Cisco Cisco 2504 Wireless Controller Manual Técnica
Note: If you want to learn about 802.11 wireless sniffing, and about the filters/colors used on
Wireshark for the captures that appear in this document, visit the Cisco Support Community
post called
Wireshark for the captures that appear in this document, visit the Cisco Support Community
post called
The wireless client begins with the Authentication frame, and the AP replies with another
Authentication frame. The client then sends the Association Request frame, and the AP finishes in
a reply with the Association Response frame. As shown from the DHCP packets, once the 802.11
Open System authentication and association processes are passed, the client begins to pass data
frames. In this case, there is no security method configured on the SSID, so the client immediately
begins to send data frames (in this case DHCP) that are not encrypted.
Authentication frame. The client then sends the Association Request frame, and the AP finishes in
a reply with the Association Response frame. As shown from the DHCP packets, once the 802.11
Open System authentication and association processes are passed, the client begins to pass data
frames. In this case, there is no security method configured on the SSID, so the client immediately
begins to send data frames (in this case DHCP) that are not encrypted.
As shown later in this document, if security is enabled on the SSID, there are higher-level
authentication and encryption handshake frames for the specific security method, just after the
Association Response and before sending any client traffic data frames, such as DHCP, Address
Resolution Protocol (ARP), and applications packets, which are encrypted. Data frames can only
be sent until the client is fully authenticated, and the encryption keys are negotiated, based on the
security method configured.
authentication and encryption handshake frames for the specific security method, just after the
Association Response and before sending any client traffic data frames, such as DHCP, Address
Resolution Protocol (ARP), and applications packets, which are encrypted. Data frames can only
be sent until the client is fully authenticated, and the encryption keys are negotiated, based on the
security method configured.
Based on the previous capture, here are the messages that you see in the outputs of the WLC
debug client command when the wireless client begins a new association to the WLAN:
debug client command when the wireless client begins a new association to the WLAN:
*apfMsConnTask_0: Jun 21 18:55:14.221: 00:40:96:b7:ab:5c
Association received from mobile on BSSID 84:78:ac:f0:68:d0
!--- This is the Association Request from the wireless client
to the selected AP
.
*apfMsConnTask_0: Jun 21 18:55:14.222: 00:40:96:b7:ab:5c
Sending Assoc Response to station on BSSID 84:78:ac:f0:68:d0
(status 0) ApVapId 1 Slot 0
!--- This is the Association Response from the AP to the client
.
Note: The WLC debug used for the outputs shown in this document is the debug client
command, and the examples only show some relevant messages, not the entire output. For
more details about this debug command, reference the document called
command, and the examples only show some relevant messages, not the entire output. For
more details about this debug command, reference the document called
These messages show the Association Request and Response frames; the initial Authentication
frames are not logged at the WLC because this handshake happens quickly at the AP-level on the
CUWN.
frames are not logged at the WLC because this handshake happens quickly at the AP-level on the
CUWN.
What information appears when the client roams? The client always exchanges four management
frames upon establishment of a connection to an AP, which is due to either client establishment of
association, or a roaming event. The client has only one connection established to only one AP at
a time. The only difference in the frame exchange between a new connection to the WLAN
infrastructure and a roaming event is that the Association frames of a roaming event are
called Reassociation frames, which indicate that the client is actually roaming from another AP
with no attempts to establish a new association to the WLAN. These frames can contain different
elements that are used in order to negotiate the roaming event; this depends on the setup, but
those details are out of the scope of this document.
frames upon establishment of a connection to an AP, which is due to either client establishment of
association, or a roaming event. The client has only one connection established to only one AP at
a time. The only difference in the frame exchange between a new connection to the WLAN
infrastructure and a roaming event is that the Association frames of a roaming event are
called Reassociation frames, which indicate that the client is actually roaming from another AP
with no attempts to establish a new association to the WLAN. These frames can contain different
elements that are used in order to negotiate the roaming event; this depends on the setup, but
those details are out of the scope of this document.