Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
151152153154155156157158159160
130 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Configure a Security Profile With the CLI
Opportunistic PMK Caching for WPA
Opportunistic PMK caching allows the controller, acting as the 802.1X authenticator,
to cache the results of a full 802.1X authentication so that if a client roams to any
AP associated with that controller, the wireless client needs to perform only the
4-way handshake and determine new pair-wise transient keys. PMK caching is
supported only for KDDI phones when using WPA with TKIP and 802.1X authentication.
The system automatically detects the KDDI phone using the KDDI Vendor ID and
applies PMK caching if available.
From with the Security Profile configuration, enable or disable PMK caching for KDDI
phones. This option is only available when WPA is chosen for L2 encryption.
To enable PMK caching, add the following line to the WPA Security Profile configura-
tion:
default(config-security)# pmkcaching enabled
To disable PMK caching, execute the following command at the WPA Security Profile
configuration:
default(config-security)# pmkcaching disabled
WPA PTK Rekey
The WPA PTK rekey exchange mechanism includes a configurable PTK rekey period.
The default is set to 60 seconds and the allowable range is 0 to 65535 (60 minutes).
Upon expiration of the PTK re-key period, the access point initiates a 4-way PTK
exchange followed by a GTK exchange. After the Radius Session time-out, an 801.X
exchange occurs followed by a PTK rekey exchange.
To configure the WPA PTK rekey period, from the Security Profile configuration, add
the following commands (the rekey period is in seconds):
default(config-security)# allowed-l2-modes wpa
default(config-security)# radius-server primary server_name
default(config-security)# encryption-modes tkip
default(config-security)# rekey period 120
default(config-security)# no group-rekey interval
If the rekey period is configured for a WPA profile (and not for WPA-PSK), then during
every rekey period the infrastructure initiates a WPA 4-way handshake and a 2-way
group key handshake to the client.
With the WPA PTK rekey feature, whenever a rekey interval expires, the Access Point
performs a 4-way key exchange. This exchange is NOT encrypted. Following this, the
Access Point sends a broadcast key to the client. This key packet is encrypted.
To disable WPA PTK rekey, enter the following command from the Security Profile
configuration:
default(config-security)# rekey period 0