WPA2 Association Requirements

Before the 802.11 device can associate and authenticate by using WPA2, it must be configured as follows:

  • The driver's network mode must have previously been set to Ndis802_11Infrastructure.

  • The driver's encryption mode must have previously been set to Encryption3 through OID_802_11_ENCRYPTION_STATUS.

  • For infrastructure networks, the driver's authentication mode must have previously been set to either Ndis802_11AuthModeWPA2 or Ndis802_11AuthModeWPA2PSK through OID_802_11_AUTHENTICATION_MODE.

  • The driver's desired SSID must have been previously set through OID_802_11_SSID.

The 802.11 device must process the Robust Secure Network (RSN) information element (IE) for WPA2 associations. The RSN IE has an element identifier of 0x30. The device only associates with an access point (AP) whose beacons or probe responses contain the RSN IE.

The device can associate only if it finds a match of its encryption and authentication modes in the RSN IE from the beacon or probe response. In the 802.11 association request that it sends, the device must prepare an RSN IE with the matching authentication and encryption modes that it wants to use.

If the miniport driver has entries in its PMK cache, then it must include those entries in the PMKID list member of the RSN IE that it sends within the 802.11 association or reassociation request to the AP.

Note   When queried for OID_802_11_ASSOCIATION_INFORMATION, the miniport driver must return the RSN IE that it sent in the 802.11 association request. This is required by the supplicant for processing the WPA2 authentication handshake protocol.

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft