WLAN Association for 802.1X/Pre-shared Key Mechanism

Prior to the 802.1 X EAP and 4-way EAPOL handshakes – the 802.11 Station and the Access Point exchange information to associate to one another. At the end of a successful association – the 802.11 client is connected to the Access point but the Data channel is still blocked. The Data channel will be enabled after the successful completion of a 4-way EAPOL handshake and the exchange of the proper keys. The steps for association are outlined below

  1. The Access point indicates the support for the 802.11i mechanism (WPA/WPA2/RSN Information Element) in the beacon frame
  2. The 802.11 Station sends a probe request to the Access Point. This does not have any WPA/WPA2/RSN Information elements incorporated
  3. The Access Point responds with a probe response which incorporates the WPA/WPA2/RSN IEs
  4. The 802.11 authentication packet is sent as open authentication by the 802.11 Station and Access point responds with a success message for the 802.11 authentication frame
  5. The 802.11 Station in an association request now incorporates the 802.11i support via the WPA/WPA2/RSN Information element.
  6. The WPA/WPA2/RSN information elements indicate if the authentication is 802.1X or PSK
  7. The WEP bit in the capability field is set to 1 to indicate that station is an encrypted station and it requires encryption keys to function
  8. The Access Point responds to the Association request with an association response success

At the end of a successful association response – the data channel (or controlled port) is still blocked and data transfer is not permitted. Only after the 802.1X EAP/EAPOL handshake is completed successfully – the controlled port is enabled and the 802.11 station and Access Point can send data (Unicast/Multi-cast) packets to one another

802.1X Authentication – Generation of Master Key

Leave a Reply

Your email address will not be published. Required fields are marked *