# IEEE 802.11
## ch2 Overview of 802.11 Networks
* basic service set (BSS) : a group of stations that communicate with each other
* independent BSS (IBSS) : communicate **directly** with each other, sometimes referred to as ad hoc BSSs or ad hoc networks.
* infrastructure BSS (**never** called an IBSS) : use **access point**
* Association : the process by which mobile station **joins** an 802.11 network
* extended service set (ESS) : created by chaining BSSs **together** with a backbone network
* distribution system = backbone Ethernet + bridging engine
* inter-access point protocol (IAPP) : many access points on the market use an inter-access point protocol (IAPP) over the backbone medium. However, **no standardized method** for communicating association information to other members of an ESS
* Different types of 802.11 networks may also overlap.
* Stations are identified by **48 bit** IEEE 802 MAC addresses.
* frames are delivered based on the **MAC address**.
* 9 services : 3 moving data, 6 management operations
* Distribution
* Once a frame has been accepted by an access point, it uses the distribution service to deliver the frame to its destination.
* Integration
* allows the connection of the distribution system to a non-IEEE 802.11 network
* Association
* mobile stations register, or associate, with access points.
* Reassociation
* When a mobile station moves between basic service areas within a single extended service area, it must evaluate signal strength and perhaps switch the access point with which it is associated.(initiated by mobile stations when signal conditions indicate that a different association would be beneficial)
* Disassociation
* When stations invoke the disassociation service, any mobility data stored in the distribution system is removed.
* Authentication
* ensure that users accessing the network are authorized
* Deauthentication
* Privacy
* Wired Equivalent Privacy (WEP)
* MSDU delivery
* MAC Service Data Unit (MSDU) delivery service, which is responsible for getting the data to the actual endpoint.
* Station services : AP ~ STA (station)
* Distribution system services : AP ~ Distribution system
* mobility
* No transition
* stations do not move out of their current access point's service area
* BSS transition
* movement from one BSS to a second distinct BSS. (in the same ESS)
* ESS transition
* movement from one ESS to a second distinct ESS.
## ch3 The 802.11 MAC
* 802.11 incorporates **positive acknowledgments**
* **atomic** operation : 802.11 allows stations to lock out contention during atomic operations so that atomic sequences are not interrupted by other stations attempting to use the transmission medium.
* **Hidden Node Problem** : use Request to Send (RTS) and Clear to Send (CTS) signals to clear out an area
* RTS :
* reserving the radio link for transmission
* silences any stations that hear i
* CTS :
* silences stations in the immediate vicinity (Hidden nodes)
* The RTS/CTS exchange is performed for frames larger than the threshold. Frames shorter than the threshold are simply sent.
* DCF (distributed coordination function) is the basis of the standard CSMA/CA access mechanism.
* random backoff after each frame
* In some circumstances, the DCF may use the CTS/RTS clearing technique to further reduce the possibility of collisions.
* Point coordinators reside in access points, so the PCF is restricted to infrastructure networks.
* provides contention-free services.
* physical carrier-sensing
* vitrual carrier-sensing : provided by NAV
* Network Allocation Vector (NAV) : is a **timer** that indicates the amount of time the medium will be reserved.
* Stations set the NAV to the time for which they expect to use the medium, including any frames necessary to complete the current operation.
* Other stations count down from the NAV to 0.
* When the NAV is nonzero, the virtual carrier-sensing function indicates that the medium is busy;
* when the NAV reaches 0, the virtual carrier-sensing function indicates that the medium is idle.
* By using the NAV, stations can ensure that atomic operations are not interrupted.
* After the sequence completes, the medium can be used by any station after distributed interframe space (DIFS)
* interframe space is a fixed amount of time, independent of the transmission speed.
* Short interframe space (SIFS) :
* used for the highest-priority transmissions, such as RTS/CTS frames and positive acknowledgments.
* PCF interframe space (PIFS) :
* used by the PCF during contention-free operation.
* DCF interframe space (DIFS) :
* the minimum medium idle time for contention-based services.
* Extended interframe space (EIFS) :
* is not a fixed interval.
* used only when there is an error in frame transmission.
* access deferral : If the medium is busy, the station must wait for the channel to become idle.
* retry counters : begin at 0 and are incremented when a frame transmission fails
* short retry count (Frames that are shorter than the RTS threshold use)
* long retry count
* lifetime :
* when the first fragment is transmitted, the lifetime counter is started.
* When the lifetime limit is reached, the frame is discarded and no attempt is made to transmit any remaining fragments.
* If the retry limit is reached, the frame is discarded, and its loss is reported to higher-layer protocols.
* Fragments all have the same frame sequence number but have ascending fragment numbers to aid in reassembly.
* Frame Control
* Protocol version
* Type and subtype fields
* type of frame
* ToDS and FromDS bits
* More fragments bit
* Retry bit
* Power management bit
* indicates whether the sender will be in a power-saving mode
* More data bit
* WEP bit
* Order bit
* When the "strict ordering" delivery is employed, this bit is set to 1.
bit strings are written **most-significant bit first**, which is the **reverse** of the order used in Figure 3-10.
* Duration/ID Field
* setting the NAV
* during contention-free periods
* PS-Poll frames
* To ensure that no frames are lost, stations awaking from their slumber transmit a PS-Poll frame to retrieve any buffered frames from the access point.
* Address Fields
* Destination address
* Source address
* Receiver address
* **If it is a wireless station, the receiver address is the destination address.**
* **For frames destined to a node on an Ethernet connected to an access point, the receiver is the wireless interface in the access point, and the destination address may be a router attached to the Ethernet.**
* Transmitter address
* identify the wireless interface that transmitted the frame onto the wireless medium
* is used only in wireless bridging.
* Basic Service Set ID (BSSID)
* the MAC address used by the wireless interface in the access point
unicast : first bit is a 0
multicast : first bit is a 1
broadcast : all bits are 1s
* Sequence Control Field
* 4-bit fragment number + 12-bit sequence number
* If higher-level packets are fragmented, all fragments will have the same sequence number.
* Frame Body
* Frame Check Sequence (FCS)
* 802.11 does not have a negative acknowledgment for frames that fail the FCS; stations must wait for the acknowledgment timeout before retransmitting.
* Broadcast and multicast frames have the simplest frame exchanges because there is no acknowledgment.
* deferred response
* the access point acknowledges the request for the buffered frame but does not act on it immediately.
* station cannot return to a low-power mode until it receives a Beacon frame in which its bit in the traffic indication map (TIM) is clear
## ch4 802.11 Framing in Detail
Any frames that appear only in the contention-free period can never be used in an IBSS.
### Data Frames
* IBSS frames
* Frames from the AP
* Frames to the AP
* Frames in a WDS (wireless distribution system 、 wireless bridge)
address fields depends on which of the distribution system bits are set
Stations respond only to broadcasts and multicasts originating in the same basic service set (BSS); they ignore broadcasts and multicasts from different BSSs.
If Address 1 is set to a broadcast or multicast address, the BSSID is also checked.
The all-1s BSSID is the broadcast BSSID.
BSSID broadcasts are used only when mobile stations try to locate a network by sending probe requests.
Probe frames are the only frames allowed to use the broadcast BSSID.
* 802.11 uses several different data frame types. Variations depend on whether the service is contention-based or contention-free. Contention-free frames can incorporate several functions for the sake of efficiency.
* Null frames
* consist of a MAC header followed by the FCS trailer.
* used by mobile stations to inform the access point of changes in power-saving status
### Control Frames
:::info
ToDS and FromDS bits : 00
Control frames arbitrate access to the wireless medium and thus can only originate from wireless stations. The distribution system does not send or receive control frames, so these bits are always 0.
:::
* RTS
* CTS
* ACK
* PS-Poll
Control frames are all header. No data is transmitted in the body, and the FCS immediately follows the header.
The PS-Poll frame does not include duration information to update the NAV. However, all stations receiving a PS-Poll frame update the NAV by the short interframe space plus the amount of time required to transmit an ACK.
:::info
Association ID (AID)
When mobile stations associate with an access point, the access point assigns a value called the Association ID (AID) from the range 1-2,007.
:::
### Management Frames
* Beacon
* announce the existence of a network
* Probe Request
* Mobile stations use Probe Request frames to **scan** an area for existing 802.11 networks
* Probe Response
* Probe Response frame carries all the parameters in a Beacon frame, which enables mobile stations to match parameters and join the network.
* IBSS announcement traffic indication map (ATIM)
* Disassociation and Deauthentication
* end an association/authentication relationship
* Association Request
* attempt to join the network
* Reassociation Request
* moving between basic service areas within the same extended service area need to reassociate with the network before using the distribution system again
* leave the coverage area of an access point temporarily and rejoin it later
* includes the address of the mobile station's **current access point**
* Association Response and Reassociation Response
* Authentication
* To authenticate to the access point, mobile stations exchange Authentication frames
The MAC header is the same in all management frames.
Only broadcast and multicast frames from the BSSID that a station is currently associated with are passed to MAC management layers. The one exception to this rule is Beacon frames, which are used to announce the existence of an 802.11 network.
:::info
Access points use the MAC address of the wireless network interface as the BSSID. Mobile stations adopt the BSSID of the access point they are currently associated with.
Stations in an IBSS use the randomly generated BSSID from the BSS creation.
One exception to the rule:
frames sent by the mobile station seeking a specific network may use the BSSID of the network they are seeking, or they may use the broadcast BSSID to find all networks in the vicinity.
:::
Management frames are quite flexible. Most of the data contained in the frame body uses fixed-length fields called **fixed fields** and variable-length fields called **information elements**.
* Ten fixed-length fields
* Authentication Algorithm Number
* Authentication Transaction Sequence Number
* Beacon interval
* number of time units, 1TU = 1024(us), is about 1 millisecond
* Time units may also be called kilo-microseconds in variousdocumentation (Kµs or kµs).
* Capability Information
* In this field, each bit is used as a flag to advertise a particular function of the network.
* Current AP Address
* Listen interval
* the number of Beacon intervals that stations wait between listening for Beacon frames
* allows mobile stations to indicate how long the access point must retain buffered frames
* Association ID
* Timestamp
* synchronization between the stations in a BSS
* Reason Code
* Status Code
* indicate the success or failure of an operation
* Information elements
* Service Set Identity (SSID)
* network name
* Supported Rates
* Mandatory rates
* optional rates
* FH Parameter Set
* frequency-hopping
* DS Parameter Set
* Direct-sequence 802.11 networks have only one parameter: the channel number used by the network
* CF Parameter Set
* information element is transmitted in Beacons by access points that support contention-free operation.
* Traffic Indication Map (TIM)
* indicate which stations have buffered traffic waiting to be picked up
* virtual bitmap
* IBSS Parameter Set
* the number of time units (TUs) between ATIM frames in an IBSS
* Challenge text
* The shared-key authentication system defined by 802.11 requires that the mobile station successfully decrypt an encrypted challenge.
### Frame Transmission and Association and Authentication States
data can be transmitted through a distribution system only in State 3.
## ch5 Wired Equivalent Privacy (WEP)
## ch6 Security, Take 2: 802.1x
## ch7 Management Operations
### Management Architecture
* MAC layer management entity (MLME)
* MAC management information base (MIB)
* physical-layer management entity (PLME)
* PHY management information base (MIB)
* system management entity (SME)
### Scanning
* Passive Scanning
* Active Scanning
1. Move to the channel and wait for either an indication of an incoming frame or for the **ProbeDelay timer** to expire. If an incoming frame is detected, the channel is inuse and can be probed. The timer prevents an empty channel from blocking the entire procedure; the station won't wait indefinitely for incoming frames.
2. Gain access to the medium using the basic DCF access procedure and send a Probe Request frame.
3. Wait for the minimum channel time, MinChannelTime, to elapse.
* a. If the medium was never busy, there is no network. Move to the next channel.
* b. If the medium was busy during the MinChannelTime interval, wait until the maximum time, MaxChannelTime, and process any Probe Response frames.
* Scan Report
* Joining
### Authentication
* Open-System Authentication
* access point accepts the mobile station at face value without verifying its identity
* Shared-Key Authentication
* based on WEP
* Challenge Text
* composed of 128 bytes generated using the WEP keystream generator with a random key and initialization vector.
* some vendors have developed proprietary **public-key authentication algorithms**, many of which are based on **802.1x**.
* Preauthentication
* Stations can authenticate with several access points during the scanning process so that when association is required, the station is already authenticated.
* Preauthentication makes roaming a smoother operation because authentication can take place before it is needed to support an association.
### Association
* Association
1. Once a mobile station has authenticated to an access point, it can issue an Association Request frame. Stations that have not yet authenticated receive a **Deauthentication frame** from the access point in response.
2. The access point then processes the association request. 802.11 does not specify how to determine whether an association should be granted; it is specific to the access point implementation. One common consideration is **the amount of space required for frame buffering**. Rough estimates are possible based on the **Listen Interval in the Association Request frame**.
* a. When the association request is granted, the access point responds with a status code of 0 (successful) and the Association ID (AID). The AID is a numerical identifier used to logically identify the mobile station to which buffered frames need to be delivered. More detail on the process can be found in Section 7.5 of this chapter.
* b. Unsuccessful association requests include only a status code, and the procedure ends.
3. The access point begins processing frames for the mobile station.
* Reassociation
* When the mobile station detects that another access point would be a better choice, it initiates the reassociation procedure.
