Some NASs, PPoE, VPDN, wireless controllers and wireless access points require MPPE key attributes in the Access-Accept message for setting up encryption. If this AuthBy is doing MS-CHAP V1 authentication, then setting this parameter will force Radiator to automatically reply with MS-CHAP-MPPE-Keys. If this AuthBy is doing MS-CHAP V2 or EAP authentication, then setting this parameter will force Radiator to automatically reply with MS-MPPE-Send-Key and MS-MPPE-Recv-Key.

This flag parameter is optional and defaults to not set. Keys may be computed from the plaintext password, password NT hash or derived by some other means that depends on the AuthBy or AuthBy's EAP method. For example AuthBy LSA and AuthBy NTLM derive the keys with the help of Active Directory. Not all EAP methods support MPPE keys.

When keys are computed based on the password, the password must be available in one of the previously mentioned formats and the user must have User-Password check item.

With TLS based EAP methods, such as EAP-FAST, EAP-TLS, EAP-TTLS and PEAP, MS-MPPE-Send-Key and MS-MPPE-Recv-Key are computed based on TLS handshake results and do not depend on password availability.