IEEE

802.11 Overview

Wireless Market Segments

Wireless Market Segments & Partners
Wireless Internetworking
Overview
Residential/
Premise/ Campus

Fixed

Mobile

Broadband Multiservice
IEEE
802.11

BLUE
TOOTH
MMDS

LMDS
Cisco/
Bosch

2G+
Cellular

3G
Cellular

Data
Services

Packet
Data/Voice

GPRS
Mobile IP

UMTS

The local multipoint distribution service (LMDS)

multichannel multipoint distribution service (MMDS)

Standardiza<on of Wireless Networks

Wireless networks are standardized by IEEE.
Under 802 LAN MAN standards commiFee.
ISO
OSI
7-layer
model

Application
Presentation
Session
Transport
Network

Logical Link Control

Data Link

Medium Access (MAC)

Physical

IEEE 802
standards

Physical (PHY)

IEEE 802.11 Overview

Adopted in 1997.
Denes;
MAC sublayer
MAC management
protocols and services
Physical (PHY) layers
FHSS
DSSS

Goals
To deliver services in wired networks
To achieve high throughput
To achieve highly reliable data delivery
To achieve continuous network connection.

Components
Sta<on
BSS - Basic Service Set
IBSS : Infrastructure BSS : QBSS

ESS - Extended Service Set

A set of infrastrucute BSSs.
Connec<on of APs
Tracking of mobility

DS Distribu<on System
AP communicates with another

Services
Sta<on services:

authen<ca<on,
de-authen<ca<on,
privacy,
delivery of data

Distribu<on Services ( A thin layer between MAC and LLC sublayer)

associa<on
disassocia<on
reassocia<on
distribu<on
Integra<on

A station maintain two variables:

authentication state (=> 1)
association state

(<= 1)

Ex.

Medium Access Control

Func<onality;
Reliable data delivery
Fairly control access
Protec<on of data
Deals;
Noisy and unreliable medium
Frame exchange protocol - ACK
Overhead to IEEE 802.3 -
Hidden Node Problem RTS/CTS
Par<cipa<on of all sta<ons
Reac<on to every frame

MAC
Retry Counters
Short retry counter
Long retry counter
Life<me <mer

Basic Access Mechanism

CSMA/CA
Binary exponen<al back-o
NAV Network Alloca<on Vector

Timing Intervals: SIFS, Slot Time, PIFS, DIFS, EIFS

DCF Opera<on
PCF Opera<on

MAC

The network allocation vector

(NAV) is a virtual carriersensing mechanism used
with wireless network
protocols.
The NAV may be thought of
as a counter, which counts
down to zero at a uniform
rate. When the counter is
zero, the virtual CS indication
is that the medium is idle;
when nonzero, the indication
is busy.

DCF Opera<on

PCF Opera<on
Poll eliminates conten<on
PC Point Coordinator
Polling List
Over DCF
PIFS

CFP Conten<on Free Period

Alternate with DCF

Periodic Beacon contains length of CFP

CF-Poll Conten<on Free Poll
NAV prevents during CFP
CF-End resets NAV

Frame Types

NAV information

Or
l

FC
2

Upper layer data

l
2048 byte max
l
256 upper layer
header

Short Id for PSPoll

Duration Address Address Address Sequence Address

2
3
Control
4
/ID
1
2

Protocol Version
Frame Type and
Sub Type
To DS and From DS
More Fragments
Retry
Power
Management
More Data
WEP
Order

6
l
l
l
l
l
l
l
l
l

IEEE 48 bit
address
Individual/Group
Universal/Local
46 bit address
BSSID BSS
Identifier
TA - Transmitter
RA - Receiver
SA - Source
DA - Destination

2
l
l
l

MSDU
Sequence
Number
Fragment
Number

DATA
0-2312

FCS
4

CCIT CRC-32
Polynomial

bytes

Frame Subtypes

CONTROL

RTS
CTS
ACK
PS-Poll
CF-End & CF-End ACK

DATA
l
l
l
l

l
l
l
l

Data
Data+CF-ACK
Data+CF-Poll
Data+CF-ACK+CFPoll
Null Function
CF-ACK (nodata)
CF-Poll (nodata)
CF-ACK+CF+Poll

MANAGEMENT
l
l
l
l
l

l
l

Beacon
Probe Request & Response
Authentication
Deauthentication
Association Request &
Response
Reassociation Request &
Response
Disassociation
Announcement Traffic
Indication Message (ATIM)

Other MAC Opera<ons

Fragmenta<on

Sequence control eld

In burst
Medium is reserved
NAV is updated by ACK

WEP Details
l

Privacy
l
l
l
l
l

WEP bit set when encrypted.

Only the frame body.
Medium is reserved
NAV is updated by ACK
Symmetric variable key

Two mechanism
l Default keys
l Key mapping
WEP header and trailer
l KEYID in header
l ICV in trailer
dot11UndecryptableCount
l Indicates an attack.
dot11ICVErrorCount
l Attack to determine a
key is in progress.

MAC Management
Interference by users that have no concept of data
communica<on. Ex: Microwave
Interference by other WLANs
Security of data
Mobility
Power Management

Authen<ca<on
Authen<ca<on

Prove iden<ty to another

sta<on.
Open system authen<ca<on
Shared key authen<ca<on

A sends
B responds with a text
A encrypt and send back
B decrypts and returns an
authen<ca<on
management frame.

May authen<cate any

number of sta<on.

