User profile for user: benoitne
benoitne Author
User level: Level 1
1 points

ieee80211w (Management Frame Protection) support

Hi,


I am trying to use Yosemite / Mavericks and iPhone last iOS version with an AP with Management Frame Protection active.

When I don't activate it I can connect to my AP (802.1x - EAP-TLS certificate)

As soon as I activate it, it is impossible to connect and I receive a Connection Error.

I have tried to do the same from a different system OS and it is working.


Is there an official support or un-support status of this technology or something in the roadmap?


Many thanks,


belette

MacBook Air, Mac OS X (10.7)

Posted on Jan 15, 2015 10:30 AM

Reply
3 replies
User profile for user: JFLU
JFLU
User level: Level 1
34 points

May 2, 2017 10:22 AM in response to benoitne

A number of sources state that to pass 802.11ac compliance the device must support PMF ( Protected Management Frames). Thus I believe any apple device that is labeled as 802.11ac, must support 802.11w. That said 802.11n devices probably do not support PMF.


See below References:



Management frame protection


In 2009, the 802.11 working group ratified 802.11w, a standard for the protection of management frames. Unicast management frames are protected with CCMP and encrypted to prevent eavesdropping, while broadcast management frames are authenticated with the Broadcast/Multicast Integrity Protocol (BIP). (http://chimera.labs.oreilly.com/books/1234000001739/ch05.html#security_id2)


The IEEE 802.11w amendment added this functionality to the 802.11 standard and since July 1st 2014, the Wi-Fi Alliance (WFA) made the support of Protected Management Frames (PMF) mandatory to pass 802.11ac or Passpoint aka HotSpot2.0 R2 interoperability certification. (https://wlan1nde.wordpress.com/2014/10/21/protected-management-frames-802-11w/)


See Also: https://framebyframewifi.net/2016/08/02/802-11ac-encryption-upgrade/



The general consensus is if you have an 802.11n device it probably wont support PMF, if you have an 802.11ac device is should support PMF.

Reply
User profile for user: RajanPB
RajanPB
User level: Level 1
9 points

Jan 30, 2015 9:28 PM in response to benoitne

I also would like to know if there is a plan for iOS devices to support 802.11w (Protected Management Frames), or maybe even a plan to let App Store developers offer this feature (assuming it is technically feasible and no official iOS support is planned)?


My home router, and almost all of my devices are now able to use this feature; my iOS devices are the last major holdouts.


Given the tactics known to be used by malicious actors and even companies trying to extort wifi fees (i.e. Marriott), I would really prefer to be able to use protected management frames without having to create a separate AP just for my iOS devices.


I have really been pleased to see Apple's increased awareness and support of their users' security and privacy needs. I hope that increased support will extend to this issue as well.


Thanks,

Rajan

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

ieee80211w (Management Frame Protection) support

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up