How can I disable CCMK?

  • 1
  • Question
  • Updated 2 years ago
  • Answered
When client roams between two APs in a WLAN with 802.1x EAP authentication, faster roaming is achieved using CCMK, which mimimizes the authentication effort. Nevertheless, sometimes this schema fails with some old MacOS and they lose connectivity for 2-3 minutes (maybe a timeout for the cached authentication to expire?). The only way to solve it during this gap is to disable an reenable WiFi for them (so they revert to EAP). Is there a way to force the APs to use just EAP and no more CCMK?
Photo of ALEJANDRO MORALES JIMENEZ

ALEJANDRO MORALES JIMENEZ

  • 1 Post
  • 0 Reply Likes
  • Frustrated

Posted 2 years ago

  • 1
Photo of Sean

Sean

  • 342 Posts
  • 87 Reply Likes
On the ZD and SZ you can enable 802.11r which caters for PMK and OKC when using 802.1x..

This wont solve the issue if your clients don't support 802.11r i.e. iPhone 4, iPad 2nd Gen etc.

Note: On the ZD platform you also get the use of 802.11k to assist with client roaming, but as above you have client restrictions

If you have 802.11r enabled you will see MAC FLAP on your network, don't worry about this, as this is normal behaviour and you can just disable the reporting of the MAC FLAP on your switch/ router (providing its Cisco), by using the following command
no mac-address-table notification mac-move
See command reference for further information:

http://www.cisco.com/c/en/us/td/docs/ios/lanswitch/command/reference/lsw_book/lsw_m1.html#wp1142649
(Edited)