topic Re: Client Association,Authentication in Wireless

Client Association,Authentication

Scott O'Brien — Sun, 04 Jul 2021 07:17:04 GMT

Hey All,

In regards to the Assoiciation and Authentication I would just like to check that I am getting the process correct:

1. Authentication( open or shared) this is the client talking to the AP and saying that it is an 802.11 device ( kind of like an ethernet cable being pluged into a wall jack), if it has a PSK then it must have the right details to Auth with the AP. This is Auth'd to the AP but not the network, so no network traffic can pass just yet.

2. Association the client associates with the BSS/AP and data can now pass over to the AP.

3. 802.1x Authentication ( EAP) - if required

In the above Image the Associated status means it passed step 2 and the Auth means in passed 802.1x?

If this is the case in the above Image the Authed clients ( blue line) are the clients that have passed 802.1x? and the red line is clients that have passed stage 2?

Thanks

Re: Client Association,Authentication

Scott Fella — Tue, 25 Jun 2013 07:40:32 GMT

Associated means that a devices has associated to the WLAN. Auth or authenticated means that the client has passed authentication (any, open, wep, PSK, 802.1x or WebAuth) and is in the RUN state. It's only when the client is in the RUN state that the client can pass traffic. Hope this helps.

Sent from Cisco Technical Support iPhone App

Re: Client Association,Authentication

Scott Fella — Tue, 25 Jun 2013 07:44:38 GMT

What you need to look at is the client state. Here is a good example of that.

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a008091b08b.shtml#pem

Sent from Cisco Technical Support iPhone App

Re: Client Association,Authentication

mmangat — Wed, 26 Jun 2013 04:28:24 GMT

Hello,

In the client association process, access points send out beacons announcing one or more SSIDs, data rates, and other information. The client sends out a probe and scans all the channels and listens for beacons and responses to the probes from the access points. The client associates to the access point that has the strongest signal. If the signal becomes low, the client repeats the scan to associate with another access point (this process is called roaming). During association, the SSID, MAC address, and security settings are sent from the client to the access point and checked by the access point. Figure 3-6 illustrates the client association process.

Figure 3-6 Client Association

A wireless clients association to a selected access point is actually the second step in a two-step process. First, authentication and then association must occur before an 802.11 client can pass traffic through the access point to another host on the network. Client authentication in this initial process is not the same as network authentication (entering username and password to get access to the network). Client authentication is simply the first step (followed by association) between the wireless client and access point, and it establishes communication. The 802.11 standard specifies only two different methods of authentication: open authentication and shared key authentication. Open authentication is simply the exchange of four "hello" type packets with no client or access point verification, to allow ease of connectivity. Shared key authentication uses a statically defined WEP key, known between the client and access point, for verification. This same key might or might not be used to encrypt the actual data passing between a wireless client and an access point based on user configuration.

http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=3