802.11i helps with the use of WLAN for speech connections (VoIP) in enterprise networks. Especially in connection with WLAN-based wireless telephony, quick roaming (switching from one AP to another without lengthy interruptions) is of special significance. In telephone conversations, interruptions of 100 milliseconds are irritating, but the full authentication process over 802.1X, including the subsequent key negotiation with the AP, can take significantly longer.
For this reason, the so-called PMK caching was introduced as a first measure. The PMK serves as the basis for key negotiation in an 802.1X authentication between client and access point. In VoIP environments it is possible that a user moves back and forth among a relatively small number of APs. Thus it may happen that a client switches back to an AP in which it was already registered earlier. In this case it makes no sense to repeat the entire 802.1X authentication. For this reason, the AP provides the PMK with a code called the PMKID, which it transmits to the client. Upon a new registration, the client uses the PMKID to ask whether this PMK is still stored. If yes, the 802.1X phase can be skipped and the connection is quickly restored. This optimization is unnecessary if the PMK in a WLAN is calculated from a passphrase as this applies everywhere and is known.
Another measure allows for some acceleration even in the case of first-time authentication, but it requires a little care on the part of the client: The client must detect a degrading connection to the AP during operation and select a new access point while it is still in communication with the old AP. In this case it has the opportunity to perform the 802.1X negotiation with the new AP over the old one, which again reduces the "dead time” required for the 802.1X negotiation.
