12-4
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection
Understanding Fast Secure Roaming
Figure 12-1 Client Authentication Using a RADIUS Server
When you configure your wireless LAN for fast, secure roaming, however, LEAP-enabled client devices
roam from one access point to another without involving the main RADIUS server. Using Cisco
Centralized Key Management (CCKM), a device configured to provide Wireless Domain Services
(WDS) takes the place of the RADIUS server and authenticates the client so quickly that there is no
perceptible delay in voice or other time-sensitive applications. Figure 12-2 shows client authentication
using CCKM.
Figure 12-2 Client Reassociation Using CCKM and a WDS Access Point
The WDS device maintains a cache of credentials for CCKM-capable client devices on your wireless
LAN. When a CCKM-capable client roams from one access point to another, the client sends a
reassociation request to the new access point, and the new access point relays the request to the WDS
Access point
or bridge
Wired LAN
Client
device
RADIUS Server
1. Authentication request
2. Identity request
3. Username
(relay to client)
(relay to server)
4. Authentication challenge
5. Authentication response
(relay to client)
(relay to server)
6. Authentication success
7. Authentication challenge
(relay to client)
(relay to server)
8. Authentication response
9. Successful authentication
(relay to server)
65583