Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1215
Views
5
Helpful
3
Replies

Session Key and Broadcast Key

Go to solution
mnlatif
Level 3
Level 3

‎03-24-2003 02:04 PM - edited ‎07-04-2021 08:35 AM

Hi,

Can anyone explain the difference between the Broadcast and Session Key ?

When using an EAP authentication scheme, that would provide dynamic WEP Keys, Is it necassary to enable "Broadcast key rotation" on the Access Point ?

What advantage would it provide, if "Broadcast key rotation" is enabled ?

Regards \\ Naman

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ndoshi
Cisco Employee
Cisco Employee

‎03-24-2003 05:47 PM

In eap ( say in case of LEAP ) there are two keys generated

a) Session key : It is also call unicast key . This is for unicast traffic .

When mutula authentication gets success full , both radius server and

client independently generates this key . So this key is never trasmitted

over the wireless ! This key is DYNAMIC in nature . On the radius server

027 parameter which is session timeout controls this session key timeout

b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates

another random key is call broadcast key . If you do not want AP to generate

the random key to define in key1 slot so ap will use that key as bkey .

Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it

dynamic you can use that option enable Bkey . other than 0 value will enable

the Bkey rotation .

Either you turn on Bkey rotation or turn on TKIP for enhanced security .

I hope this explains

There are white paper on the web

http://www.cisco.com/en/US/partner/netsol/ns110/ns175/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml

Nilesh

View solution in original post

3 Replies 3

Go to solution
ndoshi
Cisco Employee
Cisco Employee

‎03-24-2003 05:47 PM

In eap ( say in case of LEAP ) there are two keys generated

a) Session key : It is also call unicast key . This is for unicast traffic .

When mutula authentication gets success full , both radius server and

client independently generates this key . So this key is never trasmitted

over the wireless ! This key is DYNAMIC in nature . On the radius server

027 parameter which is session timeout controls this session key timeout

b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates

another random key is call broadcast key . If you do not want AP to generate

the random key to define in key1 slot so ap will use that key as bkey .

Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it

dynamic you can use that option enable Bkey . other than 0 value will enable

the Bkey rotation .

Either you turn on Bkey rotation or turn on TKIP for enhanced security .

I hope this explains

There are white paper on the web

http://www.cisco.com/en/US/partner/netsol/ns110/ns175/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml

Nilesh

Go to solution
mnlatif
Level 3
Level 3
In response to ndoshi

‎03-25-2003 03:49 PM

Thank You Nilesh. This answers my question

0 Helpful

Go to solution
ingservis
Level 1
Level 1

‎06-26-2004 01:10 PM

This is very good question and this is very good answer...I was wondering about this for quite some time and red all posts in forum to find it :)

..please, I can not login cause I can not get that degree of access to read this white paper.... would it be possible to mail it to me?!.... thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card