By default, the management information transmitted on a WLAN for establishing and operating data connections is unencrypted. Anybody within a WLAN cell can receive this information, even those who are not associated with an access point. Although this does not entail any risk for encrypted data connections, the injection of fake management information could severely disturb the communications within a WLAN cell.
The IEEE 802.11w standard encrypts this management information, meaning that potential attackers can no longer interfere with the communications without the corresponding key.
To enable protected management frames for a logical WLAN interface, in LANconfig you navigate to WPA or Private WEP settings, open the configuration of the appropriate WLAN interface and click the appropriate option in the selection list Encrypt mgmt. frames.
To encrypt the management frames for P2P connections between base stations, in LANconfig you navigate to , click on Physical WLAN settings and click the appropriate option in the selection list Encrypt mgmt. frames.
To manage the encryption of management frames for a WLAN controller, in LANconfig you navigate to , click on Logical WLAN networks (SSIDs) and click the appropriate option in the selection list Encrypt mgmt. frames.
The following options are available in each of these configurations:
- No
- The WLAN interface does not support PMF. The WLAN management frames are not encrypted.
- Mandatory
- The WLAN interface supports PMF. The WLAN management frames are always encrypted. It is not possible to connect with WLAN clients that do not support PMF.
- Optional
- The WLAN interface supports PMF. Depending on the WLAN client's PMF support, the WLAN management frames are either encrypted or unencrypted.
LANmonitor displays information about WLAN management frame encryption below each client.
