802.11 Authentication Modes

  • Article

An authentication mode defines the procedure that the 802.11 device uses when it authenticates and associates with an access point or IBSS cell. Authentication modes are set or queried through OID_802_11_AUTHENTICATION_MODE.

NDIS defines the following authentication modes:

  • Ndis802_11AuthModeOpen
    Specifies IEEE 802.11 Open System authentication.

  • Ndis802_11AuthModeShared
    Specifies IEEE 802.11 Shared Key authentication that uses a preshared WEP key.

  • Ndis802_11AuthModeWPA
    Specifies WPA security. Authentication is performed between the supplicant, authenticator, and authentication server over IEEE 802.1X. Encryption keys are dynamic and are derived through the authentication process.

  • Ndis802_11AuthModeWPAPSK
    Specifies WPA security. Authentication is performed between the supplicant and authenticator over IEEE 802.1X. Encryption keys are dynamic and are derived through the preshared key used by the supplicant and authenticator.

  • Ndis802_11AuthModeWPANone
    Specifies WPA security. Specifies the use of a preshared key without IEEE 802.1X authentication. Encryption keys are static and are derived through the preshared key. This mode is applicable only to ad hoc network types.

  • Ndis802_11AuthModeWPA2
    Specifies WPA2 security. Authentication is performed between the supplicant, authenticator, and authentication server over IEEE 802.1X. Encryption keys are dynamic and are derived through the authentication process.

  • Ndis802_11AuthModeWPA2PSK
    Specifies WPA2 security. Authentication is performed between the supplicant and authenticator over IEEE 802 1X. Encryption keys are dynamic and are derived through the preshared key used by the supplicant and authenticator.

The following table lists the various combinations of authentication and encryption modes that are valid for network association. The table also lists the requirements for a valid encryption key prior to association.

If the device is configured with any combination of network, authentication, and encryption modes that is not listed in this table, then the device must not attempt to associate and must not generate a media connect indication. If the device is configured with an invalid combination of network, authentication, and encryption modes while associated, then it must generate a media disconnect indication.

Network mode Authentication mode Encryption mode Transmit key required before associating

Infrastructure

Ndis802_11AuthModeOpen

None

No

Infrastructure

Ndis802_11AuthModeOpen

Encryption1

Yes

Infrastructure

Ndis802_11AuthModeShared

Encryption1

Yes

Infrastructure

Ndis802_11AuthModeWPA

Encryption2/Encryption3

No

Infrastructure

Ndis802_11AuthModeWPAPSK

Encryption2/Encryption3

No

Infrastructure

Ndis802_11AuthModeWPA2

Encryption3

No

Infrastructure

Ndis802_11AuthModeWPA2PSK

Encryption3

No

Ad hoc

Ndis802_11AuthModeOpen

None

No

Ad hoc

Ndis802_11AuthModeOpen

Encryption1

Yes

Ad hoc

Ndis802_11AuthModeShared

Encryption1

Yes

Ad hoc

Ndis802_11AuthModeWPANone

Encryption2/Encryption3

Yes

 

 

 

Send comments about this topic to Microsoft