Huawei WLAN Roaming Feature Presentation

Huawei WLAN Roaming Feature Presentation www.huawei.com/enterprise HUAWEI TECHNOLOGIES CO., LTD. Huawei Enterprise A

Views 97 Downloads 3 File size 687KB

Report DMCA / Copyright

DOWNLOAD FILE

Recommend stories
ANR Huawei Feature
ANR Huawei Feature

ANR Management Contents 9.1.1 ANR Management eRAN ANR Management Feature Parameter Description Issue 01 Date 2016-

45 2 3MB Read more

Elementos Wlan
Elementos Wlan

ELEMENTOS WLAN Dispositivos finales: son aquellos en los que se inicia o se finaliza la transferencia de datos. Tienen a

19 1 298KB Read more

Roaming Permamente
Roaming Permamente

PCS_8 72310000 76988053 78553584 67324200 88089792 50133809 99975906 92757377 77093751 97323789 94492373 92406829 591229

22 0 264KB Read more

Redes WLAN
Redes WLAN

19 1 20MB Read more

Claro-Wlan
Claro-Wlan

/connection_status.asp /managed_sites.asp dispositivos /hardware.asp //Estado de conexion //Firewall Personalizado por

29 1 15KB Read more

Presentation
Presentation

39 1 6MB Read more

HOG Feature
HOG Feature

26 0 737KB Read more

Presentation
Presentation

Quantum Electrodynamcs November 8, 2017 QED November 8, 2017 1 / 125 Table of Contents I 1 2 3 4 5 6 7 8 9 10 11

25 2 633KB Read more

Feature Chart
Feature Chart

14 1 197KB Read more

SecretsOfTheSeer_FREE-FEATURE-MESSAGE.pdf
SecretsOfTheSeer_FREE-FEATURE-MESSAGE.pdf

10 0 1MB Read more

Citation preview

Huawei WLAN Roaming Feature Presentation www.huawei.com/enterprise

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Enterprise A Better Way

WIFI Roaming Concept Roaming is the process that the wireless client STA moves from one BSS to another BSS. Roaming has the following key features.

 An STA can move to any position covered by a WIFI network in an ESS. For example, an STA can move to any position in the campus whose SSID is UNIVERSE.  Services are not interrupted. During roaming, services of the roaming STA are not interrupted.  User IDs (IP addresses) do not change. An STA obtains an IP address when connecting to the network, and the IP

address does not change during roaming.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 2

WIFI Roaming Driver and Determination 

Wireless STAs drive WIFI roaming.



A wireless STA determines whether to enable roaming based on various conditions, for example, signal strength and quality, number of missed

beacons, and errors caused by conflict or interruption. 1. As shown in the figure on the left, when an STA is at A, the STA uses AP1 to connect to the Internet. 2. When the STA moves to B, the STA sends an 802.11 probe request frame through various channels. After receiving the probe request frame through channel 6, the AP2 uses channel 6 to send a probe response frame. After receiving the response frame, the STA determines whether to associate with AP2 and whether to roam. 3. The STA determines to roam and uses AP2 to connect to the Internet at C.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 3

Huawei Enterprise A Better Way

WIFI Roaming Scenarios and Classification WIFI Roaming Scenarios

Campus Network

AC6605

PoE switch Wired and wireless networks cover classrooms and offices. Access switch

Convergence switch

When a wireless station (STA) moves (for example, in the figure on the left, the STA moves from A to B in the library, or moves to another area ( to C on the playground), WIFI PoE switch products must support roaming to ensure that Wireless networks cover the real-time services (for example, video and campus and playground. voice services) are not interrupted.

eSight unified network management system

AP6010 SN/DN

WIFI Roaming Classification AP 6610DN

VLAN2

VLAN1

A

B

HUAWEI TECHNOLOGIES CO., LTD.

C

Huawei Confidential

Layer2 Roaming: If an STA moves from A to B, within the same VLAN. That is layer2 roaming. layer2 roaming applies to small enterprises that are covered only by layer2 network. Layer3 Roaming: If an STA moves from B to C on different layer3 subnets (different VLAN), that is layer3 roaming.Layer3 roaming applies to medium- or large-size enterprises that are covered by Layer3 network.

