I've observed an incompatibility issue for Intel Dual Band Wireless-AC 7265 with Extreme Networks wireless access point. This only happens when both fast roaming (802.11R) and Protected Management Frames ( PMF) enabled on the wireless access point. Other wireless products e.g. Apple ipad and Samsung phones works fine with the same setup.
Wireless capture shows that when both 802.11r and PMF are enabled on WPA2 enterprise, Lenovo T450 running Windows 10 with Intel Dual Band Wireless-AC 7265 (driver ver 18.104.22.168) cannot associate. The wireless interface did finish authentication with the radius server successfully and continue with the 4-way handshake. However, in the second message of the 4-way handshake, the wireless client has inserted 2 bytes in the RSN IE shifting the location of the PMKID. The authenticator checks that the RSN IE in M2 is different from that in the association request and disassociate the client. This check has been done according to the ieee802.11i standard Section "4-Way Handshake Message 2" which states that
"...2) If the MIC is valid, the Authenticator checks that the RSN information element bit-wise
matches that from the (Re)Association Request message.
i) If these are not exactly the same, the Authenticator uses MLME-DEAUTHENTICATE.
request primitive to terminate the association."
Can someone look into this please.
tomatocanada: We will do our best to provide the information you are looking for.
We will do further research on this matter, for us to be able to do that please provide the following details:
Windows OS (provide Version number if Win10, and 32- or 64-bit):
WiFi configuration manager (e.g. Intel PROSet, Windows AutoConfig (native), etc.):
WiFi adapter model(s):
WiFi device driver version:
Number of systems affected:
Wireless security method
Encryption Type (Open, RC4, TKIP, AES):
802.1X authentication type (WEP, TKIP, CCMP):
Key Management Type (PEAP, EAP-FAST):
WiFi network environment
Access Point manufacturer, model, & SW version:
Wireless Frequencies in use (2.4 and/or 5 GHz):
802.11n or 802.11ac enabled (None/HT(11n)/VHT(11ac)):
Channel Width (20 MHz vs. 40 MHz) for 2.4 GHz?
Channel Width (20 MHz vs. 40 MHz vs. 80MHz) for 5 GHz?
SSID stealth mode (hidden or broadcast):
Besides that, please provide the SSU report and attach it to the thread:
https://downloadcenter.intel.com/download/25293/Intel-System-Support-Utility Download Intel® System Support Utility for Windows*
Intel Customer Support Technician
Under Contract to Intel Corporation
systemConfig.txt - configuration that you asked for
IntelSupportUtilityOutput.txt - output from the intel scan utiltity
ipad-80be05984609.pcap - wireshark wireless capture of the ipad authentication which is working
intel-4c3488b13d3e.pcap - wireshark wireless capture of the intel wireless interface which failed
M2Screenshot.png - screenshot of the msg 2 of 4 way handshake extracted from intel-4c3488b13d3e.pcap. Showing the 2 bytes inserted in RSNIE shfited the PMKID count and PMKID. You can see that wireshark has trouble decoding.