6-39
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter6 Configuring Radio Settings
802.11r Configuration
This example shows how to begin debugging of the radio system log:
AP# debug dot11 syslog
This example shows how to stop debugging of all radio related events:
AP# no debug dot11 events
Note Debugging not enabled is the default of the command.
802.11r Configuration
802.11r enables fast roaming across access point in the same subnet using Wireless Domain Service.
When you enable 802.11r, a Mobility Domain Information Element (MDIE) is advertised in the AP
beacons. The same MDIE is announced by all APs associated to the same WDS. The last 2 bytes of the
WDS BVI IP address (IPv4 or Ipv6) is used as MDIE. 802.11r compatible clients use this MDIE to
identify APs belonging to the same domain and between which fast roaming is possible.
For a client to move from its current AP to a target AP utilizing the FT protocols, the message exchanges
are performed using one of two methods:
Over-the-Air—The client communicates directly with the target AP using IEEE 802.11
authentication with the FT authentication algorithm. To set this, use the command:
ap(config-if)#dot11 dot11r pre-authentication over-air
Over-the-DS—The client communicates with the target AP via the current AP. The communication
between the client and the target AP is carried in FT action frames between the client and the current
AP, and is then sent through the WDS to the target AP. To set this, use the command:
ap(config-if)#dot11 dot11r pre-authentication over-ds
On an AP radio, you can enable 802.11r support, and decide if roaming dialog should occur over the air
(default) or over the DS, and also configure the maximum time allowed for a client to complete the
roaming transaction. The maximum time allowed for a client to complete the roaming transaction is
called Re-association Timer. This timer allows you to add security to your network by preventing
attackers from opening many 802.11r transactions without completing any of them, which can overload
the AP. You can set this timer using the following command:
ap(config-if)#dot11 dot11r reassociation-time value 20to1200-timeout-value-in-milli-seconds
Example:Enable 802.11r, with authentication over the DS, and re-association time value of 200 ms.
aap(config-if)#dot11 dot11r pre-authentication over-ds
ap(config-if)#dot11 dot11r reassociation-time value 200
Note Test 802.11r before implementing it into your network. Some non-802.11r clients do not support 802.11r
MDIE and do not operate well in 802.11r environments.