Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6389
Views
15
Helpful
4
Replies

New WLAN in 7.2 WLC WPA gtk-randomize State?

Jacob-Harris
Level 1
Level 1

‎03-21-2012 01:22 PM - edited ‎07-03-2021 09:50 PM

What does the option WPA gtk-randomize State do when configuring Layer 2 Security under a new WLAN in a WLC (Code level 7.2)?

Thanks

Labels:
0 Helpful
4 Replies 4

tstrati
Cisco Employee
Cisco Employee

‎03-23-2012 12:13 PM 

This feature provides a config option to configure the GTK randomization on the WLAN. 
By default GTK randomization is disabled on the WLAN (default behavior). 
When enabled, GTK should be randomized for each client of the BSS. 
When this is enabled, the client should not be able to decrypt the broadcast and multicast packets received.
This feature addresses the "Hole196" security vulnerability.

George Stefanick
VIP Alumni
VIP Alumni
In response to tstrati

‎03-23-2012 12:27 PM

Correct, for the benifit of Jacob.

Unicast traffic is encrypted with the PTK key, which is unique per user. Each user has a different key and this key changes each time you authenticate to the network.

Broadcast and Multicast traffic is encrypted with the GTK key, which is shared by each client associated to said access point.

Although hole196 is a legit security hole. You have to be a trusted user to use it, meaning you need to be on  the inside of the network already. If you are already in the network, why hack 196 ?

Make sense?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

iainskwatt
Level 1
Level 1
In response to George Stefanick

‎04-19-2012 01:52 AM

I know this is an inside only attack but a lot of attacks already happen from the inside. Attacks are not always to gain access to a network to use it but to steal information from other trusted users.

In our environment, a University, we feel that this inside attack is very real especially when running ethical hacking courses which probably cover such attacks. Some students will try these attacks out on the most convenient network they have available, ours. So although the user must already have access to our WLAN it doesn't mean that an attack will not happen.

We have a lot of "trusted" users, about 20,000, but to be honest I don't trust any of them.

Tymofii Dmytrenko
Level 1
Level 1
In response to tstrati

‎12-04-2016 04:43 AM

Can anyone please explain how this feature works?

GTK has to be known to every STA to let them decrypt broadcast/multicast traffic. What does actually GTK randomize means? If every client get GTK randomized, doesn't it break the logic of broadcast/multicast? Does it mean both types of traffic become unicast if this checkbox is enabled?

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card