1. Home
  2. Networking
  3. Wireless lan security

WLAN State Diagram

Now look at the state diagram of an STA. The state diagram in Figure 4-7 defines the states of STA with respect to a wireless medium in an ESS.

Figure 4-7. STA State Diagram


The state transitions occur based on the outcome of the WLAN services. The STA/client starts out in an unauthenticated, unassociated state. The first step is to authenticate utilizing the authentication service; the authentication steps needed depend on the authentication requirements of the APs and DS. Perhaps open authentication is sufficient, or perhaps 802.11i authentication is required. A successful authentication transitions the STA to state 2. The next step is to associate, and a successful association transitions the STA to fully functional. The state transitions also happen through the deauthentication, disassociation, and reassociation services.

Note that the deauthentication and disassociation services are notifications; as discussed previously, a notification cannot be denied. Therefore, after an STA sends or receives these messages, the state transition is automatic.

The authentication process, of course, is based on the type of authentication, the policies in place for the APs, and the back-end network (for example, DS). Similarly, the association process can be based on capabilities including QoS, throughput, and load. The authentication, association, and disassociation requests can be denied; hence, the messages that are associated with these processes require the successful result from these services to transition the state.

Another important point to note is about the frames permitted at each state. Each state has associated frames that can be exchanged. The class 1 frames include essential communication frames, probe, beacon, authentication, and deauthentication. Class 2 frames include association, disassociation, and reassociation frames. Class 3 includes all data frames. Figure 4-7 shows which frames are allowed at each state.

Note

Note the following points:

  • The importance of the "authentication" frames pertains only to 802.11, and the frames are pre-802.1x authentication.

  • You should note the lack of state or acknowledgement of these frames. This information might be relevant to protocol-based security discussions.

  • The frames that aren't allowed are blocked.

  • Because authentication takes a relatively long time, optimizations are sought out in which either authentication information is cached in such a way that different APs can access it, or one-time authentication is done with multiple APs. This way, a client can roam between APs by changing the association and without requiring authentication.
    		Chapter 1. Securing WLANs Overview
    		Chapter 2. Basic Security Mechanics and Mechanisms
    		Chapter 3. WLAN Standards
    		Chapter 4. WLAN Fundamentals
    		WLAN: Elements and Characteristics
    		WLAN Basic Topology
    		WLAN Building Blocks
    		WLAN State Diagram
    		Basic Choreography
    		Summary
    		Chapter 5. WLAN Basic Authentication and Privacy Methods
    		Chapter 6. Wireless Vulnerabilities
    		Chapter 7. EAP Authentication Protocols for WLANs
    		Chapter 8. WLAN Encryption and Data Integrity Protocols
    		Chapter 9. SWAN: End-to-End Security Deployment
    		Chapter 10. Design Guidelines for Secure WLAN
    		Chapter 11. Operational and Design Considerations for Secure WLANs
    		Chapter 12. WLAN Security Configuration Guidelines and Examples
    		Chapter 13. WLAN Deployment Examples
    		Appendix A. Resources and References