Motorola WiNG 5.7.1 System Reference Manual page 486

6 - 16 WiNG 5.7.1 Access Point System Reference Guide
Frequent rotating of these keys is recommended so that a potential hacker would not have enough data using a single key
to attack the deployed encryption scheme.
Unicast Rotation Interval
Broadcast Rotation
Interval
9. Define the Fast Roaming
Using 802.11i can speed up the roaming process from one access point to another. Instead of doing a complete 802.1x
authentication each time a client roams between access points, 802.11i allows a client to re-use previous PMK
authentication credentials and perform a four-way handshake. This speeds up the roaming process. In addition to reusing
PMKs on previously visited access points,
amongst themselves. This allows a client to roam to an access point it has not previously visited and reuse a PMK from
another access point to skip 802.1x authentication.
Pre-Authentication
Pairwise Master Key
(PMK) Caching
Opportunistic Key
Caching
10. Set the following
TKIP Countermeasure
Hold Time
Define an interval for unicast key transmission interval from 30 - 86,400 seconds. Some
clients have issues using unicast key rotation, so ensure you know which kind of clients
are impacted before using unicast keys. This feature is disabled by default.
When enabled, the key indices used for encrypting/decrypting broadcast traffic is
alternatively rotated based on the defined interval. Define a broadcast key transmission
interval from 30 - 86,400 seconds. Key rotation enhances the broadcast traffic security on
the WLAN. This feature is disabled by default.
configuration used only with 802.1x EAP-WPA/WPA2 authentication.
NOTE: Fast Roaming is available only when the authentication is EAP or EAP-PSK and
the selected encryption is either TKIP-CCMP or WPA2-CCMP.
Opportunistic Key Caching
Selecting this option enables an associated client to carry out an 802.1x authentication
with another access point before it roams to it. This enables a roaming client to send and
receive data sooner by not having to conduct an 802.1x authentication after roaming.
With pre-authentication, a client can perform an 802.1X authentication with other
detected access points while still connected to its current access point. When a device
roams to a neighboring access point, the device is already authenticated on the access
point, thus providing faster re-association.
Pairwise Master Key (PMK) Caching is a technique for sidestepping the need to
re-establish security each time a client roams to a different switch. Using PMK caching,
clients and switches cache the results of 802.1X authentications. Therefore, access is
much faster when a client roams back to a switch to which the client is already
authenticated.
This option enables the access point to use a PMK derived with a client on one access
point, with the same client when it roams over to another access point. Upon roaming,
the client does not have to do 802.1x authentication and can start sending and receiving
data sooner.
Advanced settings for the TKIP-CCMP encryption scheme:
The TKIP Countermeasure Hold Time is the time a WLAN is disabled, if TKIP
countermeasures have been invoked on the WLAN. Use the drop-down menu to define a
value in either Hours (0-18), Minutes (0-1,092) or Seconds (0-65,535). The default setting
is 1 second.
allows multiple access points to share PMKs