The wapi usk command sets the interval for updating a USK, and number of retransmissions of USK negotiation packets.
The undo wapi usk command restores the default interval for updating a USK, and number of retransmissions of USK negotiation packets.
By default, the interval for updating a USK is 86400s; the number of retransmissions of USK negotiation packets is 3.
wapi { usk-update-interval usk-interval | usk-retrans-count usk-count }
undo wapi { usk-update-interval | usk-retrans-count }
Parameter |
Description |
Value |
|---|---|---|
usk-update-interval usk-interval |
Specifies the interval for updating a USK. When the USK update mode is set to time-based update using the wapi key-update command, the interval for updating a USK needs to be set. |
The value is an integer that ranges from 600 to 604800, in seconds. |
usk-retrans-count usk-count |
Specifies the number of retransmissions of USK negotiation packets. |
The value is an integer that ranges from 1 to 10. |
WAPI defines a dynamic key negotiation mechanism, but there are still security risks if a STA uses the same encryption key for a long time. Both the USK and MSK have a lifetime. The USK or MSK needs to be updated when its lifetime ends.
# Set the interval for updating a USK to 10000s, and number of retransmissions of USK negotiation packets to 5.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] security-profile name p1 [HUAWEI-wlan-sec-prof-p1] wapi usk key-update time-based [HUAWEI-wlan-sec-prof-p1] wapi usk-update-interval 10000 [HUAWEI-wlan-sec-prof-p1] wapi usk-retrans-count 5