eap-3----Page:6
1 2 3 4 5 6 7 8 9
|
“Correctness” in Fast Handoff & Context Transfer Definition of “Correct”: when the same state results as if the peer had authenticated with the AAA server Examples of “incorrect” transactions: Peer authenticates with GUEST SSID derives a key, does successful fast handoff within same physical AP to the CARRIER SSID Result: Carrier sees an accounting record for GUEST which either doesn’t have an account, or it bills the wrong user Peer authenticates to an AP, does fast handoff to same virtual AP in order to cause Session-Time variable to be reset. Clients gains unlimited network access. Solution Need AAA attributes to allow key scope restriction Authorized SSIDs Authorized Called, Calling-Station-Ids “No Fast Handoff” or “No context transfer” attributes |