Enterasys Networks 802.11 User Manual
Page 51
2-17
Security
2.
The key period expires. The AP creates two new random keys and loads them into the
inactive authenticator key indexes (Keys 3 and 4 in this example). The keys are not yet
used for transmission or reception.
3.
The AP begins transmitting the new key pair to the authenticated clients in the
supplicant list. When a client receives the new keys, it immediately begins transmitting
using the new TX key. The AP does not use the new TX key until the message has been
transmitted to all clients. During this time, the AP accepts transmissions on both the
old and new RX keys. Note that a client can only have one TX key. The following table
shows that some clients use Key1 as the TX key while other clients use Key 3.
AP
Client
Key #
Encryption
TX/RX
State
TX/RX
Encryption
Key1
aaaaaaaaaaaaaa RX
Active
TX
aaaaaaaaaaaaaa
Key2 bbbbbbbbbbbbb
TX
Active
RX
bbbbbbbbbbbbb
Key3
cccccccccccccc
Inactive
xxxxxxxxxxxxx
Key4
ddddddddddddd
Inactive
xxxxxxxxxxxxx
AP
Client
Key #
Encryption
TX/RX
State
TX/RX
Encryption
Key1
aaaaaaaaaaaaaa RX
Active
TX
aaaaaaaaaaaaaa
Key2 bbbbbbbbbbbbb
TX
Active
RX
bbbbbbbbbbbbb
Key3 cccccccccccccc
RX
Active
TX
cccccccccccccc
Key4
ddddddddddddd
Inactive
ddddddddddddd