3Com 8760 User Guide - Page 241

Using the Command Line Interface pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key Security Association (PMKSA) information for fast roaming. Syntax pmksa-lifetime minutes - The time for aging out PMKSA information. (Range: 0 - 14400 minutes) Default Setting 720 minutes Command Mode Interface Configuration (Wireless-VAP) Command Usage • WPA2 provides fast roaming for authenticated clients by retaining keys and other security information in a cache, so that if a client roams away from an access point and then returns reauthentication is not required. • When a WPA2 client is first authenticated, it receives a Pairwise Master Key (PMK) that is used to generate other keys for unicast data encryption. This key and other client information form a Security Association that the access point names and holds in a cache. The lifetime of this security association can be configured with this command. When the lifetime expires, the client security association and keys are deleted from the cache. If the client returns to the access point, it requires full reauthentication. • The access point can store up to 256 entries in the PMKSA cache. Example Enterprise AP(if-wireless g: VAP[0])#wpa-pre-shared-key ASCII agoodsecret Enterprise AP(if-wireless g: VAP[0])# pre-authentication This command enables WPA2 pre-authentication for fast secure roaming. Syntax pre-authentication • enable - Enables pre-authentication for the VAP interface. • disable - Disables pre-authentication for the VAP interface. 5-139