Client and Access Point Association
A key part of the 802.11 process is discovering a WLAN and subsequently connecting to it. The primary components of this process are as follows:
Beacons – Frames used by the WLAN network to advertise its presence.
Probes – Frames used by WLAN clients to find their networks.
Authentication – A process, which is an artifact from the original 802.11 standard, but still required by the standard.
Association – The process for establishing the data link between an access point and a WLAN client.
The primary purpose of the beacon is to allow WLAN clients to learn which networks and access points are available in a given area, thereby allowing them to choose which network and access point to use. Access points may broadcast beacons periodically.
Although beacons may regularly be broadcast by an access point, the frames for probin, authentication, and association are used only during the association (or reassociation) process.
The 802.11 Join Process (Association)
Before an 802.11 client can send data over a WLAN network, it goes through the following three-stage process:
Click the Probe button in the figure.
Stage 1 – 802.11 probing
Clients search for a specific network by sending a probe request out on multiple channels. The probe request specifies the network name (SSID) and bit rates. A typical WLAN client is configured with a desired SSID, so probe requests from the WLAN client contain the SSID of the desired WLAN network.
If the WLAN client is simply trying to discover the available WLAN networks, it can send out a probe request with no SSID, and all access points that are configured to respond to this type of query respond. WLANs with the broadcast SSID feature disabled do not respond.
Click the Authenticate button in the figure.
Stage 2 – 802.11 authentication
802.11 was originally developed with two authentication mechanisms. The first one, called open authentication, is fundamentally a NULL authentication where the client says “authenticate me,” and the access point responds with “yes.” This is the mechanism used in almost all 802.11 deployments.
A second authentication mechanism is based on a key that is shared between the client station and the access point called the Wired Equivalency Protection (WEP) key. The idea of the shared WEP key is that it gives a wireless link the equivalent privacy of a wired link, but the original implementation of this authentication method was flawed. Although shared key authentication needs to be included in client and access point implementations for overall standards compliance, it is not used or recommended.
Click the Associate button in the figure.
Stage 3 – 802.11 association
This stage finalizes the security and bit rate options, and establishes the data link between the WLAN client and the access point. As part of this stage, the client learns the BSSID, which is the access point MAC address, and the access point maps a logical port known as the association identifier (AID) to the WLAN client. The AID is equivalent to a port on a switch. The association process allows the infrastructure switch to keep track of frames destined for the WLAN client so that they can be forwarded.
Once a WLAN client has associated with an access point, traffic is now able to travel back and forth between the two devices.