Index: sys/dev/ath/if_ath_keycache.c
===================================================================
--- sys/dev/ath/if_ath_keycache.c	(revision 243195)
+++ sys/dev/ath/if_ath_keycache.c	(working copy)
@@ -199,6 +199,7 @@
 	HAL_KEYVAL hk;
 
 	memset(&hk, 0, sizeof(hk));
+
 	/*
 	 * Software crypto uses a "clear key" so non-crypto
 	 * state kept in the key cache are maintained and
@@ -214,6 +215,15 @@
 		hk.kv_type = HAL_CIPHER_CLR;
 
 	/*
+	 * If we're installing a clear cipher key and
+	 * the hardware doesn't support that, just succeed.
+	 * Leave it up to the net80211 layer to figure it out.
+	 */
+	if (hk.kv_type == HAL_CIPHER_CLR && sc->sc_hasclrkey == 0) {
+		return (1);
+	}
+
+	/*
 	 * XXX TODO: check this:
 	 * 
 	 * Group keys on hardware that supports multicast frame
@@ -449,7 +459,15 @@
 	 * those requests to slot 0.
 	 */
 	if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
-		return key_alloc_single(sc, keyix, rxkeyix);
+		if (sc->sc_hasclrkey)
+			return key_alloc_single(sc, keyix, rxkeyix);
+		else {
+			/*
+			 * Map to slot 0 for the AR5210.
+			 */
+			*keyix = *rxkeyix = 0;
+			return (1);
+		}
 	} else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP &&
 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
 		if (sc->sc_splitmic)
Index: sys/dev/ath/ath_hal/ar5210/ar5210_reset.c
===================================================================
--- sys/dev/ath/ath_hal/ar5210/ar5210_reset.c	(revision 243195)
+++ sys/dev/ath/ath_hal/ar5210/ar5210_reset.c	(working copy)
@@ -191,6 +191,8 @@
 	OS_REG_WRITE(ah, AR_TRIG_LEV, 1);	/* minimum */
 
 	OS_REG_WRITE(ah, AR_DIAG_SW, 0);
+	AH_PRIVATE(ah)->ah_diagreg |= (AR_DIAG_SW_DIS_ENC | AR_DIAG_SW_DIS_DEC);
+	OS_REG_WRITE(ah, AR_DIAG_SW, AH_PRIVATE(ah)->ah_diagreg);
 
 	OS_REG_WRITE(ah, AR_CFP_PERIOD, 0);
 	OS_REG_WRITE(ah, AR_TIMER0, 0);		/* next beacon time */