dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8381
pwanghk
join:2003-01-23
penang

pwanghk

Member

How to set WPA shared key to never exprire on Westell 327w?

Greetings:

I try to set up WPA shared key to never expire to no avail.
I put different value between 0 & 99999 in the WPA Group rekey interval, the passord rekey last from one to two weeks max. Any help would be greatly appreciated.

Here is my current wireless security setting:

Under the Router Configuration - Wireless - Security menu:

Wireless security = WPA-PSK
WPA Shared Key = 27 alphanumerical character (word not in dictionary)
WPA Group rekey interval = 0 ~ 99999

nwrickert
Mod
join:2004-09-04
Geneva, IL

1 edit

nwrickert

Mod

I suspect that you are misunderstanding something here.

WPA uses your shared key for authentication to the network. However, normal network operations use a different encryption key that is randomly generated. It is this randomly generated key that is periodically replaced. Your preshared key is not affected.

I suggest going with the defaults for rekey interval.

(added by edit): my Motorola WAP is set for a group key renewal interval of 300 sec (the default). I have never noticed any problems, and have never been forced to change my pre-shared key. The only preshared key change was due my own decision to us a stronger key (the ascii encoding of a 256 bit random number).
jbibe
Premium Member
join:2001-02-22

3 edits

jbibe to pwanghk

Premium Member

to pwanghk
The Group Key (i.e., Group Transient Key) secures the broadcast and multicast traffic from the access point to the wireless clients. Leave the Group Transient Key rekey period at its default value.

A Pairwise Transient Key (PTK) secures the unicast traffic between the access point and a wireless client. A new PTK is produced from the Pairwise Master key (PMK) each time a wireless client connects to the access point. The PMK never changes for WPA-PSK (or WPA2-PSK) operation, unless you change your pass-phrase.
pwanghk
join:2003-01-23
penang

pwanghk

Member

Thank you for your explanation.

I am all confuse. Based on your explanation, I don't need to change the shared key on the router. Just set it and forget it.

What I don't understand is why my desktop PC connecting to the Westell via D-LINK USB 54G stops functioning every couple of month or so. At this point I need to set up a new shared key to re-establish the connection.

When I set up my wireless network I let XP Prof sp2 automatically manage my network key. How does this thing work after you authenticate your Wireless PC with the router? Does XP generates the network key randomly and automatically? Does the network key changes periodically? If so, how can the router and the wireless PC identify each other with a different keys? Is it possible to set a duration for this network key to be expired at a predefined interval 3, 6, 12 months etc?
jbibe
Premium Member
join:2001-02-22

4 edits

jbibe

Premium Member

said by pwanghk:

I am all confuse. Based on your explanation, I don't need to change the shared key on the router. Just set it and forget it.

What I don't understand is why my desktop PC connecting to the Westell via D-LINK USB 54G stops functioning every couple of month or so. At this point I need to set up a new shared key to re-establish the connection.
As stated above, the PTK does not change until the wireless client reconnects to the access point. The 802.11i design requirements prevent reuse of a sequence number when using TKIP, or a packet number when using CCMP. If the number space is exhausted, a fresh temporal key must be used, or communications must end. This should not be an issue, unless the client remains connected to the access point for an extended period of time.

It is possible that the D-Link stops operating because the number space is being exhausted after a month or two. That meets the 802.11i design requirements.

It could also be a bug in the D-Link or the access point.
When I set up my wireless network I let XP Prof sp2 automatically manage my network key. How does this thing work after you authenticate your Wireless PC with the router? Does XP generates the network key randomly and automatically? Does the network key changes periodically? If so, how can the router and the wireless PC identify each other with a different keys? Is it possible to set a duration for this network key to be expired at a predefined interval 3, 6, 12 months etc?
Authentication occurs during a 4-way handshake between the wireless device and the access point. This produces a unique PTK from the PMK, access point nonce, wireless client nonce, and MAC addresses of the access point and the wireless client. The nonces are random numbers.

The PTK does not change, unless re-authentication occurs. In typical wireless devices used by homeowners, re-authentication only occurs when the wireless client disconnects and then reconnects. Some access points include a re-authentication time period, in addition to the group re-key time period. When the re-authentication time period expires, the access point starts the 4-way handshake again. This produces a fresh PTK. The typical re-authentication time period is 30 minutes.

If your access point does not include a re-authentication timer, you should disconnect and then reconnect your wireless client at regular intervals to produce a fresh temporal key.