OKC (opportunistic key caching) enables WLAN clients to connect to APs without having to authenticate every time. If a client associates with an AP and authenticates successfully, this AP transmits the PMK (pairwise master key) to a WLC, which informs all of the other APs on the network. Consequently, the client is known to all of the APs. A client moving into signal range of a neighboring AP negotiates a new connection with it. This type of OKC requires a WLC, which coordinates the PMKs between the APs.
The IAPP (Inter Access Point Protocol) serves to exchange information between APs in a network, including information about the BSSIDs they operate and the WLAN clients authenticated with them. This makes it possible for a client to move between the areas of signal coverage of the various APs. Each AP queries all of the other APs for information about the new client, and informs them when the client associates with it. This communication allows the implementation of OKC directly between the APs, without the need for a WLC.
By setting an IAPP passphrase (PMK-IAPP secret) on an AP, it is possible to transfer the encrypted PMK (pairwise master key) to the other APs and store it there. This makes OKC available to all of the APs on the network, without the need for a WLC.
In LANconfig, the IAPP passphrase is entered under and clicking on WLAN encryption settings. Open the configuration dialog box for the appropriate interface and switch to the Advanced tab.
