On 11/17/2004 11:01 AM, Andrea G. Forte wrote:Why the authentication is done every single time L2 handoff occurs? Usually for 802.11b, I can cover a buildingHi all,
I am new to WPA/802.11i and I have a few doubts. I hope you can help me. What is not clear to me is how often a supplicant needs to authenticate to the server...is it everytime the supplicant performs a L2 handoff?
The supplicant needs to authenticate anytime it wishes to get L2 access. It is an extention of the Authenticate & Associate MAC processes.
floor with about two or three APs and for 802.11a each AP covers even a smaller area. This means that
I will have to authenticate even if I move "from one room to another" (exageration!).
This to me sounds like an uneccesary overhead.
How is my port blocked?Another doubt I have is: if I am a malicious user and set a static IP address and know the key, am I able to use the network or am I blocked somehow by the authenticator? How does the authenticator know if it has to block my ports or not when I connect to the AP?
Your port is blocked (by your MAC address and MAC state) at the AP until you pass authentication. IP has nothing to do with it. I'm not sure what "the key" you know, but session keys are derived dynamically from the master key. In fact you must know your "key", as it's not exchanged over the network. It could be your account password, or a machine certificate. What's different from WEP is the master key is unique per user, and the derived session key is unique for every authentication instance.
Also, if I return to an AP I previously authenticated with, does this AP have some sort of
"allowed" MAC list without having me to start the whole authentication process over (i.e. with exchange
of certificates, etc.) for a second time?
Good luck, Dave.
Thank you Dave for your precious help. Andrea
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html