Information About 802.11r Support for FlexConnect Local Authentication
In releases prior to Cisco IOS XE Amsterdam 17.2.1, the FlexConnect mode fast transition was supported only in centrally authenticated clients. This was achieved by sharing the Pairwise Master Key (PMK) to all the FlexConnect APs in the same site tag. From Cisco IOS XE Amsterdam 17.2.1, fast transition is supported even for locally authenticated clients.
The client PMK cache entries are shared and distributed to all the APs in the same site tag. From Cisco IOS XE Amsterdam 17.2.1, another grouping called Mobility Domain ID (MDID) is introduced, for sharing the PMK cache entries. MDID can be configured for APs using the open configuration model only. There is no CLI or GUI support.
The PMK cache distribution in a FlexConnect local site (using either the site tag or MDID) is restricted to 100 APs per group, with a maximum support for 1000 PMK entries per AP.
The following are the 802.11r support guidelines:
Supports 802.11r on FlexConnect local authentication only with Over-the-Air method of roaming. Over-the-DS (Distribution System) is not supported.
Supports adaptive 11r for Apple clients.
Supports both Fast Transition + 802.1x and Fast Transition + PSK.
This is supported only when clients join the standalone mode AP.