Forum

Hii Everybody

I have a doubt ragarding wireless distributon system , will the use 802.11i is possible for the WDS link.Will the wds link will be able to use encrption having dynamic and rotating keys. who will act as authenticator and supplicant.

suppose we have

sta1 <-----> AP1 <----WDS---->AP2 <------> Sta2

How will the TKIP or 802.11i will work for WDS.

how the process will go ? plz help me out in understanding this.

Hi Vinay:

I do not find a direct reference to Wireless Distribution System (WDS) in the 802.11i amendment.

I do find much there about how the new features of 802.11i, including 802.1X based Authentication and Key Management (AKM) work with an Independent Basic Service Set (IBSS) which by definition includes no access point (AP) station (STA).

Notice in the next paragraph that a Robust Security Network Association (RSNA) compliant IBSS STA operates both as Authenticator and as Supplicant.

IEEE 802.11 5.2.2.2: "An RSNA relies on several components external to the IEEE 802.11 architecture. The first component is an IEEE 802.1X port access entity (PAE). PAEs are present on all STAs in an RSNA and control the forwarding of data to and from the medium access control (MAC). An access point (AP) always implements an Authenticator PAE and implements the EAP Authenticator role, and a STA always implements a Supplicant PAE and implements the Extensible Authentication Protocol (EAP) peer role. In an independent basic service set (IBSS), each STA implements both an Authenticator PAE and a Supplicant PAE and both the EAP Authenticator and EAP peer roles.

"A second component is the Authentication Server (AS). The AS may authenticate the elements of the RSNA itself, i.e., the non-AP STAs; and APs may provide material that the RSNA elements can use to authenticate each other. The AS communicates through the IEEE 802.1X Authenticator with the IEEE 802.1X Supplicant on each STA, enabling the STA to be authenticated to the AS and vice versa. An RSNA depends upon the use of an EAP method that supports mutual authentication of the AS and the STA. In certain applications, the AS may be integrated into the same physical device as the AP, or into a STA in an IBSS."

By implication an RSNA compliant AP STA that forms a WDS with another RSNA compliant STA also operates both as Authenticator and as Supplicant.

I hope this helps. Thanks. /criss

Hi Criss,

Sorry for Asking the same question Again.

Will Broadcast and unicast key rotation happen over a WDS setup of say
6 APs. AKM is still Applicable for the APs too.

Best Regards,

S.Senthilraj

Hi S.Senthilraj:

Sorry, I just noticed I owe a reply on this one.

Also sorry, I don't know any more about how two access points (AP) would use Robust Security Network Associations (RSNA) in a Wireless Distribution System (WDS) than what I guessed several months ago. I would like to though.

Thanks. /criss