WLC5520 enable GTK/PTK Rotate Key Default

p · ‎11-25-2024

Does WLC 5520 enable GTK/PTK Rotate Key by Default ? Can we disable or just only change key interval by command show advance eap

Flavio Miranda · ‎11-25-2024

@p

You can change the interval

config advanced eap bcast-key-interval

Enter the number of seconds between 120 and 86400

I dont believe it allows disable as it would represent a seriously security flaw

p · ‎11-25-2024

Can I disable GTK/PTK Rotate Key on WLC5520

MHM Cisco World · ‎11-25-2024

From GUI of wlc55xx

""From the WPA gtk-randomize State drop-down list, choose Enable or Disable to configure the Wi-Fi Protected Access (WPA) group temporal key (GTK) randomize state.""

MHM

Flavio Miranda · ‎11-25-2024

I dont believe you can as it would represent a huge security flaw. Key rotation is an important security mechanism in order to avoid unauthorized access. With fix key, it would increase the chances a hacker breaking in by sniffing your traffic.

p · ‎11-25-2024

If I want to enable Key rotation , How I can config on WLC5520

Flavio Miranda · ‎11-25-2024

Key totation is enabled by default so, it is enable already in your WLC. What you can do is change the frequence of the key rotation with the command

config advanced eap bcast-key-interval

Enter the number of seconds between 120 and 86400

If you use 86400 means one day.

p · ‎11-25-2024

Does WPA2-Personal also enable Key Rotation by default or need to WPA gtk-randomize State ?

How change the frequence of the key rotation for WPA2-Personal ?

Flavio Miranda · ‎11-25-2024

It is the same for any kind of WPA. As you can see on the command, it does not specify which kind of WPA you need to use.