Configuring WAPI-PSK

Procedure

1. Run system-view

   The system view is displayed.

2. Run wlan

   The WLAN view is displayed.

3. Run security-profile name profile-name

   The security profile view is displayed.

4. Run security wapi psk { pass-phrase | hex } key-value

   The security policy is set to WAPI-PSK.

5. (Optional) Run wapi { bk-threshold bk-threshold | bk-update-interval bk-update-interval }

   The interval for updating a Base Key (BK) and the BK lifetime percentage are set.

   The value obtained by multiplying the interval for updating a BK by the BK lifetime percentage should be greater than or equal to 300 seconds. If the interval for updating a BK is less than 300s, the BK may be updated before negotiation is complete due to low STA performance. In this case, some STAs may be forced offline or cannot go online.

   By default, the interval for updating a BK is 43200s, and the BK lifetime percentage is 70%.

6. (Optional) Run wapi sa-timeout sa-time

   The timeout period of a security association is set.

   By default, the timeout period for a SA is 60s.

   If a STA is not authenticated within the timeout period, no SA is established and the STA cannot go online.

7. (Optional) Run wapi { usk | msk } key-update { disable | time-based }

   The WAPI USK or MSK update mode is set.

   By default, USKs and MSKs are updated based on time.

8. (Optional) Run wapi { usk-update-interval usk-interval | usk-retrans-count usk-count }

   The interval for updating a USK, and number of retransmissions of USK negotiation packets are set.

   By default, the interval for updating a USK is 86400s; the number of retransmissions of USK negotiation packets is 3.

9. (Optional) Run wapi { msk-update-interval msk-interval | msk-retrans-count msk-count }

   The interval for updating an MSK, and number of retransmissions of MSK negotiation packets are set.

   By default, the interval for updating an MSK is 86400s; the number of retransmissions of MSK negotiation packets is 3.