OID_802_11_AUTHENTICATION_MODE

  • Article

When set, the OID_802_11_AUTHENTICATION_MODE OID requests that the miniport driver set its IEEE 802.11 authentication mode to the specified value. The miniport driver returns NDIS_STATUS_INVALID_DATA if an invalid value is specified. The miniport driver returns NDIS_STATUS_NOT_SUPPORTED if it does not support an authentication mode such as Ndis802_11AuthModeWPANone.

When queried, this OID requests that the miniport driver return its IEEE 802.11 authentication mode.

For more information regarding authentication modes, refer to 802.11 Authentication.

The data passed in a query or set of this OID is the NDIS_802_11_AUTHENTICATION_MODE enumeration. This enumeration defines the authentication modes as follows:

  • Ndis802_11AuthModeOpen
    Specifies IEEE 802.11 Open System authentication mode. In this mode, there are no checks performed during the 802.11 authentication.

  • Ndis802_11AuthModeShared
    Specifies IEEE 802.11 Shared Key authentication mode. This mode requires the use of a pre-shared Wired Equivalent Privacy (WEP) key for the 802.11 authentication.

  • Ndis802_11AuthModeAutoSwitch
    Specifies auto-switch mode. When using auto-switch mode, the device tries IEEE 802.11 Shared Key authentication mode first. If Shared Key authentication fails, the device attempts to use IEEE 802.11 Open System authentication mode.

    Note   The use of this setting is not recommended.

     

  • Ndis802_11AuthModeWPA
    Specifies WPA version 1 security for infrastructure mode. Authentication is performed between the supplicant, authenticator, and authentication server over IEEE 802.1X. Encryption keys are dynamic and are derived through the authentication process

    While in this authentication mode, the device will only associate with an access point whose beacon or probe responses contain the authentication suite of type 1 (802.1X) within the WPA information element (IE).

    This authentication mode is only valid for infrastructure network modes. The driver must return NDIS_STATUS_NOT_ACCEPTED if its network mode is set to ad hoc.

  • Ndis802_11AuthModeWPAPSK
    Specifies WPA version 1 security for infrastructure mode. Authentication is made between the supplicant and authenticator over IEEE 802.1X. Encryption keys are dynamic and are derived through a pre-shared key used on both the supplicant and authenticator.

    While in this authentication mode, the device will only associate with an access point whose beacon or probe responses contain the authentication suite of type 2 (pre-shared key) within the WPA information element (IE).

    This authentication mode is only valid for infrastructure network modes. The driver must return NDIS_STATUS_NOT_ACCEPTED if its network mode is set to ad hoc.

  • Ndis802_11AuthModeWPANone
    Specifies WPA version 1 security for ad hoc mode. This setting specifies the use of a pre-shared key without IEEE 802.1X authentication. Encryption keys are static and are derived through the pre-shared key.

    This authentication mode is only valid for ad hoc network modes. The driver must return NDIS_STATUS_NOT_ACCEPTED if its network mode is set to infrastructure.

  • Ndis802_11AuthModeWPA2
    Specifies WPA version 2 security for infrastructure mode. Authentication is made between the supplicant, authenticator, and authentication server over IEEE 802.1X. Encryption keys are dynamic and are derived through the authentication process.

    While in this authentication mode, the device will only associate with an access point whose beacon or probe responses contain the authentication suite of type 1 (802.1X) within the RSN information element (IE).

    This authentication mode is only valid for infrastructure network modes. The driver must return NDIS_STATUS_NOT_ACCEPTED if its network mode is set to ad hoc.

  • Ndis802_11AuthModeWPA2PSK
    Specifies WPA version 2 security for infrastructure mode. Authentication is made between the supplicant and authenticator over IEEE 802.1X. Encryption keys are dynamic and are derived through a pre-shared key used on both the supplicant and authenticator.

    While in this authentication mode, the device will only associate with an access point whose beacon or probe responses contain the authentication suite of type 2 (pre-shared-key) within the RSN information element (IE).

    This authentication mode is only valid for infrastructure network modes. The driver must return NDIS_STATUS_NOT_ACCEPTED if its network mode is set to ad hoc.

If the authentication mode is set to Ndis802_11AuthModeWPA or Ndis802_11AuthModeWPAPSK, the device must not associate with a non-WPA access point.

If the authentication mode is set to Ndis802_11AuthModeWPA2 or Ndis802_11AuthModeWPA2PSK, the device must not associate with a non-WPA2 access point.

Note   When any WPA or WPA2 authentication modes are set, only IEEE 802.1X packets can be transmitted unencrypted before keys are installed. No other packets can be transmitted before keys are installed.

After the keys are installed, all packets that are transmitted must be encrypted.

 

 

 

Send comments about this topic to Microsoft