Skip navigation
Cisco Learning Home > Certifications > Wireless (CCNA Wireless) > Discussions

_Communities

4724 Views 18 Replies Latest reply: Feb 10, 2012 6:34 PM by Jared RSS 1 2 Previous Next

Currently Being Moderated

CCX - how important

Feb 2, 2012 5:19 PM

millerjoh 64 posts since
Jan 6, 2010

Hello,

 

I am fighting major roaming issues. I have around 300 3502i LAP's and 2 WiSM v1 controllers. The major roaming issues are seen on a production WLAN that is WPA2/AES dot1x&CCKM.

 

Non-CCX clients roaming is 20% worse than a CCX client.

 

My question is how important is it to buy a wireless client that is CCX compliant? Also, I have dot1x and CCKM enabled on this WLAN but all the clients show "authentication type......dot1x" when I issue "show client detail xxxx.xxxx.xxxx" on the WLC's. Why are the CCX clients not using CCKM??

 

Also I have "Aironet IE" unchecked on this WLAN. Do I need to enable this to take full advantage of CCX?

 

I know I should have probably posted on support forum, but I figured this could make a good discussion/learning experience for myself and hopefully others.

 

The issue we are seeing is when the client roams the connection completely drops and goes through the whole authentication process before associationing to the new LAP. This process takes 30-45 seconds, and is causing major issues with citrix etc..

 

Kind regards,

John

  • Pete Nugent 1,256 posts since
    Dec 8, 2008
    Currently Being Moderated
    1. Feb 2, 2012 6:11 PM (in response to millerjoh)
    Re: CCX - how important

    CCX are a set of features that I believe 90% of silicon manufacturers suppports or implement. Cisco licensed these and many of them are incorporated into or precursers to the 802.11 ammendments. CCKM  I see as ultimately a prelude to 802.11r which is fast base station transition and Cisco implemented CCKM for 802.1x in various staages from CCX v2 to CCX v4. CCX v2 supported CCKM in LEAP, CCX v3 supported CCKM in EAP-FAst then CCX v4 for the other EAP types such as PEAP and EAP-TLS.

     

    Assuming Intel cards then certainly from the 3945 I think CCX v4 has been supported so you should be able to support CCKM.

     

    CCX cannot be disabled but turning off aironet ie will remove some features. Typically aironet ie can cause issues with some clients and I have seen this in the past but things are a lot better now.

     

    Can you verify that the clients are performing a full authentication back to RADIUS every time they roam as even with CCKM you will get a 4way handshake, however 35 seconds is a long time even for a full autentication.

  • Jared 5,501 posts since
    Jul 27, 2008
    Currently Being Moderated
    3. Feb 2, 2012 6:50 PM (in response to millerjoh)
    Re: CCX - how important

    I would turn it back on just to see if it affects performance.  It sounds like fast roaming is not working if you are having to re-authenticate.  CCX roaming features are indeed Cisco's proprietary answer to what is now 802.11r.

  • Pete Nugent 1,256 posts since
    Dec 8, 2008
    Currently Being Moderated
    4. Feb 2, 2012 6:53 PM (in response to millerjoh)
    Re: CCX - how important

    WZC it appearsnever used support CCKM, nor all CCX! References below.

     

    Now typically say a laptop would not need fast roaming where a voice hanset would!

     

    Can you test with another supplicant tat supprts CCKM?

     

    This may however be different with Windows 7 as I am sure tere ave been some improvements, see this technet article, someting I will need to test. However CCKM may not be supported still if the implementation is significantly for 802.11r http://technet.microsoft.com/en-us/library/dd759176.aspx

     

    http://devicescape.com/assets/docs/Devicescape%20Easy%20WiFi%20App%20Note%20Feb%2009.pdf

     

    http://www.cisco.com/en/US/products/hw/wireless/ps4555/products_qanda_item09186a0080094cdc.shtml

  • Phil 33 posts since
    Oct 9, 2011
    Currently Being Moderated
    5. Feb 2, 2012 6:57 PM (in response to millerjoh)
    Re: CCX - how important

    Are the two APs involved in a roam on the same WLC? Even without CCKM the WLC should just label the client move internally and continue allowing the Client to communicate. The speed of this is generally in the milliseconds. Are the neighbor APs on separate WLCs?Are all of your WLCs that support APs that may roam to each other in the same mobility group? Altough, if it was me, I'd place neighboring APs on the same controller just to simplify the topology.

