Configuring the ptk lifetime, Configuring the gtk rekey method, Configure gtk rekey based on time – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual
Page 20: Configuring the gtk rekey method -5
5-5
Follow these steps to enable the authentication method:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter WLAN service
template
wlan service-template
service-template-number
crypto
Required
Enable an
authentication method
authentication-method
{ open-system |
shared-key }
Optional
Open system authentication method is used by
default.
z
Shared key authentication is usable only when
WEP encryption is adopted. In this case, you
must configure the authentication-method
shared-key command.
z
For RSN and WPA, shared key authentication is
not required and only open system
authentication is required.
Configuring the PTK Lifetime
A pairwise transient key (PTK) is generated through a four-way handshake, during which, the pairwise
master key, an AP random value (ANonce), a site random value (SNonce), the AP’s MAC address and
the client’s MAC address are used.
Follow these steps to configure the PTK lifetime:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter WLAN service template
wlan service-template
service-template-number crypto
—
Configure the PTK lifetime
ptk-lifetime time
Optional
By default, the PTK lifetime is
43200 second
Configuring the GTK Rekey Method
A fat AP generates a group transient key (GTK) and sends the GTK to a client during the authentication
process between an AP and the client through the group key handshake or 4-way handshake. The
client uses the GTK to decrypt broadcast and multicast packets. RSN negotiates the GTK through the
4-way handshake or group key handshake, while WPA negotiates the GTK only through group key
handshake.
Two GTK rekey methods can be configured:
z
Time-based GTK rekey: After the specified interval elapses, GTK rekey occurs.
z
Packet-based GTK rekey. After the specified number of packets is sent, GTK rekey occurs.
You can also configure the device to start GTK rekey when a client goes offline, provided that GTK
rekey has been enabled with the gtk-rekey enable command.
Configure GTK rekey based on time
Follow these steps to configure GTK Rekey based on time: