The 802.11 standard was originally developed with two authentication mechanisms:

Figure 1 provides a simple overview of the authentication process. However, in most shared key authentication installations, the exchange is as follows:

1. The wireless client sends an authentication frame to the AP.

2. The AP responds with a challenge text to the client.

3. The client encrypts the message using its shared key and returns the encrypted text back to the AP.

4. The AP then decrypts the encrypted text using its shared key.

5. If the decrypted text matches the challenge text, the AP authenticates the client. If the messages do not match, the wireless client is not authenticated and wireless access is denied.

After a wireless client has been authenticated, the AP proceeds to the association stage. As shown in Figure 2, the association stage finalizes settings and establishes the data link between the wireless client and the AP.

As part of this stage:

After a wireless client has associated with an AP, traffic is now able to flow between the client and the AP.