WLAN roaming enables clients to seamlessly roam among wireless services in the same ESS while retaining their IP address and authorization information during the roaming process.

WLAN roaming mechanism

As shown in Figure 1, the client roams from AP 1 to AP 2 as follows:

1. The client comes online from AP 1, and the AC creates a roaming entry for the client.

The entry records the initial SSID at association, PMKID, authentication method, security mode, and roaming VLAN.

2. The client roams to AP 2. The AC examines the roaming entry.

3. The client performs reauthentication and then comes online from AP 2.

Figure 1 WLAN roaming mechanism

‌

Layer 3 roaming

As shown in Figure 2, the client can roam between APs in different VLANs without special configuration. For the roaming procedure, see "WLAN roaming mechanism."

Figure 2 Layer 3 roaming

‌

Setting the roaming entry aging time

About this task

Client roaming entries record client PMKs, VLAN, and other authorization information. If a disconnected client connects to an AP before its roaming entry expires, the client can inherit authorization recorded in the entry and achieve fast roaming.

If a disconnected client cannot come online before its entry expires, the system deletes the entry.

Restrictions and guidelines

Setting the roaming entry aging time to 0 allows the system to delete the roaming entry of a client once the client goes offline. Fast roaming cannot be performed.

The aging time is applicable only to intra-AC roaming entries. It does not take effect on inter-AC roaming entries.

Procedure

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Set the roaming entry aging time.

client cache aging-time aging-time

By default, the roaming entry aging time is 180 seconds.

Display and maintenance commands for WLAN roaming

Execute display commands in any view.

Task	Command
Display roam-track information for a client.	display wlan mobility roam-track mac-address mac-address

‌

Example: Configuring WLAN roaming

Network configuration

As shown in Figure 3, configure WLAN roaming to enable the client to roam from AP 1 to AP 2. The two APs are managed by the same AC.

Figure 3 Network diagram

‌

Procedure

# Create a service template named service, set the SSID to 1, and enable the service template.

<AC> system-view

[AC] wlan service-template service

[AC-wlan-st-service] ssid 1

[AC-wlan-st-service] service-template enable

[AC-wlan-st-service] quit

# Create a manual AP named ap1, and specify the AP model and serial ID.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

# Bind the service template to radio 1 of AP 1.

[AC-wlan-ap-ap1] radio 1

[AC-wlan-ap-ap1-radio-1] radio enable

[AC-wlan-ap-ap1-radio-1] service-template service

[AC-wlan-ap-ap1-radio-1] quit

[AC-wlan-ap-ap1] quit

# Create a manual AP named ap2, and specify the AP model and serial ID.

[AC] wlan ap ap2 model WA6320

[AC-wlan-ap-ap2] serial-id 219801A28N819CE0003T

# Bind the service template to radio 1 of AP 2.

[AC-wlan-ap-ap2] radio 1

[AC-wlan-ap-ap2-radio-1] radio enable

[AC-wlan-ap-ap2-radio-1] service-template service

[AC-wlan-ap-ap2-radio-1] quit

[AC-wlan-ap-ap2] quit

Verifying the configuration

# Enable the client to come online from AP 1. (Details not shown.)

# Verify that the client has associated with AP 1, and the roaming status is N/A, which indicates that the client has not performed any roaming.

[AC] display wlan client verbose

Total number of clients: 1

MAC address : 9cd3-6d9e-6778

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 1

AP name : ap1

Radio ID : 1

Channel : 36

SSID : 1

BSSID : 000f-e200-4444

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : Open system

Security mode : PRE-RSNA

AKM mode : Not configured

Cipher suite : N/A

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : N/A

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 1minutes 13seconds

FT status : Inactive

# Verify that the AC has a roaming entry for the client.

[AC] display wlan mobility roam-track mac-address 9cd3-6d9e-6778

Total entries : 1

Current entries: 1

BSSID Created at Online time AC IP address RID AP name

000f-e200-4444 2016-06-14 11:12:28 00hr 01min 16sec 127.0.0.1 1 ap1

# Enable the client roam to AP 2. (Details not shown.)

# Verify that the client has associated with AP 2, and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

MAC address : 9cd3-6d9e-6778

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 2

AP name : ap2

Channel : 36

Radio ID : 1

SSID : 1

BSSID : 000f-e203-7777

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : Open system

Security mode : PRE-RSNA

AKM mode : Not configured

Cipher suite : N/A

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : Intra-AC roam

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 5minutes 13seconds

FT status : Inactive

# Verify that the AC has updated the roaming entry for the client.

[AC] display wlan mobility roam-track mac-address 9cd3-6d9e-6778

Total entries : 2

Current entries: 2

BSSID Created at Online time AC IP address RID AP name

000f-e203-7777 2016-06-14 11:12:28 00hr 01min 02sec 127.0.0.1 1 ap2

000f-e200-4444 2016-06-14 11:12:04 00hr 03min 51sec 127.0.0.1 1 ap1

Configuring enhanced roaming

About enhanced roaming

WLAN supports the following enhanced roaming technologies:

· 802.1X fast roaming—Allows users to come online from a new AP or radio without being reauthenticated. It is applicable only when RSN+802.1X authentication is used.

