WPA - AP association Issue

Bryan Kadzban bryan at kadzban.is-a-geek.net
Wed Oct 24 21:39:19 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mr. Maloomnahi wrote:
> I also wanted the same ans as to 1] why the STA selected this AP for
> association and

I don't know.  I assume there was something else going on in the wext
backend in wpa_supplicant that made it associate, but I don't see
anything obvious in the logs.  (However, I'm not that familiar with the
wext backend; I normally only use the ndis backend, on the Windows port
of wpa_supplicant.)

> 2] how it associated to the AP if the settings were not the same.

If wpa_supplicant itself was not involved in the association, then
that's how it happened: whatever program *was* doing the association
told the hardware to associate to that BSSID, and so it did.  The 802.11
association protocol doesn't force clients to understand or support the
WPA/WPA2 information that the AP provides; association is a simple
exchange of 4 frames (2 in each direction).

Of course, once you're associated, if you don't follow through on the
WPA method that the AP requires, you won't be able to pass any traffic.
And some APs may force you back off eventually, too.  But you would be
associated for a short time.

Anyway, if wpa_supplicant is doing the scanning (ap_scan=1 or that
setting isn't provided), then wpa_supplicant asks the driver to do a
scan, and processes the resulting list of APs.  It should go through
each AP until it finds one that it has a network match for (in the order
of each network's priority), then associate to that AP.

If ap_scan=0, then wpa_supplicant does not ask the driver to associate
at all.  This is (likely?) not a good mode to use in your case.

If ap_scan=2, then wpa_supplicant associates by SSID and security policy
*only*, not BSSID (it tries each network block in order).  So it's up to
the backend or the driver to scan and choose a BSSID: assuming the
driver makes this choice properly, you won't have a security option
mismatch.  However, this mode isn't supported by all backends: the NDIS
backend on Windows handles it quite well (since that's how NDIS works),
but I don't know whether wext does.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHH/PGS5vET1Wea5wRA06lAJ9p/X6c4ZqC94j6YSrwvBg5kZPFDwCgonF9
nBwfcUfsaiP0gTcLMII0Pjk=
=IOCY
-----END PGP SIGNATURE-----



More information about the HostAP mailing list