Huawei WLAN Roaming Feature Presentation
9
HUAWEI TECHNOLOGIES CO., LTD. www.huawei.com/enterprise Huawei WLAN Roaming Feature Presentation
description
WLAN
Transcript of Huawei WLAN Roaming Feature Presentation
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com/enterprise
Huawei WLAN Roaming
Feature Presentation
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2
Huawei Enterprise A Better Way
WIFI Roaming Concept
Roaming is the process that the wireless client STA moves from one BSS
to another BSS. Roaming has the following key features.
An STA can move to any position covered by a WIFI network in an ESS.
For example, an STA can move to any position in the campus whose SSID is
UNIVERSE.
Services are not interrupted.
During roaming, services of the roaming STA are not interrupted.
User IDs (IP addresses) do not change.
An STA obtains an IP address when connecting to the network, and the IP
address does not change during roaming.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 3
WIFI Roaming Driver and Determination
Wireless STAs drive WIFI roaming.
A wireless STA determines whether to enable roaming based on various
conditions, for example, signal strength and quality, number of missed
beacons, and errors caused by conflict or interruption.
1. As shown in the figure on the left, when an STA
is at A, the STA uses AP1 to connect to the
Internet.
2. When the STA moves to B, the STA sends an
802.11 probe request frame through various
channels. After receiving the probe request
frame through channel 6, the AP2 uses channel
6 to send a probe response frame. After
receiving the response frame, the STA
determines whether to associate with AP2 and
whether to roam.
3. The STA determines to roam and uses AP2 to
connect to the Internet at C.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 4
Huawei Enterprise A Better Way
WIFI Roaming Scenarios and Classification
AC6605
PoE switch
Wired and wireless
networks cover
classrooms and offices.
Wireless networks cover the
campus and playground.
eSight unified network
management system
PoE switch
Access
switch
Convergence switch
AP6010
SN/DN
When a wireless station (STA) moves (for
example, in the figure on the left, the STA
moves from A to B in the library, or moves to
another area ( to C on the playground), WIFI
products must support roaming to ensure that
real-time services (for example, video and
voice services) are not interrupted.
WIFI Roaming Scenarios
AP 6610DN
A B C
VLAN1 VLAN2
Campus
Network
Layer2 Roaming: If an STA moves from A to
B, within the same VLAN. That is layer2
roaming. layer2 roaming applies to small
enterprises that are covered only by layer2
network.
Layer3 Roaming: If an STA moves from B to
C on different layer3 subnets (different VLAN),
that is layer3 roaming.Layer3 roaming applies
to medium- or large-size enterprises that are
covered by Layer3 network.
WIFI Roaming Classification
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 5
Huawei Enterprise A Better Way
Roaming Key Performance
The most important performance indicator is roaming delay. When an STA roams from
an AP to another AP, the STA disconnects from the original AP. Before the STA
connects to a new AP, all data sent to or from the STA will be discarded. Roaming
delay indicates the interval from the time when the STA disconnects from the original
AP to the time when the STA connects to a new AP.
In Huawei WLAN solution, services can be smoothly migrated by using the following
rapid roaming technologies:
PMK caching:PMK caching technology is used in the 802.1X authentication scenario. In this case, both STA and
AC will cache the PMK and PMK-ID when an STA communicated with the original AP. When roaming to a new AP,
the STA will send the cached PMK-ID to the AC. The AC will search PMK information according to the received
PMK-ID. if found, the AC will think the STA has passed 802.1X authentication. They will skip the 802.1X
authentication process, and directly negotiate the encryption KEY with cached PMK information. Thereby
shortening the 802.1X users roaming delay. If not found, the STA need the 802.1X authentication process again.
Lower-level key negotiation technology: This technology is used for the data encryption users including
WPA/WPA2 PSK and 802.1X user. This feature is not enabled, STA does the keys negotiation with the AC. When
this feature is enabled, STA does the keys negotiation directly with the associated AP. When roaming to the new AP,
the user roaming delay will be shortened by reducing the keys negotiation time.
Notes: Some STA s can’t support RSN key-cache. When they roaming to a new AP, 802.1X authentication process also
need be performed and PMK information is generated again.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Rapid Roaming in 802.1X Mode
For users authenticated
in the 802.1x mode,
besides the lower-level
key negotiation
technology, the PMK
caching technology is
used so that the complex
802.1x authentication is
not required after the
STA switches APs, which
accelerates the
switchover. The following
figure shows the service
process of 802.1x
authentication.
Page 6
Radius Server
New AP
AC
STA STA generates
PMK/
PMK ID
Old AP 漫游切换到新AP
AC generates
PMK/
PMK ID
7. AC will check
whether the PMK ID
existing. if existing,
fast roaming allowed.
PMK Caching
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 7
Huawei Enterprise A Better Way
Services Switching Process (Layer2 Roaming)
Campus network
Switchover
Roaming switchover
Roaming process
The process of switching to AP2 when the STA has associated
with AP1 is as follows:
1) The STA cancels the association relationship with AP1, as shown in area 1 in the figure on the left.
2) The STA sends a re-association request with the AC through AP2, as shown in area 2 in the figure on the left. After the STA is associated with the AC, AC updates the user information(including VLAN information) to AP2.
3) At step3, different users have the different mechanisms :
• For Open users, directly communicate the data services;
• For WPA2/WPA PSK users, directly negotiate encryption keys with AP;
• For 802.1X users, AC will check whether the PMK information existing according to the received PMK ID from STA. if existing, fast roaming is allowed and 802.1X authentication process is omitted. The STA directly negotiates encryption keys with AP. If not existing, 802.1X authentication process must be performed and PMK information is generated again;
AC devices
AP2 AP1
1 2
SSID: HUAWEI SSID: HUAWEI
Pre-authentication
domain/Isolated domain/Post-
authentication domain
Server area
VLAN
1 VLAN
1
3
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 8
Huawei Enterprise A Better Way Cross-VLAN Services Switching
Process (Layer3 Roaming)
Campus network
Switchover
Roaming switchover
Roaming process
The process of switching to AP2 when the STA has
associated with AP1 is as follows:
1) The STA cancels the association relationship with AP1, as shown in area 1 in the figure on the left.
2) The STA sends a re-association request with the AC through AP2, as shown in area 2 in the figure on the left. After the STA is associated with the AC, AC updates the user information(including VLAN information) to AP2.
3) At step3, different users have the different mechanisms :
• For Open users, directly communicate the data services;
• For WPA2/WPA PSK users, directly negotiate encryption keys with AP;
• For 802.1X users, AC will check whether the PMK information existing according to the received PMK ID from STA. if existing, fast roaming is allowed and 802.1X authentication process is omitted. The STA directly negotiates encryption keys with AP. If not existing, 802.1X authentication process must be performed and PMK information is generated again;
4) While roaming is not on the same subnet, AC still regards
the STA as from the original subnet (VLAN1). Ensuring the STA
maintains its original IP and supports IP communication
established, In the centralized forwarding scenarios specified
by area 4 in the figure on the left, the AC must mark roaming
user messages as from pre-roaming VLAN1.
AC devices
AP2 AP1
1
2
SSID: HUAWEI SSID: HUAWEI
Pre-authentication
domain/Isolated domain/Post-
authentication domain
Server area
VLAN1 VLAN2
In channel forwarding mode:
The AC must mark roaming
user messages
as from pre-roaming VLAN1.
3
4
Thank you www.huawei.com
