Reset Search
 

 

Article

What is management frame protection and how does it help secure my wireless infrastructure

« Go Back

Information

 
TitleWhat is management frame protection and how does it help secure my wireless infrastructure
Question
What is management frame protection and how does it help secure my wireless infrastructure?
Environment
  • Extreme Wireless
  • MFP (Management Frame Protection)
  • PMF (Protected Management Frames)
  • Security
  • 802.11w-2009
  • WPA v2
  • Encryption
Answer
This feature protects stations against forged management frames spoofed from other devices that might otherwise disrupt a valid user session.  MFP is negotiated between the client and AP.  Because the management frames are encrypted it is required that wpa/v2 is enabled in wireless service configuration.

If the client and AP are capable of supporting MFP, RSN information elements (IE) are passed during the authentication phase, the image below shows a client M2 frame not supporting MFP:
Some wireless clients may not work with MFP enabled as the clients do not support or understand the additional information included in the MFP encryption. This is known as the Message Integrity Check ( MIC )
It is Best Practice to test all your allowed and known network client devices on MFP enabled WLAN's prior to going live on the network whenever possible.  New deployments etc.   

User-added image

 Frames that are protected once negotiation is completed include:
  • Disassociation
  • Deauthentication
  • QoS Action

 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255