PrepAway - Latest Free Exam Questions & Answers

What limitations are present with PMK caching (or PMKSA caching) when 802.1X/EAP authentication is in use?

What limitations are present with PMK caching (or PMKSA caching) when 802.1X/EAP authentication is in use?

PrepAway - Latest Free Exam Questions & Answers

A.
PMK caching may only be supported when the authentication server (SA) is collocated with the authenticator, as with WLAN controllers using an internal RADIUS server.

B.
PMK caching has a maximum PMKSA storage threshold of five keys, which limits the fast roaming capability to a mobility group of five APs.

C.
PMK caching allows to fast roaming between APs when they are managed by a single controller, but it does not support inter-controller handoffs

D.
PMK caching can only retain PMKSAs once they are present, but it can not create new PMKSAs without a full 802.1X/EAP authentication nor can it distribute an existing PMKSA to other APs.

Explanation:
Pre-authentication and PMK caching allows for an AP to pre-authenticate aclient which in turn will allow for faster roaming between APs PMK caching is sometimes calledfast secure roam – backbecause the client station is able to roam back to the original AP and skip the 802.1X/EAP exchange.This is great if a client station roams back to an AP where it shares a PMKSA, but how does this speed things up when the client station roams to a new AP? The short answer is there will not be a cached PMK on the target AP unless preauthentication has occurred.

http://support.avaya.com/css/P8/documents/100014763

If multiple WLAN controllers are used, this becomes even more complex. There is no real defi nition of how keys should be exchanged between controllers; therefore, intercontroller handoff protocols are entirely proprietary.


Leave a Reply