At 16:24 02/10/2002, Phil Cox wrote: > > 2. Dynamic WEP keys > >Does anyone know where I can find details on how they are doing this? Is >it RADIUS and EAPOL Key messages or what?
Between the auth server and the AP, RADIUS AVPs are used to send the keys. For 802.1X, MS-MPPE-Send-Key VSAs are used (see RFC 2548). For LEAP, cisco VSAs are used (see http://lists.cistron.nl/pipermail/cistron-radius/2001-September/002042.html). That's for the per-session unicast keys. Multicast/broadcast keys are either configured statically in the AP, or generated by it (if you chose broadcast key rotation). Between the AP and the station, EAPOL-Key is used. There are still a few interactions between it and the rest I still can't figure out (my cisco AP routinely sends me EAPOL-Key messages with key length=0 in quite a number of cases), but apparently there is something tricky with the privacy bit in the beacons and how clients handle it that are quite interesting. Jacques. -- Jacques Caron, IP Sector Technologies Join the discussion on public WLAN open global roaming: http://lists.ipsector.com/listinfo/openroaming -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
