Technical data
Configure a Security Profile With the CLI
© 2012 Meru Networks, Inc. Configuring Security 131
WPA GTK Rekey
With the WPA GTK rekey feature, whenever the group-rekey interval expires, the
Access Point sends a broadcast key to the client. This key packet is encrypted.
To configure the WPA GTK rekey period, from the Security Profile configuration, add
the following command (the rekey period can be between 0 and 65535 seconds):
default(config-security)# group-rekey interval n
To disable WPA GTK rekey, enter the following command from the Security Profile
configuration:
default(config-security)# no group-rekey interval
Example WPA-PSK Configuration
When setting the PSK key, use a key from 8 to 63 ASCII characters (the characters ! \
" ? must be escaped with the backslash (\) character; for example \! \?) or 64 hex
characters (hex keys must be prefixed with “0x” or the key will not work).
The following example creates the profile named wpa-psk that enables WPA-PSK for
Layer 2, sets the encryption mode to TKIP, and sets the preshared key to
theSecretKeyForMay22.
default(config)# security-profile wpa-psk
default(config-security)# allowed-l2-modes wpa-psk
default(config-security)# encryption-modes tkip
default(config-security)# psk key theSecretKeyForMay22
default(config-security)# exit
default(config)# exit
default#
WPA/WPA-PSK Command Summary
The following commands are used to configure WPA2, WPA, WPA2-PSK, and WPA-PSK:
Table 7: Commands to Configure WPA/WPA2
Command Purpose
allowed-l2-modes wpa2 |
wpa2-psk | wpa | wpa-psk
|clear
With 802.1X authentication, enables WPA2 or WPA; or for manual
key exchange WPA2-PSK or WPA-PSK; or with the clear option sets
the mode to open (disables WPA).
encryption-modes ccmp |
tkip
Configures WPA2/CCMP or WPA/TKIP as the Security Profile cipher
suite.