So AP should change session key every 600sec and the broadcast key should be changed every 300sec. According to the Cisco AP configuration guide, broadcast keys use slots 2 and 3 and session key should be in slot 1.
If I checked the log on my windows client (netsh ras set tracing * enabled) in the EAPOL.LOG file, it seems that there are only slots 1 and 2 that are used :
In eap ( say in case of LEAP ) there are two keys generated
a) Session key : It is also call unicast key . This is for unicast traffic .
When mutual authentication gets successfull , both radius server and client independently generates this key . So this key is never trasmitted over the wireless ! This key is DYNAMIC in nature . On the radius server 027 parameter which is session timeout controls this session key timeout
b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates another random key call broadcast key . If you do not want AP to generate the random key define in key1 slot so ap will use that key as bkey .
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...