  • Jared 5,501 posts since
    Jul 27, 2008
    Currently Being Moderated
    6. Feb 4, 2012 8:35 AM (in response to Phil)
    Re: CCX - how important

    That's how I designed my network, from the ground up.  There is a lot to be said for strtegic ap assignments to wlc's. 

  • Jared 5,501 posts since
    Jul 27, 2008
    Currently Being Moderated
    8. Feb 4, 2012 11:20 AM (in response to millerjoh)
    Re: CCX - how important

    Do you have channel bonding turned on on your 2.4 GHz radios?  I would totally agree with the recommendation of not to turn it on.

  • Pete Nugent 1,256 posts since
    Dec 8, 2008
    Currently Being Moderated
    10. Feb 4, 2012 12:01 PM (in response to millerjoh)
    Re: CCX - how important

    the 2.4GHz spectrum has 3 non overlapping channels 1, 6 and 11. If you bond 2 of these channels together lets say 1 and 6 what do you do next to provide the next adjacent cell. Simply there are not enough channels for channel bonding 2.4GHz in the enterprise thats why we can do it in the 5.oGHz spectrum where you have upto 23 non overlapping channels.

  • Pete Nugent 1,256 posts since
    Dec 8, 2008
    Currently Being Moderated
    11. Feb 5, 2012 8:48 PM (in response to Pete Nugent)
    Re: CCX - how important

    In reference to Phils reply my understanding is that with CCKM fast roaming is possible, with clients with the correct CCX version.

     

    Without CCKM (or proactive key caching) when a client roams to another ap it undergoes full reauthentication via RADIUS etc. With CCKM only the four way handshake takes place, typically this is below 50ms but without CCKM can be considerably longer.

  • Phil 33 posts since
    Oct 9, 2011
    Currently Being Moderated
    12. Feb 6, 2012 4:01 AM (in response to Pete Nugent)
    Re: CCX - how important

    Pete,

            I understand there to be four different versions to roaming. From fastest to slowest:

     

    CCKM: which is nearly instant because the client preauthenticates to all APs within hearing distance.

    Intra-controller roaming: less then 10ms because the WLC just moves the authenticated client's location from one AP to another AP in the WLC's internal list.

    Inter-Controller in the same mobility group roaming: same as above but the communication is between two WLCs and the original WLC usually ends up being an anchor if its a L3 roam Doesn't require Radius because they share the initial authentication. 

    Inter-Controller roaming w/o a mobility relationship between the two WLCs. This is a full authentication because the WLCs do not talk to each other and therefore are unable to share the client's PMK.

  • Pete Nugent 1,256 posts since
    Dec 8, 2008
    Currently Being Moderated
    13. Feb 6, 2012 10:31 AM (in response to Phil)
    Re: CCX - how important

    I agree generally Phil however we are discussing 802.1x specifically here therefore as I understand the reauthentication would be, with CCKM the 4way handshake. Without CCKM full reauthentication would take place.

     

    Was this not the key issue behind 802.1xs roaming with VoWLAN? ie the firrmware v1.3.4 allowed fast secure roaming with 802.1x as the 4 way handshake is an acceptable delay?

  • Skinneh 3 posts since
    Oct 29, 2008
    Currently Being Moderated
    14. Feb 7, 2012 11:21 AM (in response to millerjoh)
    Re: CCX - how important

    Okay.  Here goes;

     

    To the best of my knowledge, I don't believe any Cisco code allows you to enable 40MHz channels in the 2.4 GHz band.  I also concur with your Fluke device, as well as others in this thread.  40MHz should never be used in the 2.4 GHz band.  (Nope... doesn't matter....  Never... shhhssh.)

     

    Also, and I think this is one of the most complicated things I've ever had to go through with 802.11 roaming; I think your issue may actually be related to a technicallity with using AES-CCMP (WPA2) and CCKM with any clients /below/ CCX ver.5

     

    While this wouldn't explain your assertion that you have a CCXv5 client that isn't roaming properly, I'd check your controller logs for evidence of the following:

     

    "could not process the RSN and WARP IEs. error processing CCKM IE"

     

    Let me know... I'm curious.

     

    Cheers!

     

    Message was edited by: Skinneh - "AES-CCMP (WPA2) and CCKM with any clients /below/ CCX ver.5" ... originally stated CCXv4, which was just a mistake on my part.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)