Configuring the ptk lifetime, Configuring the gtk rekey method, Configuring gtk rekey based on time – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 68
56
Step Command
Remarks
3.
Enable the authentication
method.
authentication-method { open-system |
shared-key }
Optional.
Open system authentication
method is used by default.
•
Shared key authentication is
usable only when WEP
encryption is adopted. In this
case, you must configure the
authentication-method
shared-key command.
•
For RSN and WPA, open
system authentication is
required.
Configuring the PTK lifetime
A pairwise transient key (PTK) is generated through a four-way handshake, during which, the pairwise
master key (PMK), an AP random value (ANonce), a site random value (SNonce), the AP's MAC address
and the client's MAC address are used.
To configure the PTK lifetime:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter WLAN service
template view.
wlan service-template
service-template-number crypto
N/A
3.
Configure the PTK lifetime.
ptk-lifetime time
Optional.
By default, the PTK lifetime is
43200 seconds.
Configuring the GTK rekey method
An AC generates a group temporal key (GTK) and sends the GTK to a client during the authentication
process between an AP and the client through group key handshake or the 4-way handshake. The client
uses the GTK to decrypt broadcast and multicast packets. Robust Security Network (RSN) negotiates the
GTK through the 4-way handshake or group key handshake, and Wi-Fi Protected Access (WPA)
negotiates the GTK only through group key handshake.
Two GTK rekey methods can be configured:
•
Time-based GTK rekey: After the specified interval elapses, GTK rekey occurs.
•
Packet-based GTK rekey. After the specified number of packets is sent, GTK rekey occurs.
You can also configure the device to start GTK rekey when a client goes offline.
Configuring GTK rekey based on time
Step Command
Remarks
1.
Enter system view.
system-view
N/A