cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1207
Views
5
Helpful
3
Replies

Session Key and Broadcast Key

mnlatif
Level 3
Level 3

Hi,

Can anyone explain the difference between the Broadcast and Session Key ?

When using an EAP authentication scheme, that would provide dynamic WEP Keys, Is it necassary to enable "Broadcast key rotation" on the Access Point ?

What advantage would it provide, if "Broadcast key rotation" is enabled ?

Regards \\ Naman

1 Accepted Solution

Accepted Solutions

ndoshi
Cisco Employee
Cisco Employee

In eap ( say in case of LEAP ) there are two keys generated

a) Session key : It is also call unicast key . This is for unicast traffic .

When mutula authentication gets success full , both radius server and

client independently generates this key . So this key is never trasmitted

over the wireless ! This key is DYNAMIC in nature . On the radius server

027 parameter which is session timeout controls this session key timeout

b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates

another random key is call broadcast key . If you do not want AP to generate

the random key to define in key1 slot so ap will use that key as bkey .

Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it

dynamic you can use that option enable Bkey . other than 0 value will enable

the Bkey rotation .

Either you turn on Bkey rotation or turn on TKIP for enhanced security .

I hope this explains

There are white paper on the web

http://www.cisco.com/en/US/partner/netsol/ns110/ns175/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml

Nilesh

View solution in original post

3 Replies 3

ndoshi
Cisco Employee
Cisco Employee

In eap ( say in case of LEAP ) there are two keys generated

a) Session key : It is also call unicast key . This is for unicast traffic .

When mutula authentication gets success full , both radius server and

client independently generates this key . So this key is never trasmitted

over the wireless ! This key is DYNAMIC in nature . On the radius server

027 parameter which is session timeout controls this session key timeout

b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates

another random key is call broadcast key . If you do not want AP to generate

the random key to define in key1 slot so ap will use that key as bkey .

Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it

dynamic you can use that option enable Bkey . other than 0 value will enable

the Bkey rotation .

Either you turn on Bkey rotation or turn on TKIP for enhanced security .

I hope this explains

There are white paper on the web

http://www.cisco.com/en/US/partner/netsol/ns110/ns175/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml

Nilesh

Thank You Nilesh. This answers my question

ingservis
Level 1
Level 1

This is very good question and this is very good answer...I was wondering about this for quite some time and red all posts in forum to find it :)

..please, I can not login cause I can not get that degree of access to read this white paper.... would it be possible to mail it to me?!.... thanks

Review Cisco Networking for a $25 gift card