Share via

Need Call flow diagram for WPA2 EAP authentication with NPS server including DHCP and authentication flow

Anonymous
2024-06-27T09:41:51+00:00

Hi Team

I need Call flow diagram for WPA2 EAP authentication with NPS server including DHCP and authentication flow.

I am using Network policy condition NAS ID

It works perfectly, but I am confused with call flow diagram

Kindly help

Regards

Avanindra K Mishra

Windows Server Networking

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-06-28T00:53:39+00:00

    Hello Avanindra,

    Here’s a detailed call flow diagram for WPA2 EAP authentication using an NPS server, including DHCP and authentication flow:

    1. Client Device Initialization
      • Client: Turns on Wi-Fi and initiates connection to the Access Point (AP).
    2. DHCP Discovery
      • Client: Sends a DHCP Discover message to request an IP address.
      • DHCP Server: Responds with a DHCP Offer.
      • Client: Sends a DHCP Request to confirm the offered IP address.
      • DHCP Server: Sends a DHCP Acknowledgement to finalize the IP address allocation.
    3. 802.1X Authentication Initiation
      • Client: Initiates 802.1X authentication by sending an EAPOL-Start message to the Access Point (AP).
      • AP: Sends an EAP-Request/Identity message to the Client.
    4. EAP Authentication
      • Client: Responds with an EAP-Response/Identity message containing its identity.
      • AP: Forwards the EAP-Response/Identity message to the RADIUS/NPS Server.
    5. NPS Server Authentication Process
      • NPS Server: Processes the EAP-Response/Identity message and sends an EAP-Request/Challenge (e.g., EAP-TLS) back to the Client via the AP.
      • AP: Forwards the EAP-Request/Challenge to the Client.
      • Client: Responds with an EAP-Response containing the necessary credentials (e.g., certificate or username/password).
      • AP: Forwards the EAP-Response to the NPS Server.
      • NPS Server: Validates the credentials against its policies and user database. If valid, it sends an EAP-Success message back to the Client via the AP.
      • AP: Forwards the EAP-Success message to the Client.
    6. Encryption Key Generation
      • Client and AP: Perform the 4-Way Handshake to generate and exchange encryption keys.
        • Message 1: AP sends ANonce (a random number) to the Client.
        • Message 2: Client generates SNonce and derives PTK (Pairwise Transient Key) using ANonce, SNonce, PMK (Pairwise Master Key), and the Client/AP MAC addresses. Sends SNonce and MIC (Message Integrity Code) to the AP.
        • Message 3: AP verifies the MIC, derives the PTK, and sends Group Temporal Key (GTK) and another MIC to the Client.
        • Message 4: Client installs the GTK and sends an acknowledgment to the AP.
    7. DHCP Renewal (if necessary)
      • Client: May renew DHCP lease to ensure IP connectivity post-authentication.
      • DHCP Server: Handles the DHCP Renewal process as described in the initial DHCP Discovery step.
    8. Secure Data Transmission
      • Client and AP: Start secure communication using the established WPA2 encryption.

    Explanation

    • Client: The user device initiating the connection.
    • AP: Access Point that serves as the intermediary for the wireless connection.
    • NPS Server: Network Policy Server handling the EAP authentication.
    • DHCP Server: Server assigning IP addresses to clients.

    This call flow diagram outlines the sequence of events for WPA2 EAP authentication using an NPS server, incorporating DHCP for IP address assignment and secure data transmission post-authentication.

    Best regards

    Rosy

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest