Association establishment rules on AP
AP uses the following set of rules to associate clients. AP is checking for the following, whether client is allowed to associate
- max-station-count value; client is proccessed further if total number of client does not exceed configured value on AP, otherwise client is disconnected.
- default-authentication; yes or not options are available. 'yes' enables AP to register a client even if it is not in access list, 'no' forces AP to use only entries from 'interface wireless access-list' to register clients.
- 'interface wireless access-list' entries are used for default authentication=no or if router is consulting RADIUS server database ('radius-mac-authentication' is enabled on the appropriate 'interface wireless security-profile'), then settings from RADIUS server are used to validate client's MAC-address.
Client is preset on 'interface wireless registration-table', then all communications reliable on security-profile configuration.
- 'security-profile mode=none' or 'static-keys' data is passed between AP and client;
- 'security-profile mode=dynamic-keys authentication-types=wpa-psk'. preshared keys matching is checked, only then data is passed between AP and client;
- 'security-profile mode=dynamic-keys authentication-types=wpa-eap'. EAP defined authentication method is processed, if EAP authentication is successfull data is passed between AP and client.