H3C Technologies H3C WX3000E Series Wireless Switches User Manual

242

Item Description

Client Max Users

Maximum number of clients of an SSID to be associated with the
same radio of the AP.

IMPORTANT:

When the number of clients of an SSID to be associated with the same

radio of the AP reaches the maximum, the SSID is automatically

hidden.

PTK Life Time

Set the pairwise transient key (PTK) lifetime. A PTK is generated
through a four-way handshake.

TKIP CM Time

Set the TKIP countermeasure time.
By default, the TKIP countermeasure time is 0 seconds, that is, the
TKIP countermeasure policy is disabled.
Message integrity check (MIC) is designed to avoid hacker

tampering. It uses the Michael algorithm and is extremely secure.

When failures occur to MIC, the data may have been tampered, and
the system may be under attack. With the countermeasure policy

enabled, if more than two MIC failures occur within the specified

time, the TKIP associations are disassociated and no new
associations are allowed within the TKIP countermeasure time.

Management Right

Web interface management right of online clients.

•

Disable—Disable the web interface management right of online

clients.

•

Enable—Enable the web interface management right of online

clients.

MAC VLAN

•

Enable—Enable the MAC VLAN feature for the wireless service.

•

Disable—Disable the MAC VLAN feature for the wireless service.

IMPORTANT:

Before you bind an AP radio to a VLAN, a step of enabling AP-based
access VLAN recognition, enable the MAC VLAN feature first.

Fast Association

•

Enable—Enable fast association.

•

Disable—Disable fast association.

By default, fast association is disabled.
When fast association is enabled, the device does not perform band
navigation and load balancing calculations for associated clients.

GTK Rekey Method

An AC generates a group transient key (GTK) and sends the GTK to
a client during the authentication process between an AP and the

client through group key handshake/the 4-way handshake. The
client uses the GTK to decrypt broadcast and multicast packets.

•

If Time is selected, the GTK will be refreshed after a specified

period of time.

•

If Packet is selected, the GTK will be refreshed after a specified

number of packets are transmitted.

By default, the GTK rekeying method is time-based, and the interval is

86400 seconds.

GTK User Down Status

Enable refreshing the GTK when some client goes offline.
By default, the GTK is not refreshed when a client goes off-line.