diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 664c59d..14bfe9b 100755
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -3360,6 +3360,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
 	} else if (os_strcmp(buf, "UPDATE_BEACON") == 0) {
 		if (ieee802_11_set_beacon(hapd))
 			reply_len = -1;
+	} else if (os_strcmp(buf, "FORCE_REKEY_GTK") == 0) {
+		if (wpa_auth_force_rekey_gtk(hapd->wpa_auth) < 0)
+			reply_len = -1;
 #ifdef CONFIG_TESTING_OPTIONS
 	} else if (os_strncmp(buf, "RADAR ", 6) == 0) {
 		if (hostapd_ctrl_iface_radar(hapd, buf + 6))
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 60396f3..9797025 100755
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1222,6 +1222,13 @@ static int hostapd_cli_cmd_update_beacon(struct wpa_ctrl *ctrl, int argc,
 }
 
 
+static int hostapd_cli_cmd_force_rekey_gtk(struct wpa_ctrl *ctrl, int argc,
+				      char *argv[])
+{
+	return wpa_ctrl_command(ctrl, "FORCE_REKEY_GTK");
+}
+
+
 static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
 {
 	char cmd[256];
@@ -1665,6 +1672,8 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
 	  "= disable hostapd on current interface" },
 	{ "update_beacon", hostapd_cli_cmd_update_beacon, NULL,
 	  "= update Beacon frame contents\n"},
+	{ "force_rekey_gtk", hostapd_cli_cmd_force_rekey_gtk, NULL,
+	  "= force rekey gtk\n"},
 	{ "erp_flush", hostapd_cli_cmd_erp_flush, NULL,
 	  "= drop all ERP keys"},
 	{ "log_level", hostapd_cli_cmd_log_level, NULL,
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 705517b..490cf82 100755
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -5729,6 +5729,15 @@ void wpa_auth_set_ocv_override_freq(struct wpa_authenticator *wpa_auth,
 #endif /* CONFIG_TESTING_OPTIONS */
 
 
+int wpa_auth_force_rekey_gtk(struct wpa_authenticator *wpa_auth)
+{
+	if (!wpa_auth)
+		return -1;
+	eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
+	return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
+}
+
+
 void wpa_auth_sta_radius_psk_resp(struct wpa_state_machine *sm, bool success)
 {
 	if (!sm->waiting_radius_psk) {
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index d2a3600..6cac570 100755
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -567,6 +567,8 @@ int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
 void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm);
 void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val);
 
+int wpa_auth_force_rekey_gtk(struct wpa_authenticator *wpa_auth);
+
 enum wpa_auth_ocv_override_frame {
 	WPA_AUTH_OCV_OVERRIDE_EAPOL_M3,
 	WPA_AUTH_OCV_OVERRIDE_EAPOL_G1,