wpa_supplicant WPA2-PSK authentification times

Schulte Stefan Stefan.Schulte at VIEGA.DE
Mon Mar 8 04:31:19 EST 2010


Greetings,

I'm trying to set up a seamless roaming environment in our company, with linux rich-thin clients.
As access points we have cisco industry APs connected to a cisco wlan controller.

As I understood it, proactive key caching doesn't matter as I don't have a RADIUS server anyways. So the 4way-handshake plus the 4way-group handshake has to happen every time the client connects to another AP, right?

The 4way handshake stuff takes considerable time when roaming, so I take it that something with the configuration is wrong (either on supplicant or authentificator side), as I read comments that it shouldn't take longer than some 100 milliseconds.
Currently it takes about 8 seconds roughly. The log output with timestamps and my wpa_supplicant configuration file can be found in this mails attachment.

There are two points that take way too long:


1268048247.043680: RSN: PMKID from Authenticator - hexdump(len=16): 76 d7 84 9e 81 ac 57 c0 29 cc c1 5a 7b fc a8 b2
1268048247.043744: RSN: no matching PMKID found
1268048247.063012: WPA: Renewed SNonce - hexdump(len=32): e8 72 3a bc c6 2d 5e a0 f8 f2 16 d1 af a0 b5 09 47 83 d0 b7 5e 28 8e 5c 81 37 6a 81 ed f0 71 ce
1268048247.063313: WPA: PTK derivation - A1=00:15:6d:54:c5:f2 A2=00:23:33:a4:b4:a2

Something about no pre-cached keys found in the driver? Should the driver have them, or is it normal behaviour?

And:

1268048247.063388: WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
1268048247.063489: WPA: Sending EAPOL-Key 2/4
1268048247.068555: RX EAPOL from 00:23:33:a4:b4:a2
1268048247.068597: IEEE 802.1X RX: version=2 type=3 length=151

The supplicant sends some sort of key to the AP and has to wait about 5 seconds until he get a result?


Really appreciate your help. Also some hints for good resources to understand the detailed processes that happen during authentification would be great, as I don't want you all to fix the problem for me alone..

With regards


Mit freundlichen Grüßen

Stefan Schulte
GB Finanzen und IT
IT-Logistik

Viega GmbH & Co. KG
Zum langen Acker 7, D-57439 Attendorn
Telefon (+49) 2722 61 35 85, Telefax (+49) 2722 61 94 35 85
Email: stefan.schulte at viega.de <http://www.viega.de/>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20100308/408d3b94/attachment.htm 


More information about the HostAP mailing list