6-149
Using the Command Line Interface
Example
pre-authentication
This command enables WPA2 pre-authentication for fast secure roaming.
Syntax
pre-authentication <enable | disable>
• enable - Enables pre-authentication for the VAP interface.
• disable - Disables pre-authentication for the VAP interface.
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
• Each time a client roams to another access point it has to be fully
re-authenticated. This authentication process is time consuming and can
disrupt applications running over the network. WPA2 includes a
mechanism, known as pre-authentication, that allows clients to roam to a
new access point and be quickly associated. The first time a client is
authenticated to a wireless network it has to be fully authenticated. When
the client is about to roam to another access point in the network, the
access point sends pre-authentication messages to the new access point
that include the client’s security association information. Then when the
client sends an association request to the new access point the client is
known to be already authenticated, so it proceeds directly to key exchange
and association.
• To support pre-authentication, both clients and access points in the
network must be WPA2 enabled.
• Pre-authentication requires all access points in the network to be on the
same IP subnet.
Example
Outdoor 11a Building to Building (if-wireless g: VAP[0])#wpa-pre-shared-key
ASCII agoodsecret
Outdoor 11a Building to Building (if-wireless g: VAP[0])#
Outdoor 11a Building to Building (if-wireless g: VAP[0])#wpa-pre-shared-key
ASCII agoodsecret
Outdoor 11a Building to Building (if-wireless g: VAP[0])#