Home > Wireless LAN > Encryption and Authentication > Event Log Shows Wireless Client Authenticating Every Hour

Event Log Shows Wireless Client Authenticating Every Hour

Table of contents
No headers

When using WPA, the keys used to encrypt and authenticate unicast traffic between a wireless client and AP change automatically. This is called rekeying. The rekey interval is 3600 seconds. If your SSID is configured to use WPA2-Enterprise with 802.1X authentication, you will see rekeying events for connected wireless clients appearing in the Meraki Event log every hour. This is normal behavior. Notice the timestamps on the logs below.

WPA2-Enterprise with 802.1X authentication

Dec 17 11:56:21 MYCOMPUTER 802.1X authentication AP1 Meraki identity 'DOMAIN\username'
Dec 17 11:56:21 MYCOMPUTER 802.1X EAP success AP1 Meraki identity 'DOMAIN\username'  
Dec 17 10:56:18 MYCOMPUTER 802.1X authentication AP1 Meraki identity 'DOMAIN\username' 
Dec 17 10:56:18 MYCOMPUTER 802.1X EAP success AP1 Meraki identity 'DOMAIN\username'

  

When WPA2-Enterprise with 802.1X authentication is used, the Pairwise Master Key (PMK) is derived from the 802.1x process. The PMK is computed by the RADIUS server and returned to the AP. The PMK is used to create temporal keys used for actual frame authentication and encryption. Therefore the wireless client must perform 802.1x authentication at the rekeying interval to derive new temporal keys, unless there is an over-ride setting of session-timeout at the RADIUS server. If there is such a session-timeout, Meraki APs will honor that setting.

When WPA2-PSK (shared network key) is used, the Pairwise Master Key (PMK) is configured as a shared secret on the wireless client and AP. The PMK is used to create temporal keys used for actual frame authentication and encryption. Therefore, WPA rekeying will occur between the wireless client and AP every hour to derive new temporal keys. 

Note: Meraki does not report rekeying events in the Meraki Event Log when WPA2-PSK (shared network key) is used. 

You must to post a comment.
Last modified
17:25, 12 Sep 2017

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community