A scheme for authentication, dynamic key generation and exchange provides means for authentication of mobile nodes (22) and generation of per session, per node, encryption keys for encrypting/decrypting communications between a mobile node (22) and an access point (24) in wireless local area networks (50). The scheme utilizes the same infrastructure and authentication information for both data link layers (layer 2) and network layers (layer 3). This scheme is particularly applicable to networks adhering to the IEEE 802 LAN family of standards.