IEEE Std 802.11 and IEEE Std 802.1X-2004

4.10 IEEE Std 802.11 and IEEE Std 802.1X-2004

4.10.1 General
An RSNA relies on IEEE Std 802.1X-2004 to provide authentication services and uses the IEEE 802.11 key
management scheme defined in 11.6. The IEEE 802.1X access control mechanisms apply to the association
between a STA and an AP and to the relationship between the IBSS STA and STA peer. The AP’s SME
performs the Authenticator and, optionally, the Supplicant and AS roles. In an ESS, a non-AP STA’s SME
performs the Supplicant role. In an IBSS the SME takes on both the Supplicant and Authenticator roles and
may take on the AS role.
4.10.2 IEEE 802.11 usage of IEEE Std 802.1X-2004
IEEE Std 802.11 depends upon IEEE Std 802.1X-2004 to control the flow of MAC service data units
(MSDUs) between the DS and STAs by use of the IEEE 802.1X Controlled/Uncontrolled Port model. IEEE
802.1X authentication frames are transmitted in IEEE 802.11 data frames and passed via the IEEE 802.1X
Uncontrolled Port. The IEEE 802.1X Controlled Port is blocked from passing general data traffic between
two STAs until an IEEE 802.1X authentication procedure completes successfully over the IEEE 802.1X
Uncontrolled Port. It is the responsibility of both the Supplicant and the Authenticator to implement port
blocking. Each association between a pair of STAs creates a unique pair of IEEE 802.1X Ports, and
authentication takes place relative to those ports alone.
IEEE Std 802.11 depends upon IEEE Std 802.1X-2004 and the 4-Way Handshake, FT 4-Way Handshake,
FT Protocol, FT Resource Request Protocol, and Group Key Handshake, described in Clause 11 and
Clause 12, to establish and change cryptographic keys. Keys are established after authentication has
completed. Keys may change for a variety of reasons, including expiration of an IEEE 802.1X
authentication timer, key compromise, danger of compromise, or policy.