User's Manual
Chapter 25
| Wireless Security Commands
– 241 –
pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key
Security Association (PMKSA) information for fast roaming.
Syntax
pmksa-lifetime <minutes>
minutes - The time for aging out PMKSA information.
(Range: 0 - 14400 minutes)
Default Setting
720 minutes
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
◆ WPA2 provides fast roaming for authenticated clients by retaining keys and
other security information in a cache, so that if a client roams away from an
access point and then returns reauthentication is not required.
◆ When a WPA2 client is first authenticated, it receives a Pairwise Master Key
(PMK) that is used to generate other keys for unicast data encryption. This key
and other client information form a Security Association that the access point
names and holds in a cache. The lifetime of this security association can be
configured with this command. When the lifetime expires, the client security
association and keys are deleted from the cache. If the client returns to the
access point, it requires full reauthentication.
Example
AP(if-wireless 0: VAP[0])# pmksa-lifetime 600
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
make-security-
effective
This command implements all wireless security changes made in the current CLI
session.
Syntax
make-security-effective
Default Setting
None
Command Mode
Interface Configuration (Wireless-VAP)