Connectivity and Data Protection
After authenticating with the access point, a station must complete the
association process by sending an Association Request frame to the
access point. The access point then responds with an Association
Response frame that includes information regarding the BSS. At this
point, the client station has joined the BSS and is able to send and
receive data frames. This process can be seen in Figures 3.2 and 3.3
above.
Use of 802.1X/EAP based authentication mechanisms are very
common in today’s wireless LANs. It is important to point out that
802.1X/EAP authentication is actually comprised of two separate
authentication and association processes. First, Open System
authentication followed by association is used to connect the station to
the access point so that the access point can talk to the station for the
purpose of the second authentication process: EAP authentication.
Figure 3.4 illustrates the steps you might see in a wireless protocol
analyzer while analyzing the authentication and association of a
wireless station using 802.1X/EAP as the security protocol. Following
this exchange, all data frames will be encrypted. 802.1X/EAP
authentication is covered in more detail in the Data Protection portion
of this chapter.
FIGURE 3.4
802.1X/EAP Authentication and Association Process
