Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Session Key and Broadcast Key

Hi,

Can anyone explain the difference between the Broadcast and Session Key ?

When using an EAP authentication scheme, that would provide dynamic WEP Keys, Is it necassary to enable "Broadcast key rotation" on the Access Point ?

What advantage would it provide, if "Broadcast key rotation" is enabled ?

Regards \\ Naman

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Session Key and Broadcast Key

In eap ( say in case of LEAP ) there are two keys generated

a) Session key : It is also call unicast key . This is for unicast traffic .

When mutula authentication gets success full , both radius server and

client independently generates this key . So this key is never trasmitted

over the wireless ! This key is DYNAMIC in nature . On the radius server

027 parameter which is session timeout controls this session key timeout

b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates

another random key is call broadcast key . If you do not want AP to generate

the random key to define in key1 slot so ap will use that key as bkey .

Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it

dynamic you can use that option enable Bkey . other than 0 value will enable

the Bkey rotation .

Either you turn on Bkey rotation or turn on TKIP for enhanced security .

I hope this explains

There are white paper on the web

http://www.cisco.com/en/US/partner/netsol/ns110/ns175/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml

Nilesh

3 REPLIES
Cisco Employee

Re: Session Key and Broadcast Key

In eap ( say in case of LEAP ) there are two keys generated

a) Session key : It is also call unicast key . This is for unicast traffic .

When mutula authentication gets success full , both radius server and

client independently generates this key . So this key is never trasmitted

over the wireless ! This key is DYNAMIC in nature . On the radius server

027 parameter which is session timeout controls this session key timeout

b) Broadcast key : once the session key is generated on client and radius server , radius server will pass this session key to AP . Now AP generates

another random key is call broadcast key . If you do not want AP to generate

the random key to define in key1 slot so ap will use that key as bkey .

Bkey is for broadcast trafffic . It is STATIC in nature . If you want to make it

dynamic you can use that option enable Bkey . other than 0 value will enable

the Bkey rotation .

Either you turn on Bkey rotation or turn on TKIP for enhanced security .

I hope this explains

There are white paper on the web

http://www.cisco.com/en/US/partner/netsol/ns110/ns175/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml

Nilesh

New Member

Re: Session Key and Broadcast Key

Thank You Nilesh. This answers my question

New Member

Re: Session Key and Broadcast Key

This is very good question and this is very good answer...I was wondering about this for quite some time and red all posts in forum to find it :)

..please, I can not login cause I can not get that degree of access to read this white paper.... would it be possible to mail it to me?!.... thanks

265
Views
5
Helpful
3
Replies
CreatePlease login to create content