Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Refresh rates for WP420

SOLVED
Go to solution
BOVC
Advisor

Refresh rates for WP420

Hi,

I've set up five 420's with 802.1x authentication against our Win2003 server and it all works fine.

However, to improve security I'd like to define the different refresh rates (default 0) on Broadcast Key, Session Key, and 802.1x reauthentication values.

Are there any recommended settings? I'd like to keep it secure, but I don't won't the wireless connections to be too unstable because of constant reauthentication either.

Hope that someone is able to help me out. Just need some recommended settings that someone knows works well.

Thanks in advance,
Rasmus
3 REPLIES
Matt Hobbs
Honored Contributor

Re: Refresh rates for WP420

It depends on whether you're using WEP or WPA.

Microsoft have recommendations for these values in their 'Securing Wireless LANs with PEAP and Passwords' whitepaper.

http://go.microsoft.com/fwlink/?LinkId=23481

To quickly summarise it, for WEP they say 60 minutes should be okay for most organisations. Being very paranoid you would want to go down to 3 minutes.

You should use WPA/WPA2 if possible which offers much better security. My understanding is that key rotation is automatic so there is no real need to set these values on the AP. Microsoft recommends 8 hours though.

This document also has some good information:

http://www.wi-fi.org/files/uploaded_files/wp_9_WPA-WPA2%20Implementation_2-27-05.pdf

Also the 2.1.4 firmware has been released for the 420, I'd recommend you update to this.

BOVC
Advisor

Re: Refresh rates for WP420

Sounds great - thanks a bunch.

We use WPA/WPA2 and are already running on the newest firmware.

Is the 8 hours for all three categories? (broadcast, sesseion and re-auth.)

Thanks,
Rasmus
Matt Hobbs
Honored Contributor
Solution

Re: Refresh rates for WP420

If I was going to set them, I would set it on all 3. I believe the broadcast key is equivalent to the Group Temporal Key for WPA. Supposedly, when a client disassociates from an AP, a new GTK is sent anyway.

There doesn't seem to be much out there as far as recommendations for refresh rates with WPA goes. I'm guessing this is because WPA does a good job of this automatically.