User's Manual
9-3
Cisco 3200 Series Wireless MIC Software Configuration Guide
OL-7734-02
Chapter 9 Configuring WDS, Fast Secure Roaming, and Radio Management
Understanding Fast Secure Roaming
Understanding Fast Secure Roaming
Access points in many wireless LANs serve mobile client devices that roam from access point to access
point throughout the installation. Some applications running on client devices require fast reassociation
when they roam to a different access point. Voice applications, for example, require seamless roaming
to prevent delays and gaps in conversation.
During normal operation, LEAP-enabled client devices mutually authenticate with a new access point
by performing a complete LEAP authentication, including communication with the main RADIUS
server, as in Figure 9-1.
Figure 9-1 Client Authentication Using a RADIUS Server
When you configure your wireless LAN for fast, secure roaming, however, LEAP-enabled client devices
roam from one access point to another without involving the main server. Using Cisco Centralized Key
Management (CCKM), an access point configured to provide Wireless Domain Services (WDS) takes
the place of the RADIUS server and authenticates the client so quickly that there is no perceptible delay
in voice or other time-sensitive applications. Figure 9-2 shows client authentication using CCKM.
Access point
or bridge
Wired LAN
Client
device
Server
1. Authentication request
2. Identity request
3. Username
(relay to client)
(relay to server)
4. Authentication challenge
5. Authentication response
(relay to client)
(relay to server)
6. Authentication success
7. Authentication challenge
(relay to client)
(relay to server)
8. Authentication response
9. Successful authentication
(relay to server)
65583