* The factors used to make that decision are product-dependent. **Received signal strength** can be used on a frame-by-frame basis, and the constant **Beacon** transmissions provide a good baseline for signal strength from an access point.
1. The mobile station issues a Reassociation Request to the new access point.
Reassociation Request frames contain a field with the address of the old access point.
The new access point must **communicate with the old access point** to determine that a previous association did exist. The content of the inter- access point messages is proprietary, though the 802.11 working group is in the process of standardizing the inter-access point protocol.
If the new access point cannot verify that the old access point authenticated the station, the new access point responds with a **Deauthentication frame** and ends the procedure.
2. The access point processes the Reassociation Request.
* a. If the Reassociation Request is granted, the access point responds with a Status Code of 0 (successful) and the AID.
* b. Unsuccessful Reassociation Requests include just a Status Code, and the procedure ends.
3. The new access point contacts the old access point to finish the reassociation procedure. This communication is part of the **IAPP**.
4. The old access point sends any buffered frames for the mobile station to the new access point.
* a. Any frames buffered at the old access point are transferred to the new access point so they can be delivered to the mobile station.
* b. The old access point terminates its association with the mobile station. Mobile stations are allowed to associate with only one access point at any given time.
5. The new access point begins processing frames for the mobile station.
### Power Conservation
#### Infrastructure Networks
Longer listen intervals require more buffer space on the access point
If a mobile station fails to check for waiting frames after each listen interval, they may be discarded without notification.
* **Unicast** frame buffering and delivery using the Traffic Indication Map (TIM)
* access points periodically assemble a **traffic indication map (TIM)** and transmit it in Beacon frames.
* Mobile stations must wake up and enter the active mode to listen for Beacon frames to receive the TIM.
* To retrieve buffered frames, mobile stations use **PS-Poll** Control frames.
* When multiple stations have buffered frames, all stations with buffered data must use the **random backoff** algorithm before transmitting the PS-Poll.
* Each PS-Poll frame is used to retrieve **one** buffered frame. That frame **must be positively acknowledged** before it is removed from the buffer.
* After transmitting the PS-Poll, a mobile station must remain awake until either the polling transaction has concluded or the bit corresponding to its AID is no longer set in the TIM.
* access points use an aging function to determine when buffered frames are old enough to be discarded
* standard forbids the aging function from discarding frames before the listen interval has elapsed.
* Delivering **multicast and broadcast** frames: the Delivery TIM (DTIM)
* frames are buffered whenever any station associated with the access point is sleeping
* Buffered broadcast and multicast frames are saved using AID 0
* Access points indicate whether any broadcast or multicast frames are buffered by setting the **first bit** in the TIM to 0
* The TIM element in Beacon frames contains a counter that counts down to the next DTIM
* Buffered broadcast and multicast traffic is transmitted after a DTIM Beacon
#### IBSS
### Timer Synchronization
* timing synchronization function (TSF)
* a local timer synchronized with the TSF of every other station in the basic service area
#### Infrastructure Networks
* When access points prepare to transmit a Beacon frame, the access point timer is copied into the Beacon's timestamp field.
* Stations associated with an access point accept the timing value in any received Beacons, but they may add a small offset to the received timing value to account for local processing by the antenna and transceiver.
* Associated stations maintain local TSF timers so they can miss a Beacon frame and still remain roughly synchronized with the global TSF.
#### IBSS
## ch8 Contention-Free Service with the PCF
## ch9 Physical Layer Overview
* Physical Layer Convergence Procedure (PLCP) sublayer
* Physical Medium Dependent (PMD) sublayer
* Frequency-hopping (FH) spread-spectrum radio PHY
* Direct-sequence (DS) spread-spectrum radio PHY
* Infrared light (IR) PHY
* Orthogonal Frequency Division Multiplexing (OFDM) PHY
* High-Rate Direct Sequence (HR/DS or HR/DSSS) PHY
* spread spectrum
* Frequency hopping (FH or FHSS)
* jump from one frequency to another in a random pattern
* cheapest
* Direct sequence (DS or DSSS)
* using mathematical coding functions.
* Two direct-sequence layers were specified
* higher data rate
* Orthogonal Frequency Division Multiplexing (OFDM)
* divides an available channel into several subchannels
* encodes a portion of the signal across each subchannel in parallel
* similar to the Discrete Multi-Tone (DMT) technique used by some DSL modems
## ch10 The ISM PHYs: FH, DS, and HR/DS
## ch11 802.11a: 5-GHz OFDM PHY
Sign in with Wallet
Connect another wallet