STA Access
STA access includes three phases: scanning, link authentication, and association.
Scanning
A STA can actively or passively scan wireless networks.
Active Scanning
The STA sends a Probe Request frame containing an SSID in each channel to search for the AP with the same SSID. Only the AP with the same SSID will respond to the STA. For example, in Figure 2-6, the STA sends a Probe Request frame containing SSID huawei to search for an AP with SSID huawei.
This method applies to the scenario where a STA actively scans wireless networks to access a specified wireless network.
The STA periodically broadcasts a Probe Request frame that does not contain an SSID in the supported channels as shown in Figure 2-7. The APs return Probe Response frames to notify the STA of the wireless services they can provide.
This method applies to the scenario where a STA actively scans wireless networks to determine whether wireless services are available.
Passive Scanning
In Figure 2-8, a STA listens on the Beacon frames that an AP periodically sends in each channel to obtain AP information. A Beacon frame contains information including the SSID and supported rate.
To save power of a STA, enable the STA to passively scan wireless networks. In most cases, VoIP terminals passively scan wireless networks.
Link Authentication
- Open system authentication: indicates no authentication. STAs are successfully authenticated as long as the AP to be associated supports this mode, as shown in Figure 2-9.
- Shared key authentication: requires that the STA and AP have the same shared key preconfigured. The AP checks whether the STA has the same shared key to determine whether the STA can be authenticated. If the STA has the same shared key as the AP, the STA can be authenticated. Otherwise, the STA cannot be authenticated.Figure 2-10 shows the shared key authentication process:
- The STA sends an Authentication Request packet to the AP.
- The AP generates a challenge and sends it to the STA.
- The STA uses the preconfigured key to encrypt the challenge and sends it to the AP.
- The AP uses the preconfigured key to decrypt the encrypted challenge and compares the decrypted challenge with the challenge sent to the STA. If the two challenges are the same, the STA can be authenticated. Otherwise, the STA cannot be authenticated.
Association
Client association refers to link negotiation. After link authentication is complete, a STA initiates link negotiation using Association packets, as shown in Figure 2-11.
- The STA sends an Association Request packet to the AP. The Association Request packet carries the STA's parameters and the parameters that the STA selects according to the service configuration, including the transmission rate, channel, QoS capabilities, access authentication algorithm, and encryption algorithm.
- The AP determines whether to authenticate the STA according to the received Association Request packet and replies with an Association Response packet.The STA determines whether it needs to be authenticated according to the received Association Response packet:
- If the STA does not need to be authenticated, the STA can access the wireless network.
- If the STA needs to be authenticated, the STA initiates user access authentication. After being authenticated, the STA can access the wireless network. For details about user access authentication, see NAC in Feature Description - Security.
