1 / 61

Chapter 9

802.11 MAC Architecture. Chapter 9. Outline. Packets, frames, and bits Data-link layer Physical layer 802.11 and 802.3 interoperability Three 802.11 frame types Beacon management frame (beacon) Passive scanning Active scanning Authentication Association

kylar
Download Presentation

Chapter 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 802.11 MAC Architecture Chapter 9

  2. Outline • Packets, frames, and bits • Data-link layer • Physical layer • 802.11 and 802.3 interoperability • Three 802.11 frame types • Beacon management frame (beacon) • Passive scanning • Active scanning • Authentication • Association • Authentication and association statesd • Basic and supported rates

  3. Outline • Roaming • Reassociation • Disassociation • Deauthentication • ACK frame • Fragmentation • Protection mechanism • RTS/CTS • CTS-to-self • Data frames • Power management

  4. Packets, Frames, and Bits • As data travels down the OSI model for the purpose of being transmitted, each layer adds header information to that data. • At the Network layer, IP header is added and the data from higher layer is encapsulated inside a IP packet • At the Data-link layer, a MAC header is added and the IP packet is encapsulated inside a frame • Data is eventually transmitted as individual bits at the Physical layer. A bit is a binary digit

  5. Data-link layer • Data-link layer is divided into two sub-layers • Logical Link Control (LLC) sub-layer • Media Access Control (MAC) sub-layer • 802.11 standard defines operations at the MAC layer

  6. Data-link layer • MAC Service Data Unit (MSDU) • MSDU is the data payload that contains that IP packet plug some LLC data • Maximum size of the MSDU is 2,304 bytes • MAC Protocol Data Unit (MPDU) • MPDU is an 802.11 frame • MAC header and FCS are added and MSDU is encapsulated inside a MPDU frame

  7. Physical layer • Physical layer is divided into to sub-layer • Physical Layer Convergence Procedure (PLCP) • PLCP prepares the frame for transmission by taking the frame from the MAC sub-layer and creating the PLCP Protocol Data Unit (PPDU) • Physical Medium Dependent (PMD) • PDM sub-layer modulates and transmits the data as bits

  8. Physical layer • PLCPService Data Unit (PSDU) • PLCP is a view of the MPDU form the other side • The MAC layer refers to the frame as the MPDU, while the Physical layer refers to this same exact frame as the PSDU • PLCP Protocol Data Unit (PPDU) • When the PLCP receives the PSDU, it then prepares the PSDU to be transmitted and creates the PPDU • PLCP adds a preamble and PHY header to the PSDU • When PPDU is created, the PMD sub-layer takes the PPDU and modulates the data bits and begins transmitting

  9. Data-link and Physical layers

  10. 802.11 and 802.3 Interoperability • All of the IEEE 802 frame formats share similar characteristics • Because the frames are similar, it makes it easier to translate the frames as they move from the 802.11 wireless network to the 802.3 wired network and vice versa

  11. 802.11 and 802.3 Interoperability • Difference between 802.3 and 802.11 frame: • Frame size • 802.3 max MSDU of 1500 bytes • 802.11 max MSDU of 2304 bytes • MAC addressing fields • 802.3 • Source Address (SA) and Destination Address (DA) • 802.11 • Receiver Address (RA), Transmitter Address (TA), Basic Service Set Identifier (BSSID), Destination Address (DA) and Source Address (SA)

  12. 802.11 and 802.3 Interoperability • Address 1 - The recipient station address on the BSS • Address 2 - The transmitter station address on the BSS • Address 3 - If Address 1 contains the destination address then Address 3 will contain the source address. Similarly, if Address 2 contains the source address then Address 3 will contain the destination address. • Address 4 - If a Wireless Distribution System (WDS) is being used (with AP to AP communication), then • Address 1 will contain the receiving AP address • Address 2 will contain the transmitting AP address • Address 3 will contain the destination station address and Address 4 the source station address. • Sequence Control - contains the Fragment Number and Sequence Number that define the main frame and the number of fragments in the frame

  13. Three 802.11 Frame Types • Management Frames • Control Frames • Data Frame

  14. Three 802.11 Frame Types • Management Frames • Management frames are used by wireless stations to join and leave the Basic Service Set (BSS) • Management frames are not carry any upper-layer information • Management frames are carry only layer 2 information fields and information elements

  15. Three 802.11 Frame Types • Management Frame subtypes • Association request • Association response • Reassociationrequest • Reassociationresponse • Probe request • Probe response • Beacon • Announcement traffic indication message (ATIM) • Disassociation • Authentication • Deauthentication • Action

  16. Three 802.11 Frame Types • Control Frames • Control frames must be able to be heard by all station; therefore, they must be transmitted at one of the basic rates. • Control frames are also used to clear the channel, acquire the channel, and provide unicast frame ACK • Control frames contain only header information

