Key Scoping AAA context is associated with a key Default scope for a AAA-Key is within a NAS AAA protocols authenticate at NAS granularity Diameter, RADIUS don’t use the NAS Called-Station-Id as its identity Key is scoped to the physical NAS; can’t assume separate key cache for each “virtual NAS”, Called-station-Id, SSID, etc. Client may not be able to recognize NAS scope without assistance from the lower layer In IEEE 802.11 only the BSSID is announced in the Beacon/Probe Response, not the NAS-Identifier |