Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
579
Views
10
Helpful
5
Replies
MUQ_1899_
Beginner
Beginner
‎01-06-2017 12:45 AM
‎01-06-2017 12:45 AM

Client Association before Authentication

Hello,

All the tech docs state that the client authentication process take place before the association. However on the controller I see clients which are associated but not authenticated. How is this possible?

Labels:
Preview file
2 KB
0 Helpful
5 REPLIES 5
Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor
‎01-06-2017 12:21 PM
‎01-06-2017 12:21 PM

There are two types of authentication.  Open System Authentication & 802.1X based authentication.

So you will see two authentication frames (req/res) prior to association req/res frames. Refer below post for some details.

https://mrncciew.com/2014/08/19/cwsp-legacy-802-11-securiry/

Once this finished, then user authentication starts.

HTH

Rasika

*** Pls rate all useful responses ***

MUQ_1899_
Beginner
Beginner
In response to Rasika Nayanajith
‎01-07-2017 01:52 AM
‎01-07-2017 01:52 AM

So independent of the configured authentication PSK/802.1X user authentication always in first place we have open authentication then client association and then the final user authentication?

0 Helpful
Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to MUQ_1899_
‎01-07-2017 07:50 AM
‎01-07-2017 07:50 AM

Just to add to Rasika's comments...  Open auth with webauth (layer 3 auth) for example, clients need to get an ip prior to hitting a portal page, then the auth will happen. So anything that is not open and uses a layer 2 encryption will need to get auth first then if passed will get an ip and be placed on the network. 

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***
MUQ_1899_
Beginner
Beginner
In response to Scott Fella
‎01-09-2017 10:52 AM
‎01-09-2017 10:52 AM

Scott, the screenshot that is attached in the first post is from an SSID configured with PSK. I see associated clients which are not authenticated. I bet that these are someones that have tried to connect but the not know the shared secret. How is it possible to  be associated than?

0 Helpful
Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to MUQ_1899_
‎01-09-2017 11:09 AM
‎01-09-2017 11:09 AM

You first associate, means the device is trying to connect to that SSID, then you move to authenticated if you pass authentication.  You will see this also with Webauth where devices connect automatically but need user intervention to hit accessory or enter credentials.

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***
0 Helpful
Latest Contents
Common Site-Survey Mistakes in Hospitals, Warehouses, Office...
Created by Cisco Moderador on 06-27-2022 10:14 AM
0
0
0
0
Tuesday 21, June 2022, at 9:00hrs PDT (utc -8) Ask Me Anything Slides (view in My Videos) Community Live Slides- Common Site-Survey Mistakes in Hospitals, Warehouses, Offices, and ... Palaces! The main goal of the presentation is to go through the most ... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-21-2022 03:19 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more capacity, a... view more
Common Site-Survey Mistakes in Hospitals, Warehouses,Offices...
Created by Cisco Moderador on 06-21-2022 08:55 AM
0
10
0
10
Tuesday 21, June 2022, at 9:00hrs PDT (utc -8) Ask Me AnythingVideo Community Live Slides- Common Site-Survey Mistakes in Hospitals, Warehouses, Offices, and ... Palaces! The main goal of the presentation is to go through the most common mistakes that h... view more
Cisco Prime Infrastructure log4j Security Patch Upgrade Proc...
Created by sridhkri on 04-25-2022 10:00 PM
0
0
0
0
What is Log4j? The Log4j vulnerability allows malicious attackers to execute code remotely on any targeted computer, the Apache Software Foundation disclosed a security vulnerability in a widely-used Java software library called Log4j. What is t... view more
Prime 3.10.1 upgrade procedure
Created by sridhkri on 03-22-2022 03:06 AM
0
0
0
0
Below procedure for installing from prime 3.10 to 3.10.1   Pre-requisite for any MR release upgrade   Take the backup of prime db on external tftp server (recommended). If you are running on VM than take a snap-shop of prime VM so you can resto... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad