Predictive Pairwise Master Key Caching

What is claimed is: 1 . A method comprising: authenticating a client device in a wireless local area network using a pairwise master key when the client device associates to a first access point; generating a set of neighbor devices to the client device, wherein the set includes less than a total number of access points in the wireless local area network; distributing the pairwise master key to the neighbor devices such that the pairwise master key is not distributed to access points outside of the set of neighbor devices; and maintaining data representing the set of neighbor devices for the client device. 2 . The method of claim 1 , wherein: generating the set of neighbor devices comprises generating the set to include first level neighbors and second level neighbors of the client device; and distributing the pairwise master key comprises distributing the pairwise master key to the first level neighbors and the second level neighbors, such that the pairwise master key is not distributed to access points outside of the second level neighbors of the client device, wherein the first level neighbors are access points that the client device may directly wirelessly communicate with, wireless local area network controllers which service the access points that the client device may directly wirelessly communicate with, and access points that the first access point may directly wirelessly communicate with, and wherein the second level neighbors are access points and wireless local area network controllers that the first level neighbors may directly wirelessly communicate with. 3 . The method of claim 1 , wherein: generating the set of neighbor devices comprises generating the set to include first level neighbors of the client device; and distributing the pairwise master key comprises distributing the pairwise master key such that the pairwise master key is not distributed to access points outside of the first level neighbors of the client device, wherein the first level neighbors are access points that the client device may directly wirelessly communicate with, wireless local area network controllers which service the access points that the client device may directly wirelessly communicate with, and access points that the first access point may directly wirelessly communicate with. 4 . The method of claim 1 , further comprising: determining that the client device has accessed the wireless local area network through a second access point, wherein the second access point is not in the set of the neighbor devices to the client device; regenerating the set of neighbor devices to the client device based on the second access point; distributing the pairwise master key to the neighbor devices in the regenerated set, such that the pairwise master key is not distributed to access points outside of the neighbor devices in the regenerated set; and maintaining data representing the regenerated set. 5 . The method claim 1 , further comprising: determining that the client device has accessed the wireless local area network through a second access point, and wherein the second access point is in the set of neighbor devices to the client device, wherein the data representing the set of the neighbor devices is maintained without modification, and wherein the pairwise master key is not distributed in response to the determining. 6 . The method of claim 1 , wherein generating the set of neighbor devices comprises receiving a response to a beacon request. 7 . The method of claim 6 , wherein generating the set of the neighbor devices to the client device further comprises determining a neighbor for an access point indicated in the response. 8 . An apparatus comprising: a network interface unit that communicates over a wireless local area network; a memory; and a processor coupled to the network interface unit and the memory, wherein the processor: authenticates a client device in the wireless local area network using a pairwise master key when the client device associates to a first access point; generates a set of neighbor devices to the client device, wherein the set includes less than a total number of access points in the wireless local area network; distributes the pairwise master key to the neighbor devices such that the pairwise master key is not distributed to access points outside of the neighbor devices; and maintains data representing the set of neighbor devices to the client device in the memory. 9 . The apparatus of claim 8 wherein the processor further: generates the set of neighbor devices by generating the set to include first level neighbors of the client device and second level neighbors of the client device, and distributes the pairwise master key by distributing the pairwise master key to the first level neighbors and the second level neighbors, such that the pairwise master key is not distributed to access points outside of the second level neighbors of the client device, wherein the first level neighbors are access points that the client device may directly wirelessly communicate with, wireless local area network controllers which service the access points that the client device may directly wirelessly communicate with, and access points that the first access point may directly wirelessly communicate with; and wherein the second level neighbors are access points and wireless local area network controllers that the first level neighbors may directly wirelessly communicate with. 10 . The apparatus of claim 8 , wherein the processor further: generates the set of neighbor devices by generating the set to include first level neighbors of the client device, and distributes the pairwise master key by distributing the pairwise master key such that the pairwise master key is not distributed outside of the first level neighbors of the client device, wherein the first level neighbors are access points that the client device may directly wirelessly communicate with, wireless local area network controllers which service the access points that the client device may directly wirelessly communicate with, and access points that the first access point may directly wirelessly communicate with. 11 . The apparatus of claim 8 , wherein the processor further: determines that the client device has accessed the wireless local area network through a second access point, wherein the second access point is not in the set of the neighbor devices to the client device; regenerates the set of neighbor devices to the client device based on the second access point; distributes the pairwise master key to the neighbor devices in the regenerated set, such that the pairwise master key is not distributed to access points outside of the neighbor devices in the regenerated set; and maintains data representing the regenerated set in the memory. 12 . The apparatus of claim 8 , wherein: the processor further determines that the client device has accessed the wireless local area network through a second access point, the second access point is in the set of neighbor devices to the client device, the data representing the set of the neighbor devices is maintained without modification, and the pairwise master key is not distributed in response to the determining. 13 . The apparatus of claim 8 , wherein the processor generates the set of neighbor devices by receiving a response to a beacon request. 14 . The apparatus of claim 13 , wherein the processor generates the set of the neighbor devices to the client device by determining a neighbor for an access point indicated in the response.