802.11w (PMF)#

This section describes the configuration of 802.11w (PMF).

Configuring and Compiling Driver for PMF in Client Mode#

1. compile wpa_supplicant by Enable CONFIG_IEEE80211W=y in wpa_supplicant .config file.

2. Enable WPA-PSK-SHA256 as key_mgmt in network block in supplicant sta_settings.conf

   • pmf=1/2 - PMF is enabled/required correspondingly.

     pmf=2
     network = {
           ssid="SSID of Access Point"
           pairwise=CCMP
           group=CCMP
           key_mgmt=WPA-PSK-SHA256
           psk="12345678"
           proto=WPA2
           priority=1
           }

3. Configure AP as MFP Capable/Required.

Configuring and Compiling Driver for PMF in AP Mode#

1. Compile hostapd by enabling CONFIG_IEEE80211W=y in hostapd config file.

2. Enable WPA-PSK-SHA256 as key_mgmt in hostapd_ccmp.conf.

3. Ensure that the options below are enabled apart from your configuration.

   # This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)**
   # and/or WPA2 (full IEEE 802.11i/RSN):
   # bit0 = WPA
   # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
   wpa=2
   
   # ieee80211w: Whether management frame protection (MFP) is enabled
   # 0 = disabled (default)
   # 1 = optional
   # 2 = required
   ieee80211w=2
   wpa_key_mgmt =WPA-PSK-SHA256
   group_mgmt_cipher=AES-128-CMAC