WLAN Controllers and Fast Secure Roaming

WLAN Controllers and Fast Secure Roaming

By CWNP On 01/03/2012 - 37 Comments

The title is deceptive. Now that I have you thinking about WLAN controllers and fast secure roaming, my goal in this short post is to point out why WLAN controllers do not sufficiently address fast secure roaming. Why must I write such an article? Because in the past six months, I’ve read article after article claiming that the cure to fast secure roaming problems is a WLAN controller. IT IS NOT! I have nothing against controllers per se; I just want to set the record straight. My point is actually twofold.

Point #1
Even with a WLAN controller, the state of fast secure roaming in Wi-Fi is quite poor. Today’s roaming options are sub-optimal (understatement alert!!!) and any significant solutions have been slow, slow, slow to market, like watching a cactus grow. WLAN controllers don’t fix this because they can’t control the clients or the client vendors. Inconsistent clients are typically the real problem!
Point #2
The best roaming options today are not a result of controllers. Preauthentication is actually not a terrible protocol. It’s a little inefficient, but it would work if folks would use it. It works on any architecture (autonomous included), but I know of only one infrastructure vendor and very few client vendors that support it. OKC is a solid protocol, but again, very few clients support it.
Cisco’s proprietary CCKM protocol (part of the CCX program) happens to use a WLAN controller, but that’s not why it works. It works because Cisco has market share and can influence client vendors to implement the feature. Any vendor with any architecture could specify a proprietary protocol that works, but none other than Cisco have the business muscle to make it useful, and Cisco happens to be a controller vendor.
Meru’s proprietary single channel design essentially eliminates the need for client control of roaming. They remove the weak link in the chain. Meru’s design is more dependent on a controller, but once again, the fast secure roaming problem is not solved by a WLAN controller. For Meru, it is solved by using a single channel and a single BSSID across all APs.
And I suppose I should make the obligatory point that any other good-but-not-widely-or-consistently-supported roaming protocols work equally well with a cooperative autonomous WLAN (i.e. Aerohive). WLAN controllers simply do not fix the roaming problem.
The Solution
The Wi-Fi Alliance members could help the disheveled state of roaming by adopting and promoting Voice Enterprise. Voice Enterprise has technical merit, is based on public specifications (802.11r and 802.11k), would lead to consistent implementation, and would drive better adoption among vendors by virtue of Wi-Fi Alliance certification. But lo, we wait.
Final Comments and Suggestions (FCS)
WLAN controllers fix the roaming problem. WLAN controllers fix the roaming problem. WLAN controllers fix the roaming problem. WLAN controllers fix the roaming problem….. You can keep saying it, but it’s still not true.
WLAN controllers are not the solution to fast secure roaming. They’re not. The real solutions are simple enough:
  1. Use PSKs,
  2. Build a widely supported, publicly documented, certifiable, efficient set of protocols for key management across an Extended Service Set (i.e. Voice Enterprise), or
  3. Use proprietary protocols
Controllers aren’t bad, but buying one won't fix your roaming problems.
  Tagged with: marketing, roaming, Mobility, WLAN controllers, fast transition

Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.

0 Responses to WLAN Controllers and Fast Secure Roaming

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More