Huawei WLAN Roaming Feature Presentation

www.huawei.com/enterprise

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Enterprise A Better Way

WIFI Roaming Concept

Roaming is the process that the wireless client STA moves from one BSS to another BSS. Roaming has the following key features.

An STA can move to any position covered by a WIFI network in an ESS.

For example, an STA can move to any position in the campus whose SSID is UNIVERSE. Services are not interrupted. During roaming, services of the roaming STA are not interrupted. User IDs (IP addresses) do not change. An STA obtains an IP address when connecting to the network, and the IP

address does not change during roaming.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 2

WIFI Roaming Driver and Determination

Wireless STAs drive WIFI roaming. A wireless STA determines whether to enable roaming based on various conditions, for example, signal strength and quality, number of missed

beacons, and errors caused by conflict or interruption.

1. As shown in the figure on the left, when an STA is at A, the STA uses AP1 to connect to the Internet. 2. When the STA moves to B, the STA sends an 802.11 probe request frame through various channels. After receiving the probe request frame through channel 6, the AP2 uses channel 6 to send a probe response frame. After receiving the response frame, the STA determines whether to associate with AP2 and whether to roam. 3. The STA determines to roam and uses AP2 to connect to the Internet at C.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 3

Huawei Enterprise A Better Way

WIFI Roaming Scenarios and Classification

WIFI Roaming Scenarios

AC6605

Campus Network

eSight unified network management system

PoE switch
Wired and wireless networks cover classrooms and offices.
Access switch AP6010 SN/DN
Convergence switch

When a wireless station (STA) moves (for example, in the figure on the left, the STA moves from A to B in the library, or moves to another area ( to C on the playground), WIFI PoE switch products must support roaming to ensure that Wireless networks cover the real-time services (for example, video and campus and playground. voice services) are not interrupted. WIFI Roaming Classification
AP 6610DN

VLAN1

VLAN2

Layer2 Roaming: If an STA moves from A to B, within the same VLAN. That is layer2 roaming. layer2 roaming applies to small enterprises that are covered only by layer2 network. Layer3 Roaming: If an STA moves from B to C on different layer3 subnets (different VLAN), that is layer3 roaming.Layer3 roaming applies to medium- or large-size enterprises that are covered by Layer3 network.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 4

Huawei Enterprise A Better Way

Roaming Key Performance

The most important performance indicator is roaming delay. When an STA roams from an AP to another AP, the STA disconnects from the original AP. Before the STA connects to a new AP, all data sent to or from the STA will be discarded. Roaming delay indicates the interval from the time when the STA disconnects from the original AP to the time when the STA connects to a new AP. In Huawei WLAN solution, services can be smoothly migrated by using the following rapid roaming technologies:
PMK cachingPMK caching technology is used in the 802.1X authentication scenario. In this case, both STA and AC will cache the PMK and PMK-ID when an STA communicated with the original AP. When roaming to a new AP, the STA will send the cached PMK-ID to the AC. The AC will search PMK information according to the received PMK-ID. if found, the AC will think the STA has passed 802.1X authentication. They will skip the 802.1X authentication process, and directly negotiate the encryption KEY with cached PMK information. Thereby shortening the 802.1X users roaming delay. If not found, the STA need the 802.1X authentication process again. Lower-level key negotiation technology This technology is used for the data encryption users including WPA/WPA2 PSK and 802.1X user. This feature is not enabled, STA does the keys negotiation with the AC. When this feature is enabled, STA does the keys negotiation directly with the associated AP. When roaming to the new AP, the user roaming delay will be shortened by reducing the keys negotiation time.

Notes: Some STA s cant support RSN key-cache. When they roaming to a new AP, 802.1X authentication process also need be performed and PMK information is generated again.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 5

Rapid Roaming in 802.1X Mode

Radius Server

AC generates PMK/ PMK ID

7. AC will check whether the PMK ID existing. if existing, fast roaming allowed.

AC

Old AP

AP

New AP

For users authenticated in the 802.1x mode, besides the lower-level key negotiation technology, the PMK caching technology is used so that the complex 802.1x authentication is not required after the STA switches APs, which accelerates the switchover. The following figure shows the service process of 802.1x authentication.

STA generates PMK/ PMK ID

STA

PMK Caching

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 6

Huawei Enterprise A Better Way

Services Switching Process (Layer2 Roaming)

Roaming process
Server area

The process of switching to AP2 when the STA has associated with AP1 is as follows: 1) The STA cancels the association relationship with AP1, as shown in area 1 in the figure on the left. 2) The STA sends a re-association request with the AC through AP2, as shown in area 2 in the figure on the left. After the STA is associated with the AC, AC updates the user information(including VLAN information) to AP2. 3) At step3, different users have the different mechanisms : For Open users, directly communicate the data services; For WPA2/WPA PSK users, directly negotiate encryption keys with AP;

Campus network
Pre-authentication domain/Isolated domain/Postauthentication domain

AC devices AP2

AP1 1 2

VLAN 1

Switchover

VLAN 1

For 802.1X users, AC will check whether the PMK information existing according to the received PMK ID from STA. if existing, fast roaming is allowed and 802.1X authentication process is omitted. The STA directly negotiates encryption keys with AP. If not existing, 802.1X authentication process must be performed and PMK information is generated again;

SSID: HUAWEI SSID: HUAWEI Roaming switchover

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 7

Cross-VLAN Services Switching Process (Layer3 Roaming)

In channel forwarding mode: The AC must mark roaming user messages as from pre-roaming VLAN1.

Huawei Enterprise A Better Way

Server area

Roaming process
The process of switching to AP2 when the STA has associated with AP1 is as follows: 1) The STA cancels the association relationship with AP1, as shown in area 1 in the figure on the left. The STA sends a re-association request with the AC through AP2, as shown in area 2 in the figure on the left. After the STA is associated with the AC, AC updates the user information(including VLAN information) to AP2. At step3, different users have the different mechanisms : For Open users, directly communicate the data services; For WPA2/WPA PSK users, directly negotiate encryption keys with AP; For 802.1X users, AC will check whether the PMK information existing according to the received PMK ID from STA. if existing, fast roaming is allowed and 802.1X authentication process is omitted. The STA directly negotiates encryption keys with AP. If not existing, 802.1X authentication process must be performed and PMK information is generated again;

4 Campus network
Pre-authentication domain/Isolated domain/Postauthentication domain

2)

3 2 AP1

AC devices AP2
3)

VLAN1

Switchover

VLAN2

SSID: HUAWEI

SSID: HUAWEI
4) While roaming is not on the same subnet, AC still regards the STA as from the original subnet (VLAN1). Ensuring the STA maintains its original IP and supports IP communication established In the centralized forwarding scenarios specified by area 4 in the figure on the left, the AC must mark roaming user messages as from pre-roaming VLAN1.

Roaming switchover

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Confidential

Page 8

Thank you
www.huawei.com