etsysDot1xRekeyEnabled 1.3.6.1.4.1.5624.1.2.17.1.1.1.1.1

Determines how an access point selects radio encryption keys. If the selected port/Authenticator PAE does not support the EAPOL-Key feature (e.g., because radio keys are not applicable to Ethernet ports), this object's value will be FALSE and attempts to write TRUE will fail. Normally, if radio keys are present, the manager enters them into the access point through some manual process. The manager or the users may also need to configure the keys into each laptop (access points can distribute the keys automatically to 802.1x EAP-TLS clients). However laptops get keys, the keys remain static until somebody goes to the trouble of changing them. If the keys stay unchanged for long periods, this can make it easier for a determined attacker to launch a cryptographic attack. When rapid rekeying is enabled, an access point ignores its manually-set keys. It generates pseudo-random keys on a periodic basis, using IEEE 802.1x key distribution to deliver the keys to new and current clients. Do not enable rapid rekeying unless ALL of your clients support IEEE 802.1x and an authentication method (e.g., EAP-TLS) that supports key distribution. Before enabling rapid rekeying, make sure that you have set 'dot1xAuthKeyTxEnabled' to TRUE. Changing the keys without telling any of the clients about the changes is not a very useful mode of operation.