beautypg.com

Configuring the ptk lifetime, Configuring the gtk rekey method, Configuring gtk rekey based on time – H3C Technologies H3C MSR 50 User Manual

Page 46

background image

37

Configuring the PTK lifetime

A pairwise transient key (PTK) is generated through a four-way handshake, during which, the pairwise

master key (PMK), an AP random value (ANonce), a site random value (SNonce), the AP’s MAC address

and the client’s MAC address are used.
To configure the PTK lifetime:

Step Command

Remarks

158.

Enter system view.

system-view

N/A

159.

Enter WLAN service
template view.

wlan service-template

service-template-number crypto

N/A

160.

Configure the PTK lifetime.

ptk-lifetime time

Optional.
By default, the PTK lifetime is

43200 seconds.

Configuring the GTK rekey method

A fat AP generates a group temporal key (GTK) and sends the GTK to a client during the authentication

process between an AP and the client through group key handshake or the 4-way handshake. The client
uses the GTK to decrypt broadcast and multicast packets. The Robust Security Network (RSN) negotiates

the GTK through the 4-way handshake or group key handshake, and Wi-Fi Protected Access (WPA)

negotiates the GTK only through group key handshake.
Two GTK rekey methods can be configured:

Time-based GTK rekey—After the specified interval elapses, GTK rekey occurs.

Packet-based GTK rekey—After the specified number of packets is sent, GTK rekey occurs.

By default, time-based GTK rekey is adopted, and the rekey interval is 86400 seconds.
Configuring a new GTK rekey method overwrites the previous one. For example, if time-based GTK rekey

is configured after packet-based GTK rekey is configured, time-based GTK rekey takes effect.
You can also configure the device to start GTK rekey when a client goes offline.

Configuring GTK rekey based on time

Step Command

Remarks

161.

Enter system view.

system-view

N/A

162.

Enter WLAN service
template view.

wlan service-template
service-template-number crypto

N/A

163.

Enable GTK rekey.

gtk-rekey enable

By default, GTK rekey is
enabled.

164.

Configure the GTK rekey

interval.

gtk-rekey method time-based [ time ]

By default, the interval is 86400
seconds.

This manual is related to the following products: