beautypg.com

Configuring the ptk lifetime, Configuring the gtk rekey method, Configure gtk rekey based on time – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual

Page 20: Configuring the gtk rekey method -5

background image

5-5

Follow these steps to enable the authentication method:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter WLAN service
template

wlan service-template
service-template-number
crypto

Required

Enable an
authentication method

authentication-method
{ open-system |
shared-key }

Optional

Open system authentication method is used by
default.

z

Shared key authentication is usable only when
WEP encryption is adopted. In this case, you
must configure the authentication-method
shared-key
command.

z

For RSN and WPA, shared key authentication is
not required and only open system
authentication is required.

Configuring the PTK Lifetime

A pairwise transient key (PTK) is generated through a four-way handshake, during which, the pairwise

master key, an AP random value (ANonce), a site random value (SNonce), the AP’s MAC address and

the client’s MAC address are used.

Follow these steps to configure the PTK lifetime:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter WLAN service template

wlan service-template
service-template-number crypto

Configure the PTK lifetime

ptk-lifetime time

Optional

By default, the PTK lifetime is
43200 second

Configuring the GTK Rekey Method

A fat AP generates a group transient key (GTK) and sends the GTK to a client during the authentication

process between an AP and the client through the group key handshake or 4-way handshake. The

client uses the GTK to decrypt broadcast and multicast packets. RSN negotiates the GTK through the

4-way handshake or group key handshake, while WPA negotiates the GTK only through group key

handshake.

Two GTK rekey methods can be configured:

z

Time-based GTK rekey: After the specified interval elapses, GTK rekey occurs.

z

Packet-based GTK rekey. After the specified number of packets is sent, GTK rekey occurs.

You can also configure the device to start GTK rekey when a client goes offline, provided that GTK

rekey has been enabled with the gtk-rekey enable command.

Configure GTK rekey based on time

Follow these steps to configure GTK Rekey based on time:

This manual is related to the following products: