Configuring the ptk lifetime, Configuring the gtk rekey method, Configuring gtk rekey based on time – H3C Technologies H3C MSR 50 User Manual
Page 46
37
Configuring the PTK lifetime
A pairwise transient key (PTK) is generated through a four-way handshake, during which, the pairwise
master key (PMK), an AP random value (ANonce), a site random value (SNonce), the AP’s MAC address
and the client’s MAC address are used.
To configure the PTK lifetime:
Step Command
Remarks
158.
Enter system view.
system-view
N/A
159.
Enter WLAN service
template view.
wlan service-template
service-template-number crypto
N/A
160.
Configure the PTK lifetime.
ptk-lifetime time
Optional.
By default, the PTK lifetime is
43200 seconds.
Configuring the GTK rekey method
A fat AP generates a group temporal key (GTK) and sends the GTK to a client during the authentication
process between an AP and the client through group key handshake or the 4-way handshake. The client
uses the GTK to decrypt broadcast and multicast packets. The Robust Security Network (RSN) negotiates
the GTK through the 4-way handshake or group key handshake, and Wi-Fi Protected Access (WPA)
negotiates the GTK only through group key handshake.
Two GTK rekey methods can be configured:
•
Time-based GTK rekey—After the specified interval elapses, GTK rekey occurs.
•
Packet-based GTK rekey—After the specified number of packets is sent, GTK rekey occurs.
By default, time-based GTK rekey is adopted, and the rekey interval is 86400 seconds.
Configuring a new GTK rekey method overwrites the previous one. For example, if time-based GTK rekey
is configured after packet-based GTK rekey is configured, time-based GTK rekey takes effect.
You can also configure the device to start GTK rekey when a client goes offline.
Configuring GTK rekey based on time
Step Command
Remarks
161.
Enter system view.
system-view
N/A
162.
Enter WLAN service
template view.
wlan service-template
service-template-number crypto
N/A
163.
Enable GTK rekey.
gtk-rekey enable
By default, GTK rekey is
enabled.
164.
Configure the GTK rekey
interval.
gtk-rekey method time-based [ time ]
By default, the interval is 86400
seconds.