Extreme Networks Altitude 4700 Series Product Reference Manual page 215

Broadcast Key
Rotation
Update broadcast
keys every (300-
604800 seconds)
6 Configure the Key Settings area as needed to set an ASCII Passphrase and 128-bit key.
ASCII Passphrase
256-bit Key
Default (hexadecimal) 256-bit keys for WP2A/CCMP include:
1011121314151617
●
18191A1B1C1D1E1F
●
2021222324252627
●
28292A2B2C2D2E2F
●
7 Configure the WPA2-CCMP Mixed Mode field as needed to allow WPA and WPA2 TKIP client
interoperation.
Allow
WPA/WPA2-TKIP
clients
Allow WEP clients
8 Configure the Fast Roaming (802.1x only) field as required to enable additional access point roaming
and key caching options.
Pre-Authentication
Altitude 4700 Series Access Point Product Reference Guide
Select the Broadcast Key Rotation checkbox to enable or
disable broadcast key rotation. When enabled, the key
indices used for encrypting/decrypting broadcast traffic will
be alternatively rotated on every interval specified in the
Broadcast Key Rotation Interval. Enabling broadcast key
rotation enhances the broadcast traffic security on the
WLAN. This value is disabled by default.
Specify a time period in seconds to rotate the key index
used for the broadcast key. Set the interval to a shorter
duration like 3600 seconds for tighter broadcast traffic
security on the wireless LAN. Set the interval to a longer
duration like 86400 seconds for less broadcast traffic
security requirements. Default value is 86400 secs.
To use an ASCII passphrase (and not a hexadecimal
value), select the checkbox enter an alphanumeric string of
8 to 63 characters. The string allows character spaces.
The access point converts the string to a numeric value.
This passphrase saves the administrator from entering the
256-bit key each time keys are generated.
To use a hexadecimal value (and not an ASCII
passphrase), select the checkbox and enter 16
hexadecimal characters into each of the four fields
displayed.
WPA2-CCMP Mixed Mode enables WPA2-CCMP, WPA-
TKIP and WPA2-TKIP clients to operate together on the
network. Enabling this option allows backwards
compatibility for clients that support WPA-TKIP and WPA2-
TKIP but do not support WPA2-CCMP. Extreme Networks
recommends enabling this feature if WPA-TKIP or
WPA2-TKIP supported MUs operate within a WLAN
populated by WPA2-CCMP enabled clients.
WPA2-CCMP Mixed Mode enables WPA2-CCMP and
WEP clients to operate together on the network.
Selecting this option enables an associated MU to carry
out an 802.1x authentication with another access point
before it roams to it. The access point caches the keying
information of the client until it roams to the other access
point. This enables the roaming client to start sending and
receiving data sooner by not having to do 802.1x
authentication after it roams. This feature is only supported
when 802.1x EAP authentication is enabled.
215