Fortinet black logo

FortiAIOps 1.1.0 User Guide

Home FortiManager 7.2.1 FortiAIOps 1.1.0 User Guide
7.2.1
7.2.1

Roaming

Roaming

You can configure static thresholds or enable FortiAIOps to compute them dynamically. Based on the configured thresholds, the variations in the time to connect are recorded for each phase, and the statistics are displayed in the Monitor tab.

Navigate to Configuration > Service Level Assurance > Roaming.

Dynamic Baselines

You are required to provide the following information for threshold/baseline configuration.

  • Scope - Select the scope to calculate the thresholds which could either be per Adom, per FortiGate, per AP, or per SSID.
  • Time Selection - Set the time range/duration for which FortiAIOps analysis client data to derive the thresholds.
  • Schedule Baselines Computation - Set the time when FortiAIOps calculates the baselines and applies them to your network to obtain and report the relevant SLAs.
  • Repeat Cycle - Configure the repetition of the above configurations, that is, the phase of analyzing client activity and the calculation/application of the algorithms.

The baseline values calculated by FortiAIOps are displayed in the table. You can re-compute specific baseline values.

Static Threshold

For static threshold configuration to enable faster roaming, configure the following parameters.

  • Fast BSS Transition Roams(11r) - This is implemented as part of the 802.11r standard and enables fast roaming of wireless clients by pre-authenticating them with several APs in the network; this pre-authentication is done prior to when the client begins roaming. This feature allows immediate BSS transitions between APs and curtails the latency caused by deferred data connectivity, often experienced when a client has to transition from one BSS to another while roaming in a multi-AP deployment. The default roaming time value is 55 ms and the valid range is 1 - 600000 ms.
    Note: To use this feature of FortiAIOps, ensure that the wireless client supports 802.11r standard enable 802.11r roaming on the SSID using the set fast-bss-transition CLI commands on FortiGate.
  • PMK Cache Roams – The Pairwise Master Key (PMK) caching enables a wireless client to re-associate with an AP without re-authenticating. When a wireless client associates with an AP through the 802.1x authentication process, a master key negotiated with the AP is stored in a cache. When the client roams to different APs and then wants to re-associate with this AP again, then the already cached PMK is used for authentication. This significantly reduces the authentication time as the client-AP are not required to go through the entire 802.1x authentication process again, ensuring minimal latency in data connectivity during roaming. The default roaming time value is 100 ms and the valid range is 1 - 600000 ms.
  • Opportunistic Key Caching Roams (okc) – This feature enables swift roaming of wireless clients to APs that it has never associated with earlier, without any requisite pre-authentication. When an AP successfully completes the 802.1x authentication and associates with a wireless client, it stores a unique PMK associated with that client. This per client PMK is advertised to and stored by all the APs in that particular network. When a client roams, it associates with a new AP based on this cached PMK, without any pre-authentication. This reduces the latency caused during roaming by eliminating the re-authentication process. The default roaming time value is 100 ms and the valid range is 1 - 600000 ms.

FortiAIOps dynamically determines the optimal roaming time for each type of roaming for a specific AP-Client environment using machine learning algorithms.

Previous
Next

Roaming

You can configure static thresholds or enable FortiAIOps to compute them dynamically. Based on the configured thresholds, the variations in the time to connect are recorded for each phase, and the statistics are displayed in the Monitor tab.

Navigate to Configuration > Service Level Assurance > Roaming.

Dynamic Baselines

You are required to provide the following information for threshold/baseline configuration.

  • Scope - Select the scope to calculate the thresholds which could either be per Adom, per FortiGate, per AP, or per SSID.
  • Time Selection - Set the time range/duration for which FortiAIOps analysis client data to derive the thresholds.
  • Schedule Baselines Computation - Set the time when FortiAIOps calculates the baselines and applies them to your network to obtain and report the relevant SLAs.
  • Repeat Cycle - Configure the repetition of the above configurations, that is, the phase of analyzing client activity and the calculation/application of the algorithms.

The baseline values calculated by FortiAIOps are displayed in the table. You can re-compute specific baseline values.

Static Threshold

For static threshold configuration to enable faster roaming, configure the following parameters.

  • Fast BSS Transition Roams(11r) - This is implemented as part of the 802.11r standard and enables fast roaming of wireless clients by pre-authenticating them with several APs in the network; this pre-authentication is done prior to when the client begins roaming. This feature allows immediate BSS transitions between APs and curtails the latency caused by deferred data connectivity, often experienced when a client has to transition from one BSS to another while roaming in a multi-AP deployment. The default roaming time value is 55 ms and the valid range is 1 - 600000 ms.
    Note: To use this feature of FortiAIOps, ensure that the wireless client supports 802.11r standard enable 802.11r roaming on the SSID using the set fast-bss-transition CLI commands on FortiGate.
  • PMK Cache Roams – The Pairwise Master Key (PMK) caching enables a wireless client to re-associate with an AP without re-authenticating. When a wireless client associates with an AP through the 802.1x authentication process, a master key negotiated with the AP is stored in a cache. When the client roams to different APs and then wants to re-associate with this AP again, then the already cached PMK is used for authentication. This significantly reduces the authentication time as the client-AP are not required to go through the entire 802.1x authentication process again, ensuring minimal latency in data connectivity during roaming. The default roaming time value is 100 ms and the valid range is 1 - 600000 ms.
  • Opportunistic Key Caching Roams (okc) – This feature enables swift roaming of wireless clients to APs that it has never associated with earlier, without any requisite pre-authentication. When an AP successfully completes the 802.1x authentication and associates with a wireless client, it stores a unique PMK associated with that client. This per client PMK is advertised to and stored by all the APs in that particular network. When a client roams, it associates with a new AP based on this cached PMK, without any pre-authentication. This reduces the latency caused during roaming by eliminating the re-authentication process. The default roaming time value is 100 ms and the valid range is 1 - 600000 ms.

FortiAIOps dynamically determines the optimal roaming time for each type of roaming for a specific AP-Client environment using machine learning algorithms.

Previous
Next