3 Replies Latest reply on Oct 4, 2018 1:58 PM by Intel Corporation

    Intel Dual Band Wireless-AC 7265 fast roaming issue

    tomatocanada

      Hi,

       

      I've observed an incompatibility issue for Intel Dual Band Wireless-AC 7265 with Extreme Networks wireless access point. This only happens when both fast roaming (802.11R) and  Protected Management Frames ( PMF) enabled on the wireless access point. Other wireless products e.g. Apple ipad and Samsung phones works fine with the same setup.

      Wireless capture shows that when both 802.11r and PMF are enabled on WPA2 enterprise, Lenovo T450 running Windows 10 with Intel Dual Band Wireless-AC 7265 (driver ver 19.51.14.1) cannot associate. The wireless interface did finish authentication with the radius server successfully and continue with the 4-way handshake. However, in the second message of the 4-way handshake, the wireless client has inserted 2 bytes in the RSN IE shifting the location of the PMKID. The authenticator checks that the RSN IE in M2 is different from that in the association request and disassociate the client. This check has been done according to the ieee802.11i standard Section  "4-Way Handshake Message 2" which states that

      "...2) If the MIC is valid, the Authenticator checks that the RSN information element bit-wise

      matches that from the (Re)Association Request message.

      i) If these are not exactly the same, the Authenticator uses MLME-DEAUTHENTICATE.

      request primitive to terminate the association."

       

      Can someone look into this please.

       

      Thanks.