Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
4-14
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Compatible Extensions
Figure 4-9
Four-Way Handshake
The keys used for encryption are derived from the PMK that has been mutually derived during the EAP
authentication section. This PMK is sent to the authenticator in the EAP success message, but is not
forwarded to the supplicant because the supplicant has derived its own copy of the PMK.
authentication section. This PMK is sent to the authenticator in the EAP success message, but is not
forwarded to the supplicant because the supplicant has derived its own copy of the PMK.
1.
The authenticator sends an EAPOL-Key frame containing an authenticator nonce (ANonce), which
is a random number generated by the authenticator.
is a random number generated by the authenticator.
a.
The supplicant derives a PTK from the ANonce and supplicant nonce (SNonce), which is a
random number generated by the client/supplicant.
random number generated by the client/supplicant.
2.
The supplicant sends an EAPOL-Key frame containing an SNonce, the RSN information element
from the (re)association request frame, and an MIC.
from the (re)association request frame, and an MIC.
a.
The authenticator derives a PTK from the ANonce and SNonce and validates the MIC in the
EAPOL-Key frame.
EAPOL-Key frame.
3.
The authenticator sends an EAPOL-Key frame containing the ANonce, the RSN information
element from its beacon or probe response messages; the MIC, determining whether to install the
temporal keys; and the encapsulated group temporal key (GTK), the multicast encryption key.
element from its beacon or probe response messages; the MIC, determining whether to install the
temporal keys; and the encapsulated group temporal key (GTK), the multicast encryption key.
4.
The supplicant sends an EAPOL-Key frame to confirm that the temporal keys are installed.
Cisco Compatible Extensions
The Cisco Compatible Extensions program helps promote the widespread availability of client devices
that are interoperable with a Cisco WLAN infrastructure, and takes advantage of Cisco-specific
innovations for enhanced security, mobility, quality of service (QoS), and network management.
that are interoperable with a Cisco WLAN infrastructure, and takes advantage of Cisco-specific
innovations for enhanced security, mobility, quality of service (QoS), and network management.
Cisco Compatible Extensions build on the 802.11 and IETF standards, in addition to Wi-Fi Alliance
certifications to create a superset of WLAN features, as shown in
certifications to create a superset of WLAN features, as shown in
. Even if a customer is not
planning to deploy a Cisco Unified Wireless Network, the use of a Cisco Compatible Extensions WLAN
adapter is a wise choice because it offers a simple way of tracking the standards supported and
certifications associated with WLAN client devices.
adapter is a wise choice because it offers a simple way of tracking the standards supported and
certifications associated with WLAN client devices.
221278
LWAPP
Enterprise
Network
ANonce
SNonce (MIC)
Ready to use MIC, GTK
OK, use
1
2
3
4
EAP Success
PMK
PMK
PTK
PTK
4 way handshake
EAP Success
LWAPP
Supplicant
Authenticator