We have created an SSID, We need to have some kind of security now, as for the one created anyone can connect with no password or encryption. This means if anyone wants to do a packet capture over the air, they can actually see all the packets clearly.
But, authentication? Authentication with what, or where? Fear not, We will explain everyone.
There are different kind of authentication and encryption, They don't always go together, meaning we can have authentication in Layer 2 and Layer 3 but this does not mean we will have encryption.
There are use cases for everything.
As for this entry We are going to focus on "OPEN" Layer 2 authentication first.
Meraki has done things easy for us in some of this authentications.
First we need to head to "Wireless > Access Control". Once there, the first block presented on the page is our Layer 2 authentication, I have remark it below just for it to be clear.
As you can see Meraki has actually put the word "(no encryption)" in layer 2 authentication that do not have any encryption.
The first authentication we can see is "Open", this is the default setting an SSID created is made with.
In the wireless world we need to understand the association to the access point itself, therefore, I will explain below how 802.11 protocol works.
When the SSID we created is "enabled" the access point will start sending beacons, this packet is meant to tell the stations (our client devices), there is an SSID available, announcing its own properties, as for example, bitrate, encryption, name, channels and more.
I have created an SSID with open authentication called "J-VALENTINE" and below, I will show you the beacon it is broadcasting.
Once We have our SSID announcing over the air, thanks to the beacons, the client will do the next process as for 802.11 protocol.
 |
| I have used a "me" as a STA (station) since it can be anything that supports wireless, this is not attach to a cellphone or pc, it is every wireless client that wants to associate. |
In order to associate and start sending and receiving data at least this process needs to complete.
Step 1.- Probe request (STA). This packet is actually saying: "Hey, I see your beacon and I support the following data rates and have the following capabilities, can we talk?
Step 2.- Probe response (AP). The access point see this request and the question and if everything is matching and have values in common it says "Of course, we can talk my dear friend, since we are using the same language, however, let's make sure every word means the same and we are not talking at the same time, and other stuffs".
Step 3.- Authentication request (STA), This is just as part of the protocol, As you can see below, the sequence sent is "1".
Step 4.- Authentication response (AP). The STA has sent a 1 so we should send a "2" just to say, it is ok, let's continue.
It is very important for us not to confuse this first authentication on association with the encryption authentication.
This authentication is just per protocol and it has a null value, it usually just uses sequence 1 on request and 2 on response.
Step 5.- Association request (STA). Ok, so we are good, let's talk here is the time I am going to use to talk and how often I am going to sleep, just to save power, also I can support the following features.
Step 6.- Association response (AP). Ok, looks like everything match, I will try not to bother you while you sleep, Also, we can talk using this method and speed, I will use or not use the following features.
Everyone is happy now, we are able to send DATA
As always, official Meraki Documentation is here.
Cheers!.
No hay comentarios:
Publicar un comentario