GTK and 802.11R Fast BSS Transition

Jouni Malinen j at w1.fi
Sun Jun 1 08:23:12 EDT 2014


On Wed, Apr 16, 2014 at 11:23:10AM +0530, kiran k wrote:
> When Fast BSS Transition is enabled on an AP1 and AP2, do we support GTK
> timeout. The scenario I have is
> 1 ) Station1 associates to AP1 enabled for Fast BSS Transition (11R).
> Station1 does initial authentication.Do we support GTK rekey timeout after
> initial authentication.

Yes

> 2) Station2 initally associates to AP2 using FT and roams to AP1. Now in
> this case if GTK rekey times out on AP1 do we need to rerun group key state
> machine and generate new GTK key. Station2 in my case does not seem to
> honor EAPOL key messages for GTK key refresh from AP1.

This did not work previously, but works now after this commit:
http://w1.fi/cgit/hostap/commit/?id=3d4d2348c092fc3236504507466ff565c39d060a

In other words, hostapd did not allow GTK rekey to be sent to the
station that used FT protocol. This worked fine in wpa_supplicant,
though, and after that commit, the group rekey exchange goes through
fine after use of FT protocol as well.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list