CommScope RUCKUS Community Forums

marco_eichstet1 · ‎12-15-2014

Hi,

Do i need a ZoneDirector for Wireless Roaming?
One of my Customers need a Wireless Network for his Warehouse. There will be about 15 to 20 Wireless Barcode Scanner. The Scanner supports 802.11b/g/n.

I read there is no need for a ZoneDirector for Layer 2 Roaming because this is implemented in the 802.11 Protocoll. Is this true?

Please clarify.

Thanks.

Kind Regards
Marco

koen_verbeeck · ‎12-17-2014

Hey Marco,

The goal of 802.11r & 802.11k is that when using 802.1x authentication for the first time, this authentication process will happen between the client device (supplicant), Zonedirector (authenticator) and RADIUS server (authentication server) and can take up to a few seconds depending where it is located, once successfully authenticated, the RADIUS (AAA) server will send the MSK = PMK to the Zonedirector which will be stored there and forwarded to all APs in the same mobility domain that request it. The 4-way handshake (deriving session keys) will happen between the AP the client is connected to and the client device itself. Now when the client device is roaming to another AP (and i think the client can even auth to other AP's before making a roaming decision) in the same mobility domain, the client will authenticate to the Zonedirector instead of the AAA server & re-associate with the new AP. The 4-way handshake will occur between the new AP and the client device. The client roaming time will be reduced from a few seconds to around 50ms. The 802.11k part is that clients who support this standard are able to request a neighbor report of the access point it is connected to. The AP will respond with a neighbor report containing following information on the top 8 neighboring AP's: SSID, channel #, PHY type, BSS capabilities, mobility domain, ect... The neighbor report empowers client devices with info to make the smartest roaming decision. Without 802.11k clients will learn neighbor AP information from probe responses

Guys, please correct me if i am wrong on this.
br.
Koen

marco_eichstet1 · ‎12-17-2014

Hi,

Sorry for the question again. I hope i am not too annoying. ;)

I read at "support.apple.com":
"11k" is for quickly identify nearby APs available for roaming. It doesn't matter if i am using static WPA2 or 802.1x.
"11r" streamlines the authentication Process using a Feature called FT and allows STA to associate with APs more quickly. Depending on WiFi-Hardware Vendor, FT works with static WPA2 (PSK) and 802.1x.

On "theruckusroom.net" i read 11r is just needed if i am using 802.1x, because the authentication Process needs his time. This Statement is the same like you (Koen and Primoz Marinsek) described.

Because my Customer don't have an IT-Staff. The IT-Staff is in fact one Person who manages the IT besides. I'm thinking to use DPSK (WPA2). Maybe he should look for Bar Code Scanner who supports 11k.

Thanks.
Marco

primoz_marinsek · ‎12-17-2014

Yes, 11k doesn't care about your authentication method.

Definitely the customer should buy a scanner that supports 11k, 11r and 11w. These things last for years and they should be future proof.

My suggestion is still the same. Start at the bottom of my last post and work your way up if needed.

marco_eichstet1 · ‎12-17-2014

Ok. Thanks!

john_d · ‎12-17-2014

Note that even on WPA2-PSK networks, my iOS devices start showing that they're using 802.11r FT to roam. Renegotiating WPA2-PSK is certainly faster than 802.1x and making it to a RADIUS server and back, but it still takes time.