03-24-2003 02:04 PM - edited 07-04-2021 08:35 AM
Hi,
Can anyone explain the difference between the Broadcast and Session Key ?
When using an EAP authentication scheme, that would provide dynamic WEP Keys, Is it necassary to enable "Broadcast key rotation" on the Access Point ?
What advantage would it provide, if "Broadcast key rotation" is enabled ?
Regards \\ Naman
Solved! Go to Solution.
03-24-2003 05:47 PM
In eap ( say in case of LEAP ) there are two keys generated
a) Session key : It is also call unicast key . This is for unicast traffic .
When mutula authentication gets success full , both radius server and
client independently generates this key . So this key is never trasmitted
over the wireless ! This key is DYNAMIC in nature . On the radius server
027 parameter which is session timeout controls this session key timeout
b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates
another random key is call broadcast key . If you do not want AP to generate
the random key to define in key1 slot so ap will use that key as bkey .
Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it
dynamic you can use that option enable Bkey . other than 0 value will enable
the Bkey rotation .
Either you turn on Bkey rotation or turn on TKIP for enhanced security .
I hope this explains
There are white paper on the web
Nilesh
03-24-2003 05:47 PM
In eap ( say in case of LEAP ) there are two keys generated
a) Session key : It is also call unicast key . This is for unicast traffic .
When mutula authentication gets success full , both radius server and
client independently generates this key . So this key is never trasmitted
over the wireless ! This key is DYNAMIC in nature . On the radius server
027 parameter which is session timeout controls this session key timeout
b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates
another random key is call broadcast key . If you do not want AP to generate
the random key to define in key1 slot so ap will use that key as bkey .
Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it
dynamic you can use that option enable Bkey . other than 0 value will enable
the Bkey rotation .
Either you turn on Bkey rotation or turn on TKIP for enhanced security .
I hope this explains
There are white paper on the web
Nilesh
03-25-2003 03:49 PM
Thank You Nilesh. This answers my question
06-26-2004 01:10 PM
This is very good question and this is very good answer...I was wondering about this for quite some time and red all posts in forum to find it :)
..please, I can not login cause I can not get that degree of access to read this white paper.... would it be possible to mail it to me?!.... thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide