36• MSR3600-51F.Configuring WLAN securityConfiguration task listTo configure WLAN security in a service template, map the service template to a radio policy, andadd radios to the radio policy. The SSID name, advertisement setting (beaconing), and encryptionsettings are configured in the service template. You can configure an SSID to support anycombination of WPA, RSN, and Pre-RSN clientsTask RemarksEnabling an authentication method RequiredConfiguring the PTK lifetime OptionalConfiguring the GTK rekey method OptionalConfiguring security IE RequiredConfiguring cipher suite RequiredConfiguring port security OptionalEnabling an authentication methodYou can enable open system or shared key authentication or both.To enable an authentication method:Step Command Remarks1. Enter system view. system-view N/A2. Enter WLAN servicetemplate view.wlan service-templateservice-template-number crypto N/A3. Enable the authenticationmethod.authentication-method{ open-system | shared-key }Optional.By default, open systemauthentication is adopted.• The shared-keyauthentication can beadopted only when WEPencryption is used, and youmust configure theauthentication-methodshared-key command.• For RSN and WPA, theauthentication method mustbe open systemauthentication.Configuring the PTK lifetimeA pairwise transient key (PTK) is generated through a four-way handshake, during which, thepairwise master key (PMK), an AP random value (ANonce), a site random value (SNonce), the AP’sMAC address and the client’s MAC address are used.