Well this is a loaded question.

Session timeout is one function that will cause the key to get relaoded. Also in the radius server i think there is a timer there as well.

But to be clear there are 2 keys that are independedent of each other.

PTK Keys and GTK keys

PTK keys encrypt 802.11 UNICAST traffic while the GTK keys encrypt multicast and broadcast traffic and is AP specific. Also ALL clients on a ap share the IDENTICAL GTK key.

Also when you roam new PTK keys are created at each AP.

Or unless you are talking about the PMK. This is EAP specific and the session timeout regenerates this key.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

only half loaded.  the WLC is supposed to ignore the WLAN session timer, and use the WPA key lifetime.  you can see it in a client debug

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Hi Steve!

Well when a client connects and you do a show PMK cache you can see the session timout and when it hois zero the client is deauthenticated and a new PMK is created which then in turn generates a new PTK becuase of the new seeding material of the PMK.

Are you saying this isnt accurate based on your expereince ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."