· MAC fast roaming—Allows users to come online from a new AP or radio without being reauthenticated. It is applicable only when MAC authentication is used.

· 802.11r—Shortens roaming latency to reduce client disconnection rate and improve the service quality.

802.1X fast roaming

802.1X fast roaming mechanism

As shown in Figure 4, 802.1X fast roaming operates as follows:

1. The client comes online from AP 1 after passing RSN+802.1X authentication. AP 1 creates a roaming entry for the client.

For more information about 802.1X authentication, see "Configuring WLAN security.

2. The client roams to AP 2. The AP examines the roaming entry for the client and triggers 802.1X fast forwarding if the client carries the same PMKID as the AP.

The system uses the cached PMK to perform key negotiation and the client can associate with AP 2 without reauthentication.

NOTE:

The system supports using the following methods to cache PMKID:

· Sticky Key Caching (SKC)—Directly caches the PMKIDs generated during 802.1X authentication of clients.

· Opportunistic Key Caching (OKC)—Uses the currently associated BSSID, client MAC address, and cached PMK to generate a PMKID.

Both methods support 802.1X fast roaming without manual intervention.

‌

Figure 4 802.1X fast roaming

‌

Restrictions and guidelines: 802.1X fast forwarding configuration

802.1X fast roaming supports only roaming between APs managed by the same AC.

MAC fast roaming

MAC fast roaming mechanism

As shown in Figure 4, MAC fast roaming operates as follows:

1. The client comes online from AP 1 after passing MAC authentication. AP 1 creates a roaming entry for the client.

For more information about MAC authentication, see "Configuring WLAN security."

2. The client roams to AP 2. AP 2 examines the roaming entry for the client and triggers MAC authentication if fast-connect is enabled.

The client comes online from AP 2 without being reauthenticated.

Figure 5 MAC fast roaming

‌

Restrictions and guidelines: MAC fast forwarding

802.1X fast roaming supports only roaming between APs managed by the same AC.

Enabling fast-connect for MAC authenticated intra-AC roaming clients

About this task

This feature allows a MAC authentication roaming client that has been authenticated once on the AC to come online from any APs attached to the AC without re-authentication.

Restrictions and guidelines

This feature applies only to MAC authentication wireless clients whose authentication location and association location are both on the AC.

Prerequisites

Before you can configure this feature in a service template, you must disable that service template.

Procedure

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Enable fast-connect for MAC authenticated intra-AC roaming clients.

mac-authentication fast-connect enable

By default, fast-connect is enabled for MAC authenticated intra-AC roaming clients.

802.11r

About 802.11r

802.11r fast BSS transition (FT) minimizes the delay when a client roams from a BSS to another BSS within the same ESS. During 802.11r FT, a client needs to exchange messages with the target AP.

FT provides the following message exchanging methods:

· Over-the-air—The client communicates directly with the target AP for pre-roaming authentication. This method is applicable to scenarios that have high requirements for roaming compatibility. As a best practice, use this method.

· Over-the-DS—The client communicates with the target AP through the current AP for pre-roaming authentication. This method is applicable to scenarios that have high requirements for roaming performance.

Intra-AC roaming through over-the-air FT

As shown in Figure 6, the client is associated with AP 1. Intra-AC roaming through over-the-air FT uses the following process:

1. The client sends an FT authentication request to AP 2.

2. AP 2 sends an FT authentication response to the client.

3. The client sends a reassociation request to AP 2.

4. AP 2 sends a reassociation response to the client.

5. The client roams to AP 2.

Figure 6 Intra-AC roaming through over-the-air FT

‌

Intra-AC roaming over-the-DS FT

As shown in Figure 7, the client is associated with AP 1. Intra-AC roaming through over-the-DS FT uses the following process:

1. After the client comes online, the AC creates a roaming entry and saves it for the client.

2. The client sends an FT authentication request to AP 1.

3. AP 1 sends an FT authentication response to the client.

4. The client sends a reassociation request to AP 2.

5. AP 2 sends a reassociation response to the client.

6. The client roams to AP 2.

Figure 7 Intra-AC roaming through over-the-DS FT

‌

Restrictions and guidelines: 802.11r configuration

When you configure 802.11r, follow these restrictions and guidelines:

· To enable a client that does not support FT to access the WLAN, create two service templates using the same SSID: one enabled with FT and the other not.

