1 / 8

Inconsistencies in the active scan protocol

Inconsistencies in the active scan protocol. Simon Black simon.black@intalk2k.com. Question. Is it possible to active scan for a specific BSSID? Lets review what the IEEE Std 802.11 TM -1999 (R2003) WLAN Edition says on this matter…. Clause 7.2.3.

marlon
Download Presentation

Inconsistencies in the active scan protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Inconsistencies in theactive scan protocol Simon Black simon.black@intalk2k.com Black

  2. Question • Is it possible to active scan for a specific BSSID? • Lets review what the IEEE Std 802.11TM-1999 (R2003) WLAN Edition says on this matter… Black

  3. Clause 7.2.3 • The BSSID of the management frame is determined as follows: a) If the station is an AP or is associated with an AP, the BSSID is the address currently in use by the STA contained in the AP. b) If the station is a member of an IBSS, the BSSID is the BSSID of the IBSS. c) In Management frames of subtype Probe Request, the BSSID is either a specific BSSID, or the broadcast BSSID as defined in the procedures specified in 11.1.3. Black

  4. Clause 10.3.2.1 • MLME-SCAN.request • BSSID parameter description Black

  5. Clause 11.1.3.2.2 • For each channel to be scanned, a) Wait until the ProbeDelay time has expired or a PHYRxStart.indication has been received; b) Perform the Basic Access procedure as defined in 9.2.5.1; c) Send a probe with the broadcast destination, SSID, and broadcast BSSID; d) Clear and start a ProbeTimer; e) If PHYCCA.indication (busy) has not been detected before the ProbeTimer reaches MinChannel-Time, then clear NAV and scan the next channel, else when ProbeTimer reaches MaxChannelTime, process all received probe responses; f) Clear NAV and scan the next channel. Black

  6. Annex C • In service synchronization_Sta, sta_Scan_2e(8) • BSSID arrives as a parameter to the MLME scan request signal: MlmeScan._request(..,ybsid,…) • Probe request frame is made with the requested BSSID in the BSSID address field (A3): tpdu:=mkFrame(probe_req,BcstAddr,ybsid,…) Black

  7. Conclusion • The destination address (DA) of a Probe Request must be the broadcast address – there is no confusion here • Only clause 11.1.3.2.2 suggests that BSSID in probe request is a broadcast BSSID • Remainder of standard suggests that either a specific BSSID, or the broadcast BSSID is acceptable Black

  8. Suggested remedy • Fix clause 11 by • Changing bullet c in clause 11.1.3.2.2 from: c) Send a probe with the broadcast destination address, SSID, and broadcast BSSID; • to c) Send a probe request to the broadcast destination address, with the SSID, and BSSID from the MLME-SCAN.request primitive; Black

More Related