This feature is
not supported on Mesh access points.
In 8.1 and
earlier releases, this feature is not supported on access points in FlexConnect
mode. In Release 8.2, this restriction is removed.
For access points in FlexConnect mode:
802.11r Fast Transition is supported in central and locally switched WLANs.
This feature is not supported for the WLANs enabled for local authentication.
802.11r client association is not supported on access points in standalone mode.
802.11r fast roaming is not supported on access points in standalone mode.
802.11r fast roaming between local authentication and central authentication WLAN is not supported.
802.11r fast roaming works only if the APs are in the same FlexConnect group.
This feature is
not supported on Linux-based APs such as Cisco 600 Series OfficeExtend Access
roaming is not supported if the client uses Over-the-DS preauthentication in
EAP LEAP method
is not supported. WAN link latency prevents
association time to a maximum of 2 seconds.
The service from
standalone AP to client is only supported until the session timer expires.
TSpec is not
supported for 802.11r fast roaming. Therefore, RIC IE handling is not
If WAN link
latency exists, fast roaming is also delayed. Voice or data maximum latency
should be verified. The Cisco WLC handles 802.11r Fast Transition
authentication request during roaming for both Over-the-Air and Over-the-DS
This feature is supported on open and WPA2 configured WLANs.
cannot associate with a WLAN that has 802.11r enabled if the driver of the
supplicant that is responsible for parsing the Robust Security Network
Information Exchange (RSN IE) is old and not aware of the additional AKM suites
in the IE. Due to this limitation, clients cannot send association requests to
WLANs. These clients, however, can still associate with non-802.11r WLANs.
Clients that are 802.11r capable can associate as 802.11i clients on WLANs that
have both 802.11i and 802.11r Authentication Key Management Suites enabled.
is to enable or upgrade the driver of the legacy clients to work with the new
802.11r AKMs, after which the legacy clients can successfully associate with
802.11r enabled WLANs.
workaround is to have two SSIDs with the same name but with different security
settings (FT and non-FT).
resource request protocol is not supported because clients do not support this
protocol. Also, the resource request protocol is an optional protocol.
To avoid any
Denial of Service (DoS) attack, each Cisco WLC allows a maximum of three Fast
Transition handshakes with different APs.
capable devices will not be able to associate with FT-enabled WLAN.
802.11r FT +
PMF is not recommended.
Over-the-Air roaming is recommended for FlexConnect deployments.