· To prevent a client from coming online every time the periodic re-authentication timer expires, do not enable FT and 802.1X periodic re-authentication for the same service template. For more information about 802.1X periodic re-authentication, see "Configuring WLAN security."

· PTK updates are not supported for clients that have been associated with a WLAN through FT. For more information about PTK updates, see "Configuring WLAN security."

· To use FT, you must also specify an AKM mode.

· To use 802.11r, make sure APs carry the RSN IE in beacon frames and probe requests, a non-local authentication method is used, and the CCMP cipher suite is enabled.

· 802.11r takes effect only on clients associated with the AC.

· Before configuring 802.11r, make sure the service template is disabled.

· Do not enable 802.11r FT and set the WPA3 security mode or enable enhanced open system authentication at the same time. If you do so, the service template cannot be enabled. For more information about 802.11r, see configuring WLAN security in WLAN Security Configuration Guide.

· Roaming through over-the-DS FT allows only roaming between APs managed by the same AC.

Configuring 802.11r

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Enable FT.

ft enable

By default, FT is disabled.

4. (Optional.) Set the FT method.

ft method { over-the-air | over-the-ds }

By default, the FT method is over-the-air.

5. (Optional.) Set the reassociation timeout timer.

ft reassociation-timeout timeout

By default, the association timeout timer is 20 seconds.

The roaming process is terminated if a client does not send any reassociation requests before the timeout timer expires.

6. (Optional.) Specify a mobility domain ID for the device.

ft mobility-domain-id mobility-domain-id

By default, no mobility domain ID is specified.

With this feature configured, a client can roam between different devices through fast BSS transition (FT) when the two devices have the same mobility domain ID.

This feature takes effect only when FT is enabled.

Example: Configuring over-the-DS FT (PSK authentication)

Network configuration

As shown in Figure 8, configure intra-AC roaming through over-the-DS FT to enable the client to roam between AP 1 and AP 2. Configure PSK as the authentication and key management mode.

Figure 8 Network diagram

‌

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the authentication and key management mode to PSK, and configure simple string 12345678 as the PSK.

[AC-wlan-st-acstname] akm mode psk

[AC-wlan-st-acstname] preshared-key pass-phrase simple 12345678

# Set the CCMP cipher suite and enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Set the reassociation timeout timer to 50 seconds.

[AC-wlan-st-acstname] ft reassociation-timeout 50

# Set the FT method to over-the-DS.

[AC-wlan-st-acstname] ft method over-the-ds

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA6320

[AC-wlan-ap-1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA6320

[AC-wlan-ap-2] serial-id 219801A28N819CE0007T

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify that the service template is correctly configured.

[AC] display wlan service-template acstname verbose

Service template name : acstname

Description : Not configured

SSID : service

SSID-hide : Disabled

User-isolation : Disabled

Service template status : Enabled

Maximum clients per BSS : Not configured

Frame format : Dot3

Seamless-roam status : Disabled

Seamless-roam RSSI threshold : 50

Seamless-roam RSSI gap : 20

VLAN ID : 1

Service VLAN ID : N/A

Service VLAN TPID : dot1q

AKM mode : PSK

Security IE : RSN

Cipher suite : CCMP

TKIP countermeasure time : 0 sec

PTK lifetime : 43200 sec

PTK rekey : Enabled

GTK rekey : Enabled

GTK rekey method : Time-based

GTK rekey time : 86400 sec

GTK rekey client-offline : Disabled

WPA3 status : Disabled

PPSK : Disabled

PPSK Fail Permit : Disabled

Enhance-open status : Disabled

Enhanced-open transition-mode service-template : N/A

User authentication mode : Bypass

Intrusion protection : Disabled

Intrusion protection mode : Temporary-block

Temporary block time : 180 sec

Temporary service stop time : 20 sec

Fail VLAN ID : Not configured

802.1X handshake : Disabled

802.1X handshake secure : Disabled

802.1X domain : Not configured

MAC-auth domain : Not configured

Max 802.1X users per BSS : 4096

Max MAC-auth users per BSS : 4096

802.1X re-authenticate : Disabled

Authorization fail mode : Online

Accounting fail mode : Online

Authorization : Permitted

Key derivation : SHA1

PMF status : Disabled

Hotspot policy number : Not configured

Forwarding policy status : Disabled

Forwarding policy name : Not configured

Forwarder : AC

FT Status : Enable

FT Method : over-the-ds

FT Reassociation Deadline : 50 sec

QoS trust : Port

QoS priority : 0

QoS U-APSD mode : 1

BTM status : Disabled

# Verify that the roaming status is N/A and the FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 1

AP name : 1

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e266-7788

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : Open system

Security mode : RSN

AKM mode : PSK

Encryption cipher : CCMP

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : N/A

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 1minutes 13seconds

FT status : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 2

AP name : 2

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e211-2233

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : FT

Security mode : RSN

AKM mode : PSK

Encryption cipher : CCMP

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : Intra-AC roam

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 5minutes 13seconds

FT status : Active

Example: Configuring over-the-DS FT (802.1X authentication)

Network configuration

As shown in Figure 8, configure intra-AC roaming through over-the-DS FT to enable the client to roam between AP 1 and AP 2. Configure 802.1X as the authentication and key management mode.

