Forum

I have some doubt regarding 802.1x ,

wether a client needs to authenticate in advance with another AP while already been associated with the current AP or It can skip the whole 802.1x with the new AP and directly start with key exchange.

(assuming the current AP will tell new AP bout this client)

Can anyone help me in understanding this?

or suggest some gud document to understand this ..

The STA will pre-authenticate with the remote AP before roaming. This link to the NIST tutorial on 802.11i explains it quite nicely. Please refer to section 5.4.4.

http://csrc.nist.gov/publications/drafts/Draft-SP800-97.pdf

Thanks M/Q

It depends on your setup. Your client will try to manage the roam intelligently, but at the end of the day, if the AP is sending 802.1x auth requests off to your RADIUS server, the roam will probably fail because of the latency VS roam time, etc...

Cisco kit can implement something called WDS, which proxies the 802.1x requests so only your first request hits the RADIUS, after that the WDS server provides the cached responses much faster than a far-away RADIUS server will.

HTH,

Rich