Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

421

422

423

424

425

426

427

428

429

430

Managing 802.1X Encryption Keys

19-4 Managing 802.1X on the RoamAbout Switch

Managing WEP Keys

Wired‐EquivalentPriva c y(WEP)ispartofthesystemsecurityof802.1X. MSSusesWEPto

provideconfidentialitytopacketsastheyaresentovertheair.WEPoperatesontheaccesspoint.

WEPusesasecretkeysharedbetweenthecommunicators.WEPrekeyingincreasesthesecurityof

thenetwork.New

unicastkeysaregeneratedeverytimeaclientperforms802.1Xauthentication.

Therekeyingprocesscanbeperformedautomaticallyonaperiodicbasis.BysettingtheSession‐

TimeoutRADIUSattrib ute,youmakethereauthenticationtransparenttotheclient,whois

unawarethatreauthenticationisoccurring.AgoodvalueforSession‐Timeout

is30 minutes.

WEPbroadcastrekeyingcausesthebroadcastandmulticastkeysforWEPtoberotatedevery

WEPrekeyperiodforeachradiotoeachconnectedVLAN.TheRASgeneratesthenewbroadcast

andmulticastkeysandpushesthekeystotheclientsviaEAPoLkeymessages.WEPkeysarecase‐

insensitive.

Usethesetdot1xwep‐rekeyandthesetdot1xwep‐rekey‐periodcommandstoenableWEPkey

rotationandconfigurethetimeintervalforWEPkeyrotation.

Configuring 802.1X WEP Rekeying

WEPrekeyingisenabledbydefaultontheRoamAboutSwitch.DisableWEPrekeyingonlyifyou

needtodebugyour802.1Xnetwork.

Examples

UsethefollowingcommandtodisableWEPrekeyingforbroadcastandmulticastkeys:

RBT-8100# set dot1x wep-rekey disable

success: wep rekeying disabled

ToreenableWEPrekeying,typethefollowingcommand:

RBT-8100# set dot1x wep-rekey enable

success: wep rekeying enabled

Configuring the Interval for WEP Rekeying

ThefollowingcommandsetstheintervalforrotatingtheWEPbroadcastandmulticastkeys:

set dot1x wep-rekey-period seconds

Thedefaultis1800 seconds(30 minutes).Youcansettheintervalfrom30 to1,641,600 seconds

(19 days).

Example

TypethefollowingcommandtosettheWEP‐rekeyperiodto900 seconds:

RBT-8100# set dot1x wep-rekey-period 900

success: dot1x wep-rekey-period set to 900

Note: Reauthentication is not required for using this command. Broadcast and multicast keys are

always rotated at the same time, so all members of a given radio and VLAN receive the new keys at

the same time.