Avaya AP-4 User Manual page 180

Security
Upon receiving a reply EAP packet from the RADIUS, the message is
typically forwarded to the client, after translating it back to the EAPOL
format. Negotiations take place between the client and the RADIUS
server. After the client has been successfully authenticated, the client
receives an Encryption Key from the AP (if the EAP type supports
automatic key distribution). The client uses this key to encrypt data after
it has been authenticated.
For 802.11a clients that communicate with an AP-5, each client receives
its own unique encryption key; this is known as Per User Per Session
Encryption Keys. (This feature is only available when using 802.1x
mode; it is not available when in Mixed mode or using WEP encryption
only).
4-96 Avaya Wireless AP-4/AP-5 User's Guide