Parameter Description
DynamicW EP Key Size Thedefault dynamic W EP keysiz e is 128bits, If desired, you can change this parameter to
either40 bits.
Intervalbetween
WPA/WPA2Key Messages
Interval,in m illiseconds, between each WPA key exchanges. The allowed range of values is
1000-5000ms, and the default value is 3000 ms.
Delaybetween EAP-
Successand WP A2Unicast
KeyExchange
Interval,in m illiseconds, between EAP-Success and unicast keyexchanges. The all owed
rangeof values i s 0-2000ms, and the default value is0 m s (no delay).
Delaybetween W PA/WPA2
UnicastKey and Group K ey
Exchange
Interval,in m illiseconds, between unicast and multicast key exchange. Time interval in
milliseconds. Range: 0-2000.Default: 0 (no delay)
Time interval afterw hich
thePMKS Aw ill be deleted
Thetim e interval afterwhi ch theP MKSA (Pairwise Master Key Security Association)cache is
deleted. Time interval in Hours. Range: 1-2000. Default:8.
WPA/WPA2Key Message
RetryCount
Number oftim esW PA/WPA2key messages are retried. The allowed range of values for this
parameteri s 1-5retries, andthe default value i s 3 retries.
MulticastKey Rotation Selectthis checkbox to enable multicastkey rotation. Thi s featurei s disabled by default.
UnicastKey Rotation Selectthis checkbox to enable unicastkey rotation. This feature is di sabled by default.
OpportunisticKey Caching Bydefault, the 802.1X authentication profile enables a cached pairwise master key (PMK)
derivedvia a cl ient and an associatedAP and used when the client roams to a new AP. Thi s
allows clients faster roaming without a full 802.1x authentication. Uncheck this option to
disable this feature.
NOTE:Make sure that the wi reless client (the 802.1X supplicant) supportsthis feature. If the
client does not supportthis feature, the cl ient will attempt to renegotiate the key whenever it
roamsto a new AP. Asa result, the key cached on the controller can be out of sync with the
keyused by the client.
Validate PMKID Thisparam eter instructsthe controller tocheck the pairwi se master key (PMK) IDsent by the
client. When this option is enabled, the client must send a PMKID in the associateor
reassociateframe to indicate that it supports OKC or PMK caching; otherwise, full 802.1x
authenticationtakes place.
NOTE:Thi sfeature is optional, since m ostcli entsthat support OKC and PMK caching do not
sendthe PMKID in their association request.
UseSession Key Selectthe Use Session Key option to use the RADIUSsession key as the unicast WEP key.
Thisoption isdisabl ed by default.
UseStatic Key Selectthe Use Static Key option to use a static key as the unicast/multicastW EP key. This
optioni s disabled by default.
xSecMTU Setthe maxim um transmission unit (MTU)for frames using the xSec protocol. The range of
allowed values is 1024-1500bytes, and 1300 bytes
TokenCachi ng Ifyou select EAP-GTC as the inner EAP method, you can select the Token Caching checkbox
toenable the controller to cache the username and password of each authenticated user. The
controller continuesto reauthenticate users with the remote authentication server, however,
ifthe authentication server is not available, the controller wil l inspect itscached credential s
toreauthenticate users.
Thisoption isdisabl ed by default.
TokenCachi ng Period Ifyou select EAP-GTC as the inner EAP method, you can specify the timeout period, in hours,
DellPowerConnect W- Series ArubaOS 6.2 | UserGuide 802.1XAuthentication | 198