In an AP, the broadcast-key change <value> command tells the AP how often to rotate the WPA key. My question: How do clients remain connected to the Wireless LAN when the key rotates? If the client authenticates (via Radius in my example below), then I would think the key challenge would need to be met. However, if in 5 minutes the key rotates, for example, isn't the client going to lose connection since the challenge value is now different? The only thing I can think of is that Radius handles this dynamically once a client is authenticated, thus avoiding any disruption. Is this correct?
Here is my config, if interested:
aaa group server radius employee-clients
server 10.255.255.250 auth-port 1645 acct-port 1646
aaa authentication login console local
aaa authentication login net-admin local
aaa authentication login eap_methods group employee-clients
All dot1x clients have a unique key but share a seperate broadcast key that is derived through the dot1x process. To rotate that key use this command ( broadcast-key vlan # change #) on the radio interface. . but the WPA cypher key which keeps on changing after some interval is to encrypt the data with different differnt keys so that it wil be difficult to be cracked/decrypt and not for reauthentication of clients.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...