802.11 State Machine

October 01, 2019  

The state of wireless client connectivity is not just having “Connected” or “Disconnected”. When we are doing the troubleshooting on WLAN connectivity issues, it is important for us to see the whole picture and understand different states of client connectivity. We can refer to the 802.11 State Machine for the four states:

State 1: Unauthenticated and Unassociated
State 2: Authenticated and Unassociated
State 3: Authenticated and Associated
State 4: Authenticated and Associated (Required in RSA authentication methods e.g. PSK or 802.1X/EAP)

Beacon
Beacon frame is one of the 802.11 management frame. It is transmitted periodically based on the defined beacon interval. The access point use beacon frame to advertise the presence of basic service set (BSS) and that contain all the necessary information for a client STA to learn about the parameters of the BSS.

Passive/Active Scanning
Before the client STA can connect to a wireless network, they need to first discover and access point and BSS. This will be done by two scanning methods: passive or active. In passive scanning, the client STA will listen for the beacon frame that are sent by the AP. In contrast, during the active scanning, the client STA will transmit a probe request and listen for a probe response from an AP.

Below is an example of the probe request and probe response for a client STA doing a directed probe request for specific SSID named “Hive-SSID”:

Beacon probing and passive/active scanning are being part of the unauthenticated and unassociated steps to enter State 1.



Authentication
This authentication process is not what commonly understand from network authentication where a security process require the client present valid username and password to complete the connection. What we are talking about is 802.11 authentication here. Once client STA has discovered an AP either by passive or active scanning, it will use 802.11 authentication management frame to proceed to State 2 of the 802.11 State Machine. The method of 802.11 authentication can be Open System authentication or Shared Key authentication. We are no longer using Shared Key authentication because it uses WEP to authenticate client STA which is an outdated security.

When the client STA has completed the 802.11 authentication, it will enter into State 2 which is authenticated but unassociated.

Association
The next step after authentication completed is association. The client STA will send an 802.11 association request management frame to the AP and request to associate to the network. The AP will process the association request to decide if a client request is allowed or denied. AP will then send an 802.11 association response management frame to client STA.

The AP response with status code to be Successful; Association ID is assigned to the associated client STA:

Now the client STA has entered the State 3 of 802.11 State Machine after successfully associated.

State 4
There will not be any State 4 if the BSS does not require RSA Authentication. The client STA will join the BSS once it has reached the State 3.

But if RSA authentication like PSK or 802.1X/EAP is used, the dynamic keying and authentication will need to take place in order for client STA to get to the State 4 and join the BSS. We will talk about different types of authentication methods in the coming blogs.