  17. Three 802.11 Frame Types • Control Frames subtypes • Power Safe (PS)-Poll • Request to send (RTS) • Clear to send (CTS) • Acknowledgement (ACK) • Contention-Free (CF)-End (PCF only) • CF-End + CF-ACK (PCF only) • Block ACK request (HCF) • Block ACK (HCF)

  18. Three 802.11 Frame Types • Data Frames • Most data frames carry the actual data that is passed down from the higher-layer protocols. • Data (Simple data frame) • Some data frames carry no data at all but do have a specific purpose within the BSS • Null function frame (no data)

  19. Beacon Management Frame (Beacon) • Beacons are essentially the heartbeat of the wireless network. • Some of information that can be found inside the body of a beacon frame: • Time stamp: synchronization information • Spread spectrum parameter sets: FHSS-, DSSS- • Channel information: channel used by the AP or IBSS • Data rates: basic and supported rates • Service set capabilities: Extra BSS or IBSS parameters • SSID: Logical WLAN name • Traffic indication map (TIM): a field used during the Power Save process • QoS capabilities: Quality of service and EDCA information • Security capabilities: TKIP or CCMP cipher information • Vendor proprietary information: Vendor-unique or vendor-specific information

  20. Passive scanning • The client station listens for the beacon frames that are continuously being sent by the AP.

  21. Passive scanning • The client station will listen for the beacon that contain the same SSID that has been preconfigured in the client station’s software • When client hears one, it can then connect to that WLAN • If the client station hears beacons from multiple AP with same SSID, it will determine which AP has the best signal, and it will attempt to connect to that AP

  22. Active scanning • The client station will searching for an AP • Client station transmits management frames know as probe requests. • (All) The AP that hear the request should reply by sending a probe response • Just like the beacon frame, the probe response frame contains all of the necessary information for a client station to learn about the parameters of the BSS before joining the BSS

  23. Active scanning • A probe request with the specific SSID information is know as a direct probe request • A probe request without the SSID information is know as a null probe request • If a direct probe request is sent, all AP that support that specific SSID, and hear the request, should reply by sending a probe response • If a null probe request is sent, all AP that hear the request should reply by sending a probe response

  24. Active scanning

  25. Active vs. Passive scanning • Passive scanning is that beacon management frames are broadcast only on the same channel as the AP. • Active scanning uses probe request frames that are sent out across all available channels by the client station • Client station will sequentially send probe requests on each of supported channels • By continue to active scan, a client station can maintain and update a list of know AP • If the client need to roam, it can typically do so faster and more efficiently

  26. Authentication • Authentication is the first of two steps required to connect to the 802.11 BSS • Both authentication and association must occur • The 802.11 authentication merely establishes an initial connection between the client and the AP • Two difference methods of authentication • Open System authentication • Shared Key authentication

  27. Authentication • Open System authentication • It provides authentication without performing any type of client verification • It is essentially an exchange of hellos between the client and the AP • Wired Equivalent Privacy (WEP) security can be used with Open System authentication • WEP is used only to encrypt the upper-layer information of data frames and only after the client station is authenticated and associated

  28. Authentication • Shared Key authentication • Shared Key authentication used WEP to authenticate client stations and requires that a static WEP key be configured on both the station and AP • Authentication will not work if the static WEP keys do not match. • The authentication process is similar to Open System authentication but includes a challenge and response between the AP and client station

  29. Authentication • Shared Key authentication • Four-way authentication frame exchange • Client sends an authentication request to AP • AP sends a clear text challenge to the client in authentication response • The client encrypts the clear text challenge and sends it back to the AP in the body of another authentication request frame • The AP decrypts the station’s response and compares it to the challenge text. • If they match, the AP will respond by sending a fourth and final authentication frame to the station, confirming the success • If they do no match, the AP will respond negatively • If the AP cannot decrypt the challenge, it will also respond negatively

  30. Association • After the station has authenticated with the AP, the next step is for it to associate with the AP • When a client station associates, it becomes a member of a BSS. • Association means that the client station can send data through the AP • The client station sends an association request to the AP • The AP sends an association response to the client, granting or denying permission to join the BSS

  31. Association • In the body of the association response frame is an association identifier (AID), a unique association number given to every associated client • Association occurs after Shared Key or Open System authentication. • After a client station becomes a member of the BSS by completing association, the client will send DHCP request and begin communication at upper layers when the DHCP response is received

  32. Authentication and Association States • Authentication state • Unauthenticated • Authenticated • Association state • Unassociated • Associated • Three possible states for the stations • State 1: initial start state, Unauthenticated and Unassociated • State 2: Authenticated and Unassociated • State 3: Authenticated and Associated

  33. Authentication and Association States

  34. Basic and Supported Rates • The 802.11-2007 standard defines supported rates for various RF technologies • HR-DSSS: 1, 2, 5.5, and 11 Mbps • ERP-OFDM: 6, 9, 12, 18, 24, 36, 48, and 54 Mbps • The station must be capable of communicating by using the configured basic rates that the AP requires. • The supported rates are the group data rates that the AP will use when communicating with a station • The set of supported rates is advertised by the AP in the beacon frame and is also in some of the other management frames

