Group Rekey Interval

What is the group rekey interval?

Your WiFi network encrypts data so that outsiders cannot read it. Part of this encryption uses a shared key called the Group Temporal Key (GTK), which all devices on the network share. The group rekey interval controls how often this key gets refreshed.

Think of it like changing the locks on a shared office. Every time the lock changes, everyone needs a new key. On WiFi, every time the group key refreshes, each connected device runs a quick renegotiation handshake. Many routers default to every 3600 seconds (one hour). Upstream hostapd, the access point software used by many routers, defaults to 86400 seconds (24 hours) for modern encryption, which makes the one-hour default look unnecessarily aggressive for a home network.

Why it matters

Most devices handle the key refresh smoothly in the background, with no disconnection and no noticeable delay. But some clients fail the renegotiation and have to briefly reconnect. Router vendor Keenetic documents exactly this behavior: a device that cannot complete the handshake drops and rejoins, which can interrupt timing-sensitive traffic like video calls or streaming for a few seconds.

The telltale sign is periodicity. If a device drops off your network at regular intervals that match the configured rekey timer (for example, once an hour on the hour with a 3600-second interval), the group rekey is a strong suspect. Without that matching pattern, do not assume rekey is the cause: disconnects that happen roughly hourly can just as easily come from DHCP lease churn, band steering, or device power-save bugs.

For most home networks, there is also no meaningful security benefit to rekeying every hour. The group key only protects broadcast and multicast traffic, and an attacker who already has your WiFi password gains nothing from the old group key.

What you can do

• First, check for the pattern: if specific devices drop off your network at regular intervals matching the rekey timer, this setting is worth changing. If your disconnects do not follow that pattern, look elsewhere first.
• Log into your router and look for "Group Key Renewal" or "Group Rekey Interval" under your wireless security settings.
• Optionally change the value from 3600 to 86400 (24 hours). This matches the upstream hostapd default for modern encryption and reduces how often devices renegotiate, while still refreshing the key daily.
• Do not set the value to 0 or disable rekeying entirely. Keenetic and other vendors recommend keeping the mechanism on; extending the interval gets you the stability benefit without giving up key rotation.
• After changing the setting, reboot your router so all devices pick up the new configuration cleanly.

What Network Weather shows you

Network Weather checks your network's group rekey interval and notes the common one-hour default, which can cause brief reconnects on some devices. Extending it is worth trying if devices drop off at intervals that match the rekey timer.