top of page

Wireless Roaming Part 2 - PMK Caching and Preauthentication

Two methods of secure roaming were introduced in 802.11i-2004: PMK Caching and Preauthentication.

PMK caching is a method of roaming used in an RSN that speeds up a roam back to about 50ms ms on average. Let’s take a look at how that works.

The clients and APs will maintain a cache of PMKs. Therefore, if a client wants to roam back to an AP that it has recently been associated with both the client and the AP will already have the PMK in thier cache so the 802.11X/EAP process can be skipped and the 4-way handshake to commence immediately. So what about speeding up the process for a roam to an AP to which a client hasn’t recently been associated. This is where preauthentication is helpful.

During preauthentication a client STA will establish a PMKSA with a target AP prior to roaming to the target AP. Specifically the client will completed the 802.1X/EAP process with the target AP while still associated to its current AP. A client can perform this with several APs to which the client may roam.

Neither PMK caching or preauthentication scale well.


bottom of page