This product bulletin serves as a notification of the discontinuation of support for the Wireless Domain Services (WDS) Fast Secure Roaming feature on the Cisco® 2600XM/2691/3700 Series Multiservice routers and Cisco 2800 and 3800 Series Integrated Services Routers running Cisco IOS® Software images later than Release 12.3(14)T.
The Fast Secure Roaming feature provides the capability for client devices to roam from one access point to another without requiring reauthentication by the main RADIUS server. By streamlining the roaming process, this feature supports client applications, such as voice over IP (VoIP), that require seamless roaming to avoid delays and gaps in transmission. This feature is supported on Cisco Aironet® Access Points and the Cisco Catalyst® 6500 Series Wireless LAN Services Module (WLSM) and was integrated into Cisco IOS Software Release 12.3(11)T for the Cisco 2600XM, 2691, 3700, 2800, and 3800 routers. Access points and the Cisco Catalyst 6500 Series WLSM still support Fast Secure Roaming; however, support for this feature on the wireless-aware routers is discontinued. This feature is supported only in the scenario summarized in Table 1.
Table 1. Fast Secure Roaming Support
Cisco Aironet Access Point
Cisco Aironet Client Devices
Cisco IOS Software Release 12.3 (11)T or 12.3(14)T
Cisco IOS Software Release 12.2(11)JA
Cisco client firmware Version 5.20.17 or later
Customers wanting to use Fast Secure Roaming on routers must continue to use the combination listed in Table 1. The Cisco Technical Assistance Center (TAC) does not support other software releases. The WDS Fast Secure Roaming configuration commands may be found in later releases; however, they will be removed from the Cisco IOS Software on the Cisco 2600XM, 2691, 3700, 2800, and 3800 routers at a later date.
WDS support on the Cisco 2600XM, 2691, 3700, 2800, and 3800 routers is limited to Layer 2 Fast Secure Roaming with the releases listed in Table 1. Radio management, CiscoWorks Wireless LAN Solutions Engine (WLSE) interaction, and new features released after Cisco IOS Software Releases 12.3(14)T and 12.2(11)JA are not supported. For full WDS support, including Layer 2 Fast Secure Roaming, radio management, and CiscoWorks WLSE interaction, please choose one of the alternative solutions described in the following section.
If Fast Secure Roaming is a requirement for your network, you can use one of the following options, which provide a similar function on different platforms.
Cisco Unified Wireless Networks
The Cisco Unified Wireless Network architecture is an industry-leading, comprehensive solution that encompasses client devices, access points, controllers, switches and routers, world-class management, and mobility services with enterprise-class support. It supports real-time business-critical applications and creates a secure, mobile, interactive workplace for organizations deploying WLANs. Cisco Unified Wireless Networks provide uninterrupted network access when roaming across access points (within and between subnets). Through the use of wireless controllers, Cisco Unified Wireless Networks deliver the following:
• Secure Layer 2 and 3 roaming
• "Follow-me VPNs," which allow clients to maintain VPN tunnels when roaming
• Fast, secure scalable roaming in IEEE 802.11i environments
• Context transfer of security and quality-of-service (QoS) policies, allowing users' identities to follow them as they roam
• Wireless capability without boundaries, both indoors and outdoors, including dynamic wireless mesh networks
The Cisco Unified Wireless Network architecture provides several controller options, such as a module for the Cisco Catalyst 6500 Series, a fully standalone controller, or a network module for the integrated services router. The Cisco Wireless LAN Controller Module for integrated services routers allows small and medium-sized businesses (SMBs) and enterprises to cost-effectively deploy and manage secure wireless LANs at branch offices. The module can manage up to six Cisco Aironet Lightweight Access Points and is supported on Cisco 2800, 3800, and 3700 Series routers.
WDS on Cisco Aironet Access Points
WDS can run on Cisco Aironet 1100 and 1200 Series Access Points for Layer 2 Fast Secure Roaming. An access point in the network can be set up as the main WDS candidate to provide fast secure roaming for clients. This access point registers all client devices in the subnetwork, establishes session keys for the client devices, and caches the client security credentials. When a client roams to another access point, the WDS access point forwards the client security credentials to the new access point. Other features include the following:
• Scalable WLAN management
• Advanced radio management capabilities
• A single WDS access point, supports a maximum of 60 infrastructure access points when the radio interface is disabled and 30 when the WDS access point also accepts client associations
Cisco Catalyst 6500 Series WLSM
The Cisco Catalyst 6500 Series WLSM, for the Cisco Catalyst 6500 Series Multilayer Switch allows scalable WLAN network deployments. The Cisco Catalyst 6500 Series WLSM provides fast secure Layer 3 roaming across subnets. Main features include the following:
• Uses existing network infrastructure investments that do not force changes to the underlying wireline infrastructure and do not require special client devices
• Allows secure campuswide Layer 3 roaming
• Supports up to 6000 WLAN users and 600 Cisco Aironet autonomous access points spread throughout the campus using a single Cisco Catalyst 6500 Series WLSM deployed in a Cisco Catalyst 6500 Series chassis located anywhere in the network
Q. Does Cisco Systems® still support the WDS feature?
A. Cisco Aironet Access Points, the Cisco Catalyst 6500 Series WLSM, and previous Cisco IOS Software releases as mentioned earlier in this document still support WDS.
Q. If I am using a supported Cisco IOS Software release on my router but the WDS Fast Secure Roaming feature is not working properly, can I call Cisco TAC?
A. Yes. Please open a case with Cisco TAC for any problems involving WDS Fast Secure Roaming on supported platforms running Cisco IOS Software Release 12.3(11)T or 12.3(14)T. Please also make sure that the access points and clients used are also running a supported software version (see Table 1).
Q. We recently upgraded to a later version of Cisco IOS Software Release 12.4 for our network routers. If we run into any problems with the Fast Secure Roaming feature, how can we get support?
A. WDS Fast Secure Roaming for the Cisco 2600XM, 2691, 3700, 2800, and 3800 routers is supported only under the following conditions (also see Table 1):
• Cisco Aironet client devices are running Cisco client firmware Version 5.20.17 or later.
• Cisco IOS Software Release 12.2(11)JA is running on the access point.
• Cisco IOS Software Release 12.3 (11)T or 12.3(14)T is running on the wireless-aware router.
Q. If the required Cisco IOS Software image versions cannot be run on the access points or routers, how can we still provide WDS Fast Secure Roaming for our clients?
A. Fast Secure Roaming is supported on other Cisco devices such as Cisco Aironet Access Points and Cisco Catalyst 6500 WLSM. You can also use the mobility services provided by the Cisco Unified Wireless Network solution and its related product platforms. The appropriate solution will depend on the size (how many access points per subnet) and features that your network requires.