WPA2 Pre-Authentication Mechanism not working (RSNIE Field and sub-field)

Unanswered Question
Dec 1st, 2008

Hi all,

We have an issue where we have a wlan, and walk round pinging, and when the laptop connects to new AP, it does a full backend radius authentication (802.1x) YUK!!

So, just haveing a look at the standards.

SSID for WLAN is hidden so dont see beacons that advertise RSN capabilities. Would that be correct?

1. LT sends probe request (no RSN field in 802.11 managment frame)

2. AP sends probe response with RSNIE field (but no RSN capabilities SUB-FIELD which includes the pre-auth part) - IS THIS CORRECT or should the AP have the RSN capabilities sub-field in it that advertises to the laptop that it can support pre-auth with WPA2?

3. Laptop now sents an authentication request to the AP, with the RSNIE field, *** AND *** with the RSN capabilities SUB-FIELD saying "RSN Pre-auth capabilities: Transmitter does not support pre-authentication" = Value of Zero

4. AP sends Associaction response with no RSNIE field.

So the real question is Step 2:

IS THIS CORRECT or should the AP have the RSN capabilities sub-field in it that advertises to the laptop that it can support pre-auth with WPA2?

It looks like that in step3, the LT is saying I dont support the RSN pre-auth capability and we are working on this to try and fix it, but is the LT sending this as a response, BECAUSE the AP did not advertise it?

Many thx all for the valued help.

Kind regards,

Ken

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kfarrington Mon, 12/01/2008 - 11:32

Sorry all,

Forgot to mention. This is all based around:-

2 x 4404 WLCs (v4.2.112.0)

35 LAPs 1241AG

All APs are on the one controller with secondary as backup

Many thx indeed,

Ken

davidegias Thu, 08/27/2009 - 00:12

We are in the same situation, 2 wlc 4402 and lwapp AP (1231), eap-tls with Ias Radius. The pre authentication doesn't work in windows xp with: wzc, intel sw, cisco sw. The Rsn capabilities field in Rsn Information in AP beacon is set as the pre authentication was not supported by th AP. Have you solved your problem yet?

Thanks in advance

Davide

Actions

This Discussion

 

 

Trending Topics - Security & Network