Motorola AP-6511 Reference Manual page 147

5. Define Key Settings.
Pre-Shared Key
6. Define Key Rotation values.
Unicast messages are addressed to a single device on the network. Broadcast messages are addressed
to multiple devices. When using WPA2, a wireless client can use 2 keys: one unicast key, for its own
traffic to and from an access point, and one broadcast key, the common key for all the clients in that
subnet.
Motorola recommends rotating these keys so a potential hacker would not have enough data using a
single key to attack the deployed encryption scheme.
Unicast Rotation
Interval
Broadcast Rotation
Interval
7. Define the Fast Roaming
Using 802.11i can speed up the roaming process from one AP to another. Instead of doing a complete
802.1x authentication each time a client roams between APs, 802.11i allows a client to re-use previous
PMK authentication credentials and perform a four-way handshake. This speeds up the roaming process.
In addition to reusing PMKs on previously visited APs, Opportunistic Key Caching allows multiple APs to
share PMKs amongst themselves. This allows a client to roam to an AP it has not previously visited and
reuse a PMK from another AP to skip 802.1x authentication.
Pre-Authentication
Enter either an alphanumeric string of 8 to 63 ASCII characters or 64 HEX
characters as the primary string both transmitting and receiving authenticators
must share. The alphanumeric string allows character spaces. The wireless
controller converts the string to a numeric value. This passphrase saves the
administrator from entering the 256-bit key each time keys are generated.
Define an interval for unicast key transmission in seconds (30 -86,400). Some
clients have issues using unicast key rotation, so ensure you know which kind
of clients are impacted before using unicast keys. This feature is disabled by
default.
When enabled, the key indices used for encrypting/decrypting broadcast
traffic will be alternatively rotated based on the defined interval Define an
interval for broadcast key transmission in seconds (30-86,400). Key rotation
enhances the broadcast traffic security on the WLAN. This feature is disabled
by default.
configuration used with the WPA/WPA2-TKIP policy.
Selecting the Pre-Authentication option enables an associated client to carry
out an 802.1x authentication with another wireless controller (or device)
before it roams to it. This enables the roaming client to send and receive data
sooner by not having to conduct an 802.1x authentication after roaming. With
pre authentication, a client can perform an 802.1X authentication with other
detected access points while still connected to its current access point. When
a device roams to a neighboring access point, the device is already
authenticated on the access point providing faster re-association. This feature
is enabled by default.
Wireless Configuration
6-13