  35. Roaming • The 802.11 standard provided the ability for the client stations to transition from one AP to another while maintaining network connectivity for the upper-layer applications. • This ability is known as roaming, although the 802.11 standard does not define what roaming is

  36. Roaming • The decision to roam is currently made by the client station • What actually causes the client station to roam is a set of proprietary rules determined by the manufacturer of the wireless card, usually determined by: • Signal strength • Noise level • Bit-error rate

  37. Roaming • As the client station communicates on the network, it continues to look for other AP and will authenticate to those that are within range. • Remember, a station can be authenticated to multiple AP but associated o only one AP • As the client station moves away from the access point that it is associated with and the signal drops below a predetermined threshold, it will attempt to connect to another access point and roam from its current BSS to a new BSS. • As the station roams, the old access point and the new access point should communicate with each other across the distribution system medium and help provide a clean transition between the two.

  38. Reassociation • When a client station decides to roam to a new access point, it will send a reassociationrequest frame to the new access point. • It is called a reassociation not because you are reassociating to the access point but because you are reassociating to the SSID of the wireless network. • Reassociation occurs after the client and the access point have exchanged six frames

  39. Reassociation • 1. In the first step, the client station sends a reassociation request frame to the new AP. The reassociation frame includes the BSSID (MAC address) of the AP it is currently connected to (we will refer to this as the original AP). • 2. The new access point then replies to the station with an ACK. • 3. The new access point attempts to connect to the original AP using the DSM and attempts to notify the original AP about the roaming client and requests that the original AP forward any buffered data • 4. If this communication is successful, the original AP using the DSM to forward any buffered data to the new AP. • 5. The new AP will then send a reassociation response frame to the client via the wireless network. • 6. The client will send an ACK to the new access point. The client does not need to send a disassociation frame to the original AP, because the client assumes that the two AP have communicated with each other across the DSM

  40. Disassociation • Disassociation is a notification, not a request • AP and client can send a disassociation frame, either device wants to disassociate from other

  41. Deauthentication • Deauthentication frame is a notification, not a request • AP and client can send a deauthentication frame, either device wants to deauthentication from other • Because authentication is a prerequisite for association, a deauthentication frame will automatically cause a disassociation to occur

  42. ACK Frame • When a station receives data, it waits a short priod of time (SIFS). • The receiving station copies the MAC address of the transmitting station from the data frame and places it in the Receiver Address (RA) field of the ACK frame. • The ACK frame is the highest priority frame.

  43. Fragmentation

  44. Protection Mechanism • In order for 802.11g, 802.11b station and legacy 802.11 DSSS stations to coexist within the same BSS, the 802.11g devices enable what is referred to as 802.11g protection mechanism, also known as 802.11g Protected mode • If an 802.11g device were to transmit a data frame, 802.11b devices would not be able to interpret the data frame or the Duration/ID value because the 802.11b DSSS devices are not capable of understanding 802.11g OFDM transmissions. • The 802.11b devices would not set their NAV and could incorrectly believe that the medium is available. • To prevent this from happening, the 802.11g devices switch into what is known as protected mode

  45. Protection Mechanism • In a mixed-mode environment, when an 802.11g device wants to transmit data, it will first perform a NAV distribution by transmitting a request to send/clear to send (RTS/CTS) or a CTS-to-Self • The RTS/CTS or CTS-to-Self will be heard and understood by all of the 802.11b and 802.11g devices. • The RTS/CTS or CTS-to-Self will contain a Duration/ID value that will be used by all of the stations to set their NAV.

  46. RTS/CTS • Request to send/clear to send (RTS/CTS) is a mechanism that performs a NAV distribution and helps to prevent collisions from occurring

  47. RTS/CTS

  48. CTS-to-Self • CTS-to-Self is used strictly as a protection mechanism for mixed-mode environments. • One of the benefits of using CTS-to-Self over RTS/CTS as a protection mechanism is that the throughput will be higher since there are fewer frames being sent. • When a station using CTS-to-Self wants to transmit data, it performs a NAV distribution by sending a CTS frame. This CTS notifies all other stations that they must wait until the Data and ACK have been transmitted. Any station that hears the CTS will set their NAV to the value provided. • Since the CTS-to-Self is used as a protection mechanism for mixed-mode environments, the 802.11g station will transmit the CTS using a slow 802.11b transmission method that all stations can understand. Then the Data and the ACK will be transmitted at a faster 802.11g speed using Orthogonal Frequency Division Multiplexing (OFDM)

  49. Data Frames • The most common data frame is the simple data frame, which has MSDU upper-layer information encapsulated in the frame body • The null function frame is used by client stations to inform the AP of changes in Power Save status by changing the Power Management (PM) bit

  50. Data Frames • When client station decides to go off-channel, it will send a null function frame to the AP with PM bit set to 1 • The AP buffers all of the client’s frame • When the client station return to the AP’s channel, the station send other null function frame with PM bit set to 0 • The AP then transmits the client’s buffered frames

More Related