Do i need a ZoneDirector for Wireless Roaming?
One of my Customers need a Wireless Network for his Warehouse. There will be about 15 to 20 Wireless Barcode Scanner. The Scanner supports 802.11b/g/n.
I read there is no need for a ZoneDirector for Layer 2 Roaming because this is implemented in the 802.11 Protocoll. Is this true?
sensitive to time delays and dropped packets. Using only standalone APs means
the scanners will have to re-authenticate with every roam. Having a ZoneDirector
allows for the cached client session credentials to be shared between APs and
allows for more seamless roaming, especially for VoIP and Scanner usage.
thanks for your Reply.
Ok. So if i understand right Roaming without ZD is working... more or less. It depends on the Client.
If my customer need a better (or even perfect) Roaming Experience he should use a ZoneDirector. Correct?
Is the statement true that Roaming is (in a simply) way implemented in the 802.11 Standard?
Thanks & Kind Regards
The fastest client re-association is facilitated by ZoneDirector managing client
sessions between Access Points under its control. Without a ZoneDirector, the
scanner is dropping from one AP, and performing an entire new connection to the
next AP, including another DHCP request, and will result in a few lost packets by
the scanner telnet application. If these dropped packets are enough to freeze the
application or cause it to lose session with the server will have to be evaluated,
but for best results, the ZD is a valuable piece of the solution.
For the session credentials to be shared between access points, does 802.11r with 802.11k support needs to be enabled on the zonedirector or will enabling these features trigger an even faster (more seamless) roaming (for client devices that support these features) because of storing the PMKs at the zonedirector (PSK & 802.1x support) and also clients requesting neigboring reports from the access points. Will 802.11r trigger pre-authentication of the client devices with neigboring access points before re-association to these AP's?
In 802.11r Yes, the initial handshake with the new AP is done even before the client roams to the new AP( Fast Transition (FT). So the initial handshake tells the client and the AP to calculate the encryption keys in advance . These keys are than applied to the client and AP after the client request for re-association .
Then there is the consideration of authentication, which is a big factor here.
So when you have 2 APs configured with the same SSID and security parameters the client will decide to which one it is talking at any time. So if it's talking to AP1 and decides AP2 is better it will roam to that one and vice versa.
One thing that vendors do is help the client with the decision. This help is kind of 2 tier:
1. One is standard based with the implementation of 802.11k Radio Resource Measurement of Wireless LANs amendment. This however NEEDS to be supported on APs and client devices (STAs), otherwise it's useless
2. If 11k isn't supported a controller can gather data on an STA and if it thinks it has a better option for it it disassociates it thus forcing an association from an STA and hopefully the STA will connect to the same SSID but one advertised by a "nearer" AP with better signal. It's a hit and miss process.
The other thing is authentication that basically defines the speed of a roam as the STA needs to perform it every time it changes an AP association. These times can vary between 10ms to 300ms, depending on various things. The fastest way to do it now is by employing 11r as was discoussed by Koen and Munish, but again both nodes on a network need to support it.
So in the end, the answer is YES, you need a controller for roaming to work very fast, but you also need clients that support 11k & 11r and 802.1X must be employed.
thanks for your detailed answer.
In my specific Case a Customer wants to deploy a wireless Network in his Warehouses. In the End there will be about 10 Wireless Bar Code Scanners. For my Customer its important that the Clients roam as "smooth" as possible. Unfortunatelly my Customer don't know which kind of Bar Code Scanner (Model, Vendor, etc.) he will get.
Someone of Ruckus reccomendet to use a ZD1106.
If i read the Information within this Topic it seems it whould be a good way to try roaming first without a ZD. If it works: Fine! If not: Lets try with a ZD.
Is this my way i should go?
If i understand right a STA have to support 11k to roam "smoothly". Is 11r just needed if i am using 802.1x or is it also good if i use a simple autonomous WPA2 Network?
The second not so optimal, but still probably good option is too use a ZD and a static WPA2/AES key.
The last and the least optimal option is to use stand-alone APs configured with static WPA2/AES key.
Maybe start from the bottom and go up if needed.
The goal of 802.11r & 802.11k is that when using 802.1x authentication for the first time, this authentication process will happen between the client device (supplicant), Zonedirector (authenticator) and RADIUS server (authentication server) and can take up to a few seconds depending where it is located, once successfully authenticated, the RADIUS (AAA) server will send the MSK = PMK to the Zonedirector which will be stored there and forwarded to all APs in the same mobility domain that request it. The 4-way handshake (deriving session keys) will happen between the AP the client is connected to and the client device itself. Now when the client device is roaming to another AP (and i think the client can even auth to other AP's before making a roaming decision) in the same mobility domain, the client will authenticate to the Zonedirector instead of the AAA server & re-associate with the new AP. The 4-way handshake will occur between the new AP and the client device. The client roaming time will be reduced from a few seconds to around 50ms. The 802.11k part is that clients who support this standard are able to request a neighbor report of the access point it is connected to. The AP will respond with a neighbor report containing following information on the top 8 neighboring AP's: SSID, channel #, PHY type, BSS capabilities, mobility domain, ect... The neighbor report empowers client devices with info to make the smartest roaming decision. Without 802.11k clients will learn neighbor AP information from probe responses
Guys, please correct me if i am wrong on this.
Sorry for the question again. I hope i am not too annoying. ;)
I read at "support.apple.com":
"11k" is for quickly identify nearby APs available for roaming. It doesn't matter if i am using static WPA2 or 802.1x.
"11r" streamlines the authentication Process using a Feature called FT and allows STA to associate with APs more quickly. Depending on WiFi-Hardware Vendor, FT works with static WPA2 (PSK) and 802.1x.
On "theruckusroom.net" i read 11r is just needed if i am using 802.1x, because the authentication Process needs his time. This Statement is the same like you (Koen and Primoz Marinsek) described.
Because my Customer don't have an IT-Staff. The IT-Staff is in fact one Person who manages the IT besides. I'm thinking to use DPSK (WPA2). Maybe he should look for Bar Code Scanner who supports 11k.
The log settings changed in more recent firmware to show warning and critical events only, but it's easy to change this. Under Configure > System > Log Settings, click the "Show More" option and save. That will show the user roaming and other entries.
The yacht owner is using this with an iPad to control his on-board entertainment system and complains of drop out when moving around the boat.
Can you help with the configuration process which would optimise seamless roaming between APs?