Chapter 3 Wireless LANs
NWD Series User’s Guide
23
The WPS connection process is like a handshake; only two devices participate in each WPS transaction.
If you want to add more devices you should repeat the process with one of the existing networked
devices and the new device.
Note that the access point (AP) is not always the registrar, and the wireless client is not always the
enrollee. All WPS-certified APs can be a registrar, and so can some WPS-enabled wireless clients.
By default, a WPS devices is “unconfigured”. This means that it is not part of an existing network and can
act as either enrollee or registrar (if it supports both functions). If the registrar is unconfigured, the security
settings it transmits to the enrollee are randomly-generated. Once a WPS-enabled device has
connected to another device using WPS, it becomes “configured”. A configured wireless client can still
act as enrollee or registrar in subsequent WPS connections, but a configured access point can no longer
act as enrollee. It will be the registrar in all subsequent WPS connections in which it is involved. If you
want a configured AP to act as an enrollee, you must reset it to its factory defaults.
3.4.1.1 Exa m ple WPS Ne two rk Se tup
This section shows how security settings are distributed in an example WPS setup.
The following figure shows an example network. In step
1
, both
AP1
and
C lie nt 1
are unconfigured.
When WPS is activated on both, they perform the handshake. In this example,
AP1
is the registrar, and
C lie nt 1
is the enrollee. The registrar randomly generates the security information to set up the network,
since it is unconfigured and has no existing information.
Fig ure 10
WPS: Example Network Step 1
In step
2
, you add another wireless client to the network. You know that
C lie nt 1
supports registrar mode,
but it is better to use
AP1
for the WPS handshake with the new client since you must connect to the
access point anyway in order to use the network. In this case,
AP1
must be the registrar, since it is
configured (it already has security information for the network).
AP1
supplies the existing security
information to
C lie nt 2
.
REGISTRAR
ENROLLEE
SECURITY INFO
CLIENT 1
AP1
