Filter
Top Products
Security
2-16
802.1X Rapid Rekeying
Rapid Rekeying, also known as Key Tumbling, provides automatic IEEE 802.11 WEP
encryption key generation and frequent redistribution of WEP keys.
The following information applies to using Rapid Rekeying:
• Rapid Rekeying requires the use of 802.1X authentication. Unauthenticated clients and
MAC address authentication clients cannot receive updated WEP keys, and would
soon lose connectivity to the LAN.
• Rapid Rekeying automatically disables user-specified WEP encryption keys.
• Rapid Rekeying requires the use of an EAP login method that generates session keys,
and the use of a RADIUS server that will distribute those keys to the AP. The AP uses
the session keys to encrypt the WEP key distribution messages. Clients without session
keys do not get new WEP keys.
• EAP-TLS authentication using X.509 certificates on the clients will work with Rapid
Rekeying.
• EAP-MD5 password authentication will not work with Rapid Rekeying. EAP-MD5
does not negotiate session keys.
• Token based authentication will work with Rapid Rekeying if the token based
authentication uses a TLS based method, such as TTLS or PEAP. The requirement is
that there are TLS session keys negotiated and retained by the client and the AP.
The following describes how the AP introduces new key pairs.
1. The AP and clients are using the existing keys at the beginning of the Rapid Rekeying
encryption cycle.
AP Client
Key # Encryption TX/RX State TX/RX Encryption
Key1 aaaaaaaaaaaaaa RX Active TX aaaaaaaaaaaaaa
Key2 bbbbbbbbbbbbb TX Active RX bbbbbbbbbbbbb
Key3 xxxxxxxxxxxxx Inactive xxxxxxxxxxxxx
Key4 xxxxxxxxxxxxx Inactive xxxxxxxxxxxxx