Client ---Probe---> AP Client ---Probe---> AP
AP ---Probe Response---> Client
Then,
Client ---802.11 Authentication Request---> AP
AP ---802.11 Authentication Response---> Client
Client ---802.11 Association Request---> AP
AP ---802.11 Association Response---> Client
Now, the client can pass traffic to the AP, so we go into the network authentication. If EAP:
AP ---EAP Indentity Request---> Client
Client ---EAP Indentity Response---> AP
AP ---EAP Indentity Response---> RADIUS
RADIUS ---EAP Request EAP Type---> Client
Client ---EAP Response EAP Type---> RADIUS
RADIUS <---EAP conversation (challenges etc)---> Client
RADIUS ---EAP Success---> Client
Next, WPA handshake,
AP ---ANonce---> Client
Client contructs Pairwise Transient Key
Client ---SNonce---> AP
AP ---Group Temporal Key + MIC---> Client
Client ---ACK---> AP
AP ---Probe Response---> Client
Then,
Client ---802.11 Authentication Request---> AP
AP ---802.11 Authentication Response---> Client
Client ---802.11 Association Request---> AP
AP ---802.11 Association Response---> Client
Now, the client can pass traffic to the AP, so we go into the network authentication. If EAP:
AP ---EAP Indentity Request---> Client
Client ---EAP Indentity Response---> AP
AP ---EAP Indentity Response---> RADIUS
RADIUS ---EAP Request EAP Type---> Client
Client ---EAP Response EAP Type---> RADIUS
RADIUS <---EAP conversation (challenges etc)---> Client
RADIUS ---EAP Success---> Client
Next, WPA handshake,
AP ---ANonce---> Client
*Client contructs Pairwise Transient Key (PMK from EAP/PSK, ANonce, SNonce, AP MAC, Client MAC)*
Client ---SNonce---> AP
AP ---Group Temporal Key + MIC---> Client
Client ---ACK---> AP