01-06-2017 12:45 AM - edited 07-05-2021 06:19 AM
Hello,
All the tech docs state that the client authentication process take place before the association. However on the controller I see clients which are associated but not authenticated. How is this possible?
01-06-2017 12:21 PM
There are two types of authentication. Open System Authentication & 802.1X based authentication.
So you will see two authentication frames (
https://mrncciew.com/2014/08/19/cwsp-legacy-802-11-securiry/
Once this finished, then user authentication starts.
HTH
Rasika
*** Pls rate all useful responses ***
01-07-2017 01:52 AM
So independent of the configured authentication PSK/802.1X user authentication always in first place we have open authentication then client association and then the final user authentication?
01-07-2017 07:50 AM
Just to add to Rasika's comments... Open auth with webauth (layer 3 auth) for example, clients need to get an ip prior to hitting a portal page, then the auth will happen. So anything that is not open and uses a layer 2 encryption will need to get auth first then if passed will get an ip and be placed on the network.
-Scott
*** Please rate helpful posts ***
01-09-2017 10:52 AM
Scott, the screenshot that is attached in the first post is from an SSID configured with PSK. I see associated clients which are not authenticated. I bet that these are someones that have tried to connect but the not know the shared secret. How is it possible to be associated than?
01-09-2017 11:09 AM
You first associate, means the device is trying to connect to that SSID, then you move to authenticated if you pass authentication. You will see this also with Webauth where devices connect automatically but need user intervention to hit accessory or enter credentials.
-Scott
*** Please rate helpful posts ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide