Authentication may be a null process, as in the case of a new AP and NIC with default configurations in place. The client will send an authentication request frame to the AP and the frame will be accepted or rejected by the AP. The client is notified of the response via an authentication response frame. The AP may also be configured to hand off the authentication task to an authentication server, which would perform a more thorough credentialing process.

Association, performed after authentication, is the state that permits a client to use the services of the AP to transfer data.

Authentication and Association types

• Unauthenticated and unassociated

• The node is disconnected from the network and not associated to an access point.

• Authenticated and unassociated

• The node has been authenticated on the network but has not yet associated with the access point.

• Authenticated and associated

• The node is connected to the network and able to transmit and receive data through the access point.

Methods of authentication
IEEE 802.11 lists two types of authentication processes.

The first authentication process is the open system. This is an open connectivity standard in which only the SSID must match. This may be used in a secure or non-secure environment although the ability of low level network ‘sniffers’ to discover the SSID of the WLAN is high.

The second process is the shared key. This process requires the use of Wireless Equivalency Protocol (WEP) encryption. WEP is a fairly simple algorithm using 64 and 128 bit keys. The AP is configured with an encrypted key and nodes attempting to access the network through the AP must have a matching key. Statically assigned WEP keys provide a higher level of security than the open system but are definitely not hack proof.

The problem of unauthorized entry into WLANs is being addressed by a number of new security solution technologies.

Web Links Authentication and Authorisation for WLAN using 802.1X http://www.surfnet.nl/innovatie/wlan/