SWAN Fast Secure Roaming (CCKM)

When you deploy EAP/802.1x as the security mechanism, you need to address performance aspects when a user roams from an AP to another AP (whether Layer 2 or Layer 3 roam). As discussed in previous chapters, during an 802.11 reassociation process, you must reauthenticate the WLAN user to avoid man-in-the-middle (MitM) attacks. A full EAP/802.1x authentication is likely to increase the roaming delay between the APs. In the case of a remote branch office, if the RADIUS authentication is to take place over a WAN link (such as a RADIUS infrastructure located at the headquarters [HQ]), this will further increase the roaming delay.

The roaming delay during EAP/802.1x reassociation might impact some applications, such ...

Get Cisco Wireless LAN Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.