Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

350

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 11

Configuring Cipher Suites and WEP

3. Enable broadcast key rotation.
4. Enter the number of seconds between each rotation of the broadcast key.
5. (Optional) Enter a VLAN that you want to enable for broadcast key

rotation.

6. (Optional) If you enable WPA authenticated key management, you can

enable additional circumstances where the access point changes and
distributes the WPA group key.
– Membership termination

The access point generates and distributes a new group key when any
authenticated client device disassociates from the access point. This
feature protects the privacy of the group key for associated clients.
However, it can generate some overhead if clients on your network
roam frequently.

– Capability change

The access point generates and distributes a dynamic group key when
the last non-key management (static WEP) client disassociates, and it
distributes the statically configured WEP key when the first non-key
management (static WEP) client authenticates. In WPA migration
mode, this feature significantly improves the security of key-
management capable clients when there are no static-WEP clients
associated to the access point.

See

Configuring Authentication Types on page 351

for detailed instructions on

enabling authenticated key management.

broadcast-key

change seconds

[ vlan vlan-id ]

[ membership-termination ]

[ capability-change ]

7. Return to privileged EXEC mode.

end

8. (Optional) Save your entries in the configuration file.

copy running-config startup-config

Use the

no

form of the encryption command to disable broadcast key rotation.

This example enables broadcast key rotation on VLAN 22 and sets the rotation
interval to 300 seconds:

ap5100# configure terminal

ap5100(config)# interface dot11radio 0

ap5100(config-if)# broadcast-key vlan 22 change 300

ap5100(config-if)# end