how to check WEP key rotation

rouven.heim · ‎06-04-2003

Hi!

We have AP1100 and Cisco client cards with the latest ACU installed. For authentication we use LEAP with Odyssey as the radius server. On Odyssey I´ve configured reauthentication every 2 hours. How can I check, that the WEP key has realy changed?

Another question.. When I use dynamicaly WEP do I need to enter a WEP Key in the AP configuration (Transmit Key)? Odyssey describes to enter a WEB Key (Encryption Key 1) for transmit key. I´ve not entered a key and it also seems to work!

Greetings,

Rouven

derwin · ‎06-04-2003

Try 'debug dot11 aaa process' and you should see it happen.

The reason they say enter a wep key 1 is EAP only does unicast the mulitcast key is done via that wep key

This means as you have it set up all unicast traffic is encyrpted and all multicast is clear text

rouven.heim · ‎06-05-2003

I tried "debug dot11 aaa dot1x process" and I can see that the client/AP use LEAP/Radius server (odyssey server) to generate WEP key. I set a reauthenticte periode of about 1.5 min in the odyssey policy. This is also seen in the debug output . But after waiting for about this 1.5 minutes no debugging happens. Does the wep key renewal now work or not? Where is the problem -the acu client ? Maybe i´ve to use the odyssey client or what could it be? When i manually trigger a reauthentication the debug screen runs but this also means a new IP Adress from the DHCP server. I only want to get a new WEP key.

Greetings,

R. Heim

rouven.heim · ‎06-05-2003

I´ve figured it out myself. I had to set "dot1x reauth-period server" in the radio interface. So the AP takes the value of the radius server.

But now I´ve another question. We use two BR350 to connect to buildings. The authentication is also LEAP. On one Bridge the radius server is defined and on the other bridge a LEAP user is defined. Does BR350 overtakes the reauth value of the radius server or do I have to configure it like at the AP1100 descriped above?