Wednesday, 18 December 2013

EAP based setup based on external registrar

Station willing to connect to AP, sends out a probe request with WPS IE, request type set to enrollee.

AP sends a Wi-Fi Simple Configuration probe response to the Registrar with
Response Type set to AP.

After this M1 to M8 exchange occurs. Enrollee (the station) may decide to associate to a WSC-enabled AP and initiate the registration protocol by sending message M1 to the Registrar; assuming that
the Registrar is not yet prepared to enroll the candidate enrollee it will respond with message M2D.

M2D – this message indicates that the Registrar is unable to authenticate with the Enrollee, but it is willing to provide descriptive information about the Registrar to the Enrollee.

Phase 1:
1. The Enrollee sends its Discovery message using an 802.11 probe request. The
Discovery message is broadcast by the AP to all external Registrars.
2. The AP responds to the probe request with its own Discovery data.
3. The Enrollee connects to the AP and initiates 802.1X.
4. The Enrollee‟s M1 message is proxied to all External Registrars as UPnP events.
Each active Registrar (Internal Registrar, if enabled, and all the External
Registrars that have subscribed to receive UPnP events from the AP) should
send M2 or M2D.
5. The two external Registrars send M2D messages to the AP. The AP queues
these up for delivery to the Enrollee.
6.The AP sequentially delivers the M2D messages to the Enrollee, which responds
with ACK messages to each one. After the last M2D has been delivered without
a WSC_MSG response, the AP sends EAP-Failure to terminate the 802.1X

Phase 2:
1. Enter PIN in ER.
2. Registrar notifies the AP when it becomes active by setting the Selected Registrar attribute to TRUE
3. After the AP receives a SetSelectedRegistrar UPnP action with Selected Registrar TRUE, AP incorporates Selected Registrar flag set to TRUE in its Beacons and Probe Responses
4. Enrollee reconnects and restarts the 802.1X authentication. This time, Registrar sends an M2 message rather than an M2D message.
5. The Enrollee and Registrar engage in the complete Registration Protocol until the
Enrollee is provisioned with its Credential.

1 comment:

  1. Thanks RAmapriya.

    Why at last "DE-Authentication" happening, could you please elaborate it?