Since december 2000, we support a session key, which is negociated by the LEAP protocol after a login/password authentication with the Cisco Secure ACS Radius server. With this implementation the session key is used as the input parameter for the RC4 algorithm.
Since december 2001, we have a new firmware release (actual AP release 11.21 available on CCO) that support a 'TKIP' implementation, where the session key is hashed for each packet to obtain a uniq 'packet' key, used as the input parameter for the RC4 algo for the packet. The radio firmware must be upgraded in both AP and Client.