By default, the management information transmitted on a WLAN for establishing and operating data connections is unencrypted. Anybody within a WLAN cell can receive this information, even those who are not associated with an AP. Although this does not entail any risk for encrypted data connections, the injection of fake management information could severely disturb the communications within a WLAN cell.
The IEEE 802.11w standard encrypts this management information, meaning that potential attackers can no longer interfere with the communications if they don’t have the corresponding key.
To enable protected management frames for a logical WLAN interface, in LANconfig you navigate to Encryption tab, and click the appropriate option in the selection list Encrypt management frames.
, open the configuration of the appropriate WLAN interface, switch to theTo encrypt management frames between the base stations of a P2P WLAN bridge, in LANconfig you navigate to Encryption tab, and click the appropriate option in the selection list Encrypt management frames.
, open the P2P configuration of the appropriate WLAN interface, switch to theTo manage the encryption of management frames for a WLAN controller, in LANconfig you navigate to Logical WLAN networks (SSIDs) and click the appropriate option in the selection list Encrypt mgmt. frames.
, click onThe following options are available in each of these configurations:
- No
- The WLAN interface does not support PMF. The WLAN management frames are not encrypted.
- Mandatory
- The WLAN interface supports PMF. The WLAN management frames are always encrypted. It is not possible to connect with WLAN clients that do not support PMF.
- Optional
- The WLAN interface supports PMF. Depending on the WLAN client's PMF support, the WLAN management frames are either encrypted or unencrypted.
LANmonitor displays information about WLAN management frame encryption below each client.