37
To configure the PTK lifetime:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter WLAN service
template view.
wlan service-template
service-template-number
crypto
N/A
3. Configure the PTK lifetime.
ptk-lifetime
time
Optional.
By default, the PTK lifetime is
43200 seconds.
Configuring the GTK rekey method
A fat AP generates a group temporal key (GTK) and sends the GTK to a client during the
authentication process between an AP and the client through group key handshake or the 4-way
handshake. The client uses the GTK to decrypt broadcast and multicast packets. The Robust
Security Network (RSN) negotiates the GTK through the 4-way handshake or group key handshake,
and Wi-Fi Protected Access (WPA) negotiates the GTK only through group key handshake.
Two GTK rekey methods can be configured:
• Time-based GTK rekey—After the specified interval elapses, GTK rekey occurs.
• Packet-based GTK rekey—After the specified number of packets is sent, GTK rekey occurs.
By default, time-based GTK rekey is adopted, and the rekey interval is 86400 seconds.
Configuring a new GTK rekey method overwrites the previous one. For example, if time-based GTK
rekey is configured after packet-based GTK rekey is configured, time-based GTK rekey takes effect.
You can also configure the device to start GTK rekey when a client goes offline.
Configuring GTK rekey based on time
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter WLAN service
template view.
wlan service-template
service-template-number
crypto
N/A
3. Enable GTK rekey.
gtk-rekey enable
By default, GTK rekey is
enabled.
4. Configure the GTK rekey
interval.
gtk-rekey method
time-based
[ time ]
By default, the interval is 86400
seconds.
5. Configure the device to
start GTK rekey when a
client goes offline.
gtk-rekey client-offline enable
Optional.
By default, the device does not
start GTK rekey when a client
goes offline.
This command takes effect only
when you execute the
gtk-rekey enable
command.
Configuring GTK rekey based on packet
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter WLAN service
template view.
wlan service-template
service-template-number
crypto
N/A
To Next Page
Loading...
