beautypg.com

Table 31-8 – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 272

background image

31-18

Table 31-8 Configuration items of advanced configuration of crypto type wireless service

Item

Description

Local Forwarding

Local forwarding enables an AP to forward data frames between clients. In a
centralized WLAN architecture, an AP transparently transmits data frames to an
AC for processing. With the increase of clients, the forwarding load of the AC
increases either. With local forwarding enabled, an AP, rather the AC, forwards
client data, greatly reducing the load of the AC.

Enable: If local forwarding is enabled, data frames from an associated station
will be forwarded by the AP itself.

Disable: If local forwarding is disabled, data frames from an associated station
will be handled by the AC.

Local Forwarding VLAN

Clients using the same SSID may belong to different VLANs. You can configure a
local forwarding VLAN when configuring a local forwarding policy.

Client Max Users

Maximum number of clients of an SSID that are associated with the same radio of
an AP.

If the number of associated clients reaches the maximum, no clients can join the
SSID until some associated clients disassociate for some reason.

PTK Life Time

Set the pairwise transient key (PTK) lifetime. A PTK is generated through a
four-way handshake.

TKIP CM Time

Set the TKIP countermeasure time.

By default, the TKIP countermeasure time is 0 seconds, that is, the TKIP
countermeasure policy is disabled. If the TKIP countermeasure time is set to a
value other than 0, the TKIP countermeasure policy is enabled.

Message integrity check (MIC) is designed to avoid hacker tampering. It uses the
Michael algorithm and is extremely secure. When failures occur to MIC, the data
may have been tampered, and the system may be under attack. In this case, TKIP
will enable the countermeasure policy to prevent hackers from attacking. With the
countermeasure policy enabled, if more than two MIC failures occur within the
specified time, the TKIP associations are disassociated and no new associations
are allowed within the TKIP countermeasure time.

Management Right

Web interface management right of online clients

Disable: Disables the web interface management right of online clients.

Enable: Enables the web interface management right of online clients.

GTK Rekey Method

An AC generates a group transient key (GTK) and sends the GTK to a client during
the authentication process between an AP and the client through group key
handshake/the 4-way handshake. The client uses the GTK to decrypt broadcast
and multicast packets.

If Time is selected, the GTK will be refreshed after a specified period of time.

If Packet is selected, the GTK will be refreshed after a specified number of
packets are transmitted.

By default, the GTK rekeying method is time-based, and the interval is 86400
seconds.

GTK User Down Status

Enable refreshing the GTK when some client goes offline.

By default, the GTK is not refreshed when a client goes off-line.

Security configuration of crypto type wireless service

Select Wireless Service > Access Service from the navigation tree, find the crypto type wireless

service in the list, and click the corresponding

icon to enter the page for configuring crypto type

wireless service, as shown in

Figure 31-19

.