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the AKM mode to 802.1X.

[AC-wlan-st-acstname] akm mode dot1x

# Enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Set the authentication mode to 802.1X for clients.

[AC-wlan-st-acstname] client-security authentication-mode dot1x

[AC-wlan-st-acstname] dot1x domain imc

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Set the FT method to over-the-DS.

[AC-wlan-st-acstname] ft method over-the-ds

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Set the 802.1X authentication mode to EAP.

[AC] dot1x authentication-method eap

# Create RADIUS scheme imcc.

[AC] radius scheme imcc

# Set the IP address of the primary authentication and accounting servers to 10.1.1.3.

[AC-radius-imcc] primary authentication 10.1.1.3

[AC-radius-imcc] primary accounting 10.1.1.3

# Set the shared key for the AC to exchange packets with the authentication and accounting servers to 12345678.

[AC-radius-imcc] key authentication simple 12345678

[AC-radius-imcc] key accounting simple 12345678

# Configure the AC to remove the ISP domain name from usernames sent to the RADIUS server.

[AC-radius-imcc] user-name-format without-domain

[AC-radius-imcc] quit

# Create ISP domain imc, and configure the domain to use the RADIUS scheme imcc for authentication, authorization, and accounting.

[AC] domain imc

[AC-isp-imc] authentication lan-access radius-scheme imcc

[AC-isp-imc] authorization lan-access radius-scheme imcc

[AC-isp-imc] accounting lan-access radius-scheme imcc

[AC-isp-imc] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA6320

[AC-wlan-ap-1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA6320

[AC-wlan-ap-2] serial-id 219801A28N819CE0007T

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify that the service template is correctly configured.

[AC] display wlan service-template acstname verbose

Service template name : stname

Description : Not configured

SSID : service

SSID-hide : Disabled

User-isolation : Disabled

Service template status : Enabled

Maximum clients per BSS : Not configured

Frame format : Dot3

Seamless-roam status : Disabled

Seamless-roam RSSI threshold : 50

Seamless-roam RSSI gap : 20

VLAN ID : 1

Service VLAN ID : N/A

Service VLAN TPID : dot1q

AKM mode : 802.1X

Security IE : RSN

Cipher suite : CCMP

TKIP countermeasure time : 0 sec

PTK lifetime : 43200 sec

PTK rekey : Enabled

GTK rekey : Enabled

GTK rekey method : Time-based

GTK rekey time : 86400 sec

GTK rekey client-offline : Disabled

WPA3 status : Disabled

PPSK : Disabled

PPSK Fail Permit : Disabled

Enhance-open status : Disabled

Enhanced-open transition-mode service-template : N/A

User authentication mode : 802.1X

Intrusion protection : Disabled

Intrusion protection mode : Temporary-block

Temporary block time : 180 sec

Temporary service stop time : 20 sec

Fail VLAN ID : Not configured

802.1X handshake : Disabled

802.1X handshake secure : Disabled

802.1X domain : imc

MAC-auth domain : Not configured

Max 802.1X users per BSS : 4096

Max MAC-auth users per BSS : 4096

802.1X re-authenticate : Disabled

Authorization fail mode : Online

Accounting fail mode : Online

Authorization : Permitted

Key derivation : SHA1

PMF status : Disabled

Hotspot policy number : Not configured

Forwarding policy status : Disabled

Forwarding policy name : Not configured

Forwarder : AC

FT Status : Enable

FT Method : over-the-ds

FT Reassociation Deadline : 20 sec

QoS trust : Port

QoS priority : 0

QoS U-APSD mode : 1

BTM status : Disabled

# Verify that the roaming status is N/A and the FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 1

AP name : 1

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e266-7788

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : Open system

Security mode : RSN

AKM mode : 802.1X

Encryption cipher : CCMP

User authentication mode : 802.1X

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : N/A

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 1minutes 13seconds

FT status : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 2

AP name : 2

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e211-2233

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : FT

Security mode : RSN

AKM mode : 802.1X

Encryption cipher : CCMP

User authentication mode : 802.1X

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : Intra-AC roam

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 5minutes 13seconds

FT status : Active

03-WLAN Configuration Guides

About this task

Restrictions and guidelines

Procedure

Network configuration

Procedure

Verifying the configuration

About this task

Restrictions and guidelines

Prerequisites

Procedure

Intra-AC roaming through over-the-air FT

Intra-AC roaming over-the-DS FT

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us