Hey Marco,
The goal of 802.11r & 802.11k is that when using 802.1x authentication for the first time, this authentication process will happen between the client device (supplicant), Zonedirector (authenticator) and RADIUS server (authentication server) and can take up to a few seconds depending where it is located, once successfully authenticated, the RADIUS (AAA) server will send the MSK = PMK to the Zonedirector which will be stored there and forwarded to all APs in the same mobility domain that request it. The 4-way handshake (deriving session keys) will happen between the AP the client is connected to and the client device itself. Now when the client device is roaming to another AP (and i think the client can even auth to other AP's before making a roaming decision) in the same mobility domain, the client will authenticate to the Zonedirector instead of the AAA server & re-associate with the new AP. The 4-way handshake will occur between the new AP and the client device. The client roaming time will be reduced from a few seconds to around 50ms. The 802.11k part is that clients who support this standard are able to request a neighbor report of the access point it is connected to. The AP will respond with a neighbor report containing following information on the top 8 neighboring AP's: SSID, channel #, PHY type, BSS capabilities, mobility domain, ect... The neighbor report empowers client devices with info to make the smartest roaming decision. Without 802.11k clients will learn neighbor AP information from probe responses
Guys, please correct me if i am wrong on this.
br.
Koen