it will not need to perform a full authentication exchange. PMK is enabled by default and it cannot be turned off.
OKC caching is only supported for WPA2 and is used when a station roaming to any AP in the same controller will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys.