WLAN protected management frames (PMF)

By default, the management information transmitted on a WLAN for establishing and operating data connections is unencrypted. Anybody within a WLAN cell can receive this information, even those who are not associated with an AP. Although this does not entail any risk for encrypted data connections, the injection of fake management information could severely disturb the communications within a WLAN cell.

The IEEE 802.11w standard encrypts this management information, meaning that potential attackers can no longer interfere with the communications if they don’t have the corresponding key.

To enable protected management frames for a logical WLAN interface, in LANconfig you navigate to Wireless LAN > General > Logical WLAN settings, open the configuration of the appropriate WLAN interface, switch to the Encryption tab, and click the appropriate option in the selection list Encrypt management frames.





To encrypt management frames between the base stations of a P2P WLAN bridge, in LANconfig you navigate to Wireless LAN > General > Common point-to-point settings, open the P2P configuration of the appropriate WLAN interface, switch to the Encryption tab, and click the appropriate option in the selection list Encrypt management frames.





To manage the encryption of management frames for a WLAN controller, in LANconfig you navigate to WLAN Controller > Profiles, click on Logical WLAN networks (SSIDs) and click the appropriate option in the selection list Encrypt mgmt. frames.





The following options are available in each of these configurations:

No
The WLAN interface does not support PMF. The WLAN management frames are not encrypted.
Mandatory
The WLAN interface supports PMF. The WLAN management frames are always encrypted. It is not possible to connect with WLAN clients that do not support PMF.
Optional
The WLAN interface supports PMF. Depending on the WLAN client's PMF support, the WLAN management frames are either encrypted or unencrypted.

LANmonitor displays information about WLAN management frame encryption below each client.





www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo