H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 376
355
If the AP receives spoofing association or reassociation requests, this mechanism can prevent the
AP from responding to clients.
As shown in
, active SA Query operates as follows:
a.
The client sends an association or a reassociation request to the AP.
b.
Upon receiving the request, the AP sends a response to inform the client that the request is
denied and the client can associate later. The response contains an association comeback time
specified by the pmf association-comeback command.
c.
The AP sends an SA Query request to the client.
−
If the AP receives an SA Query response within the timeout time, it determines that the client
is online.
−
If the AP receives no SA Query response within the timeout time, it resends the request. If the
AP receives an SA Query response within the retransmission time, it determines that the
client is online.
If the client is online, the AP does not respond to any association or reassociation request from
the client within the association comeback time.
−
If the AP receives no SA Query response within the retransmission time, it determines that
the client is offline. The AP allows the client to reassociate with it.
Figure 338 Active SA Query
•
Passive SA Query.
If a client receives unencrypted deassociation or deauthentication frames with failure code 6 or 7,
this mechanism can prevent the client from going offline abnormally.
As shown in
, passive SA Query operates as follows:
a.
The client triggers the SA Query mechanism upon receiving an unencrypted deassociation or
deauthentication frame.
b.
The client sends an SA Query request to the AP.
c.
The AP responds with an SA Query response.
d.
The client determines the AP is online because it receives the SA Query response. The client
does not go offline.