Table 31-8 – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 272
31-18
Table 31-8 Configuration items of advanced configuration of crypto type wireless service
Item
Description
Local Forwarding
Local forwarding enables an AP to forward data frames between clients. In a
centralized WLAN architecture, an AP transparently transmits data frames to an
AC for processing. With the increase of clients, the forwarding load of the AC
increases either. With local forwarding enabled, an AP, rather the AC, forwards
client data, greatly reducing the load of the AC.
Enable: If local forwarding is enabled, data frames from an associated station
will be forwarded by the AP itself.
Disable: If local forwarding is disabled, data frames from an associated station
will be handled by the AC.
Local Forwarding VLAN
Clients using the same SSID may belong to different VLANs. You can configure a
local forwarding VLAN when configuring a local forwarding policy.
Client Max Users
Maximum number of clients of an SSID that are associated with the same radio of
an AP.
If the number of associated clients reaches the maximum, no clients can join the
SSID until some associated clients disassociate for some reason.
PTK Life Time
Set the pairwise transient key (PTK) lifetime. A PTK is generated through a
four-way handshake.
TKIP CM Time
Set the TKIP countermeasure time.
By default, the TKIP countermeasure time is 0 seconds, that is, the TKIP
countermeasure policy is disabled. If the TKIP countermeasure time is set to a
value other than 0, the TKIP countermeasure policy is enabled.
Message integrity check (MIC) is designed to avoid hacker tampering. It uses the
Michael algorithm and is extremely secure. When failures occur to MIC, the data
may have been tampered, and the system may be under attack. In this case, TKIP
will enable the countermeasure policy to prevent hackers from attacking. With the
countermeasure policy enabled, if more than two MIC failures occur within the
specified time, the TKIP associations are disassociated and no new associations
are allowed within the TKIP countermeasure time.
Management Right
Web interface management right of online clients
Disable: Disables the web interface management right of online clients.
Enable: Enables the web interface management right of online clients.
GTK Rekey Method
An AC generates a group transient key (GTK) and sends the GTK to a client during
the authentication process between an AP and the client through group key
handshake/the 4-way handshake. The client uses the GTK to decrypt broadcast
and multicast packets.
If Time is selected, the GTK will be refreshed after a specified period of time.
If Packet is selected, the GTK will be refreshed after a specified number of
packets are transmitted.
By default, the GTK rekeying method is time-based, and the interval is 86400
seconds.
GTK User Down Status
Enable refreshing the GTK when some client goes offline.
By default, the GTK is not refreshed when a client goes off-line.
Security configuration of crypto type wireless service
Select Wireless Service > Access Service from the navigation tree, find the crypto type wireless
service in the list, and click the corresponding
icon to enter the page for configuring crypto type
wireless service, as shown in
.