Page 4

Huawei Enterprise A Better Way

Roaming Key Performance  The most important performance indicator is roaming delay. When an STA roams from an AP to another AP, the STA disconnects from the original AP. Before the STA connects to a new AP, all data sent to or from the STA will be discarded. Roaming delay indicates the interval from the time when the STA disconnects from the original AP to the time when the STA connects to a new AP.  In Huawei WLAN solution, services can be smoothly migrated by using the following rapid roaming technologies: 

PMK caching:PMK caching technology is used in the 802.1X authentication scenario. In this case, both STA and AC will cache the PMK and PMK-ID when an STA communicated with the original AP. When roaming to a new AP, the STA will send the cached PMK-ID to the AC. The AC will search PMK information according to the received PMK-ID. if found, the AC will think the STA has passed 802.1X authentication. They will skip the 802.1X authentication process, and directly negotiate the encryption KEY with cached PMK information. Thereby shortening the 802.1X users roaming delay. If not found, the STA need the 802.1X authentication process again.



Lower-level key negotiation technology: This technology is used for the data encryption users including WPA/WPA2 PSK and 802.1X user. This feature is not enabled, STA does the keys negotiation with the AC. When this feature is enabled, STA does the keys negotiation directly with the associated AP. When roaming to the new AP, the user roaming delay will be shortened by reducing the keys negotiation time.

Notes: Some STA s can’t support RSN key-cache. When they roaming to a new AP, 802.1X authentication process also need be performed and PMK information is generated again.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 5

Rapid Roaming in 802.1X Mode Radius Server

7. AC will check whether the PMK ID existing. if existing, fast roaming allowed.

AC generates PMK/ PMK ID

AC

漫游切换到新AP

Old AP

STA generates PMK/ PMK ID

STA

HUAWEI TECHNOLOGIES CO., LTD.

New AP

 For users authenticated in the 802.1x mode, besides the lower-level key negotiation technology, the PMK caching technology is used so that the complex 802.1x authentication is not required after the STA switches APs, which accelerates the switchover. The following figure shows the service process of 802.1x authentication.

PMK Caching

Huawei Confidential

Page 6

Huawei Enterprise A Better Way

Services Switching Process (Layer2 Roaming)  Roaming process The process of switching to AP2 when the STA has associated with AP1 is as follows:

Server area

Campus network Pre-authentication domain/Isolated domain/Postauthentication domain

3

AC devices

1) The STA cancels the association relationship with AP1, as shown in area 1 in the figure on the left. 2) The STA sends a re-association request with the AC through AP2, as shown in area 2 in the figure on the left. After the STA is associated with the AC, AC updates the user information(including VLAN information) to AP2. 3) At step3, different users have the different mechanisms :

AP1

AP2



For Open users, directly communicate the data services;



For WPA2/WPA PSK users, directly negotiate encryption keys with AP;



For 802.1X users, AC will check whether the PMK information existing according to the received PMK ID from STA. if existing, fast roaming is allowed and 802.1X authentication process is omitted. The STA directly negotiates encryption keys with AP. If not existing, 802.1X authentication process must be performed and PMK information is generated again;

1 2

VLAN 1

Switchover

VLAN 1

SSID: HUAWEI SSID: HUAWEI Roaming switchover

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 7

Cross-VLAN Services Switching Process (Layer3 Roaming) In channel forwarding mode: The AC must mark roaming user messages as from pre-roaming VLAN1.

 Server area

4 Campus network Pre-authentication domain/Isolated domain/Postauthentication domain

3

Roaming process The process of switching to AP2 when the STA has associated with AP1 is as follows: 1)

The STA cancels the association relationship with AP1, as shown in area 1 in the figure on the left.

2)

The STA sends a re-association request with the AC through AP2, as shown in area 2 in the figure on the left. After the STA is associated with the AC, AC updates the user information(including VLAN information) to AP2.

3)

At step3, different users have the different mechanisms :



For Open users, directly communicate the data services;



For WPA2/WPA PSK users, directly negotiate encryption keys with AP;



For 802.1X users, AC will check whether the PMK information existing according to the received PMK ID from STA. if existing, fast roaming is allowed and 802.1X authentication process is omitted. The STA directly negotiates encryption keys with AP. If not existing, 802.1X authentication process must be performed and PMK information is generated again;

AC devices

2 AP1

AP2

1

Switchover

VLAN1

SSID: HUAWEI

Huawei Enterprise A Better Way

VLAN2

SSID: HUAWEI

Roaming switchover

HUAWEI TECHNOLOGIES CO., LTD.

4) While roaming is not on the same subnet, AC still regards the STA as from the original subnet (VLAN1). Ensuring the STA maintains its original IP and supports IP communication established, In the centralized forwarding scenarios specified by area 4 in the figure on the left, the AC must mark roaming user messages as from pre-roaming VLAN1.

Huawei Confidential

Page 8

Thank you www.huawei.com