The 802.11 state machine describes the different steps taken to join a client to the wireless network. MAC address filtering (when enabled) adds an additional step within the state machine, which is described below.

802.11 state machine
  1. Scanning: This is the initial phase where wireless clients listen for beacon frames from access points. This allows clients to discover available networks and their capabilities.
  2. 802.11 Authentication: Before clients can join the network, they must undergo authentication. This step ensures the legitimacy of both the client and the access point, establishing a secure channel between them.
  3. Association Request: Once authentication is successful, the client sends an association request to the access point. This request indicates the client’s desire to join the network and includes information about the client’s capabilities and desired connection parameters.
  4. MAC Filtering Check: At this point, the access point verifies the client’s MAC address against a predefined list to determine if the client is allowed to access the network based on MAC filtering rules.
  5. 4-Way Handshake: After passing the MAC filtering check and successfully associating, the 4-Way Handshake takes place. This involves four messages exchanged between the client and access point to establish encryption keys for secure data transmission. This step is crucial for ensuring the confidentiality and integrity of data.
  6. Data Transfer: With authentication, association, MAC filtering, and the 4-Way Handshake completed, the client and access point can now engage in secure data transfer. The established encryption keys are used to protect the transmitted data.
802.11 state machine with mac filtering

802.11 is developed and maintained by IEEE. More articles about 802.11 can be found within

Categorized in: