In wireless local area networks (WLANs), wireless client devices access the network through wireless access points. A WLAN controller is usually included to manage and interconnect WLAN access points. During authentication with the WLAN, a client device will be assigned a pairwise master key (PMK) to allow for secure communication between the client device and the access point through which it is accessing the WLAN. The PMK will be cached at the access point to allow the client device to disassociate, and subsequently re-associate (without re-authentication) to the WLAN through the access point. Because the PMK remains cached in the access point, the WLAN can avoid traffic that may otherwise be necessary to re-authenticate the client device. Common PMK caches that are located at access points may store approximately 2000+ PMKs.
Client devices accessing a WLAN (which may include cell phones, laptop computers, tablet computers, and other mobile network devices) may travel within a mobility group or mobility domain of the WLAN. A mobility group or domain includes a series of access points or WLAN controllers spread over a geographic region that a client can use to access the WLAN without having to re-authenticate at each new access point. To allow for any access point or WLAN controller in a mobility domain to allow access to a particular client device, the PMKs for the client devices are distributed to each access point and/or WLAN controller in the mobility domain.
In some implementations of WLANs, such as those defined by Institute of Electrical and Electronics Engineers (IEEE) standard 802.011r, client devices will be prevented from reconnecting to a WLAN if they cease to be connected to at least one access point or WLAN controller of the WLAN for a timeout period, typically around 100 seconds. These implementations are suitable for WLANs that have strong coverage areas. Other implementations will cache the PMKs for client devices until the hardware of the access points and/or WLAN controller is disabled or until a maximum timeout of 86,400 second (i.e., 24 hours) is reached. This is the preferred method in WLANs with sparse wireless coverage.