I lied the AOS 10 VSG doc does mention this.
AUTHENTICATION STATE/KEY SYNC
Authentication keys are synchronized across APs by the Key Management Service (KMS) in Central. This allows a client to roam between APs without re-authenticating or rekeying their encrypted traffic. This decreases the load on the RADIUS servers, but also speeds up the roaming process for a seamless user experience. Key synchronization and management are automatically handled by the APs and Central, so no additional user configuration is required.
So, I am very curious about this error as well.
Original Message:
Sent: May 25, 2023 07:41 PM
From: aschildmeyerSTR
Subject: PMKR1 for station is not present on the AP
I just deployed AOS10 with Aruba Central and I get the same thing in my environment. I believe it's because the Primary Key for radius isn't being delivered to all the APs from central in my case as there isn't the traditional cluster/controller type design. But then again, I could be wrong. But based on what I kind of see I think it referes to this roaming
Validate Pairwise Master Key (PMK) ID
This parameter instructs the controller to check the Pairwise Master Key (PMK) ID sent by the client and mainly
helps when OKC is enabled. It ensures that the PMKID on the client and server matches before the controller
uses the cached opportunistic key, If it does not match then the client will go through the complete 802.1X key
exchange
Again, that is the exact verbiage from the Aruba docs. So, without a controller I do wonder how that works. I would love to see some more VRD around AOS 10 that explains these things like the old docs do.
What does your implementation look like?
Original Message:
Sent: May 23, 2023 06:21 AM
From: ejara
Subject: PMKR1 for station is not present on the AP
We see that we have the following error in the logs.
802.11r fast roam failed for client yy.yy.yy.yy.yy.yy to BSSID xx:xx:xx:xx:xx:xx of AP hostname AP_P0_10. Reason: PMKR1 for station is not present on the AP
We believe that the devices are not roaming correctly.
What can be the cause?