Security Problem
l

A rogue AP (AP )

l
l

SSID of ESS
Announce its presence
with beaconing
A active rogue reach
higher layer data if
unencrypted.

SSID=Service set identification

ESS =Extended Basic Service Set

SSID

SSID

BSSID

BSSID

Address Filtering
More than one WLAN
Three Addresses
Receiver examine the DA,
BSSID

Privacy MAC Function

l

WEP Mechanism

Wired Equivalent Privacy

Power Management
Independent BSS

Overhead
Distributed
l Sender
Data frame handshake
l Announcement
Wake up every beacon.
frame
l Buffer
Awake a period of ATIM afer each
l Power
beacon.
consumption in
Send ACK if receive ATIM frame &
ATIM
awake un<l the end of next ATIM.
l Receiver
l Awake for every
Es<mate the power saving sta<on, and
Beacon and ATIM
delay un<l the next ATIM.
Mul<cast frame : No ACK : op<onal

Power Management
Infrastructure BSS
Centralized in the AP.
Greater power saving
Mobile Sta<on sleeps for a number
of beacon periods.
Awake for mul<cast indicated in
DTIM in Beacon.
AP buer, indicate in TIM
Mobile requests by PS-Poll

Synchroniza<on
Timer Synchroniza<on in an Infrastructure BSS
Beacon contains TSF
Sta<on updates its with the TSF in beacon.

Timer Synchroniza<on in an IBSS IBSS (independent BSS)

Distributed. Starter of the BSS send TSF zero and increments.

Each Sta<on sends a Beacon
Sta<on updates if the TSF is bigger.
Small number of sta<ons: the fastest <mer value
Large number of sta<ons: slower <mer value due to collision.

Synchroniza<on with Frequency Hopping PHY Layers

Changes in a frequency hopping PHY layer occurs periodically

Change to new channel when the TSF <mer value, modulo the dwell period, is zero

Scanning & Joining

Scanning
Passive Scanning : only listens for Beacon and get
info of the BSS. Power is saved.
Ac<ve Scanning: transmit and elicit response from
APs. If IBSS, last sta<on that transmiFed beacon
responds. Time is saved.

Joining a BSS
Syncroniza<on in TSF and frequency : Adopt PHY
parameters : The BSSID : WEP : Beacon Period :
DTIM

Combining Management Tools

Combine Power Saving Periods with Scanning
Instead of entering power saving mode, perform
ac<ve scanning.
Gather informa<on about its environments.

Preauthen<ca<on
Scans and ini<ate an authen<ca<on
Reduces the <me

The Physical Layer

PLCP: frame exchange between the MAC and PHY
PMD: uses signal carrier and spread spectrum modula<on to
transmit data frames over the media.

Direct Sequence Spread Spectrum (DSSS) PHY

2.4 GHz : RF : 1 2 Mbps

The Frequency Hopping Spread Spectrum (FHSS) PHY

110KHz devia<on : RF : PMD controls channel hopping : 2 Mbps

Infrared (IR) PHY

Indoor : IR : 1 and 2 Mbps

The OFDM PHY IEEE 802.11a

5.0 GHz : 6-54 Mbps :

High Rate DSSS PHY IEEE 802.11b

2.4 GHz : 5.5 Mbps 11 Mbps :

IEEE 802.11 Protocols

IEEE 802.11a

PHY Standard : 8 channels : 54 Mbps : Products are available.

IEEE 802.11b

PHY Standard : 3 channels : 11 Mbps : Products are available.

IEEE 802.11d

MAC Standard : operate in variable power levels : ongoing

IEEE 802.11e

MAC Standard : QoS support : Second half of 2002.

IEEE 802.11f

Inter-Access Point Protocol : 2nd half 2002

IEEE 802.11g

PHY Standard: 3 channels : OFDM and PBCC : 2nd half 2002

IEEE 802.11h

Supplementary MAC Standard: TPC and DFS : 2nd half 2002

IEEE 802.11i

Supplementary MAC Standard: Alterna<ve WEP : 2nd half 2002

The Basics of WLANs

Access speed
Range

PAN

LAN

WAN

1-2mb

11mb

>56kb

10m

100400m

global

IEEE
802.11b

GPRS
1xRTT

Low
device
specific

Medium
ethernet

High
regional
Infrastructure

FHSS

DSSS

cellular

Standard

Scalability

Architecture

WLAN Pending Issues

Why 802.11a?
Greater bandwidth (54Mb)
Less poten<al interference (5GHz)
More non-overlapping channels

Why 802.11b?
Widely available
Greater range, lower power needs

Why 802.11g?
Faster than 802.11b (24Mb vs 11Mb)

Deployment Issues

Re-purpose Symbol APs for secure admin
services

Deploy 802.11b with 802.11a in mind (25db
SNR for all service areas)

Delay migra<on to 802.11a un<l dual func<on
(11b & 11a) cards become available

Frequency Bands- ISM

Industrial, Scien<c, and Medical (ISM) bands
Unlicensed, 22 MHz channel bandwidth
Short Wave Radio
AM Broadcast
Audio

FM Broadcast
Infrared wireless LAN
Television
Cellular (840MHz)
NPCS (1.9GHz)

Extremely Very Low Medium High Very Ultra Super Infrared Visible Ultra- X-Rays
Low
Low
High High High
Light violet

902 - 928 MHz

26 MHz

2.4 - 2.4835
GHz
83.5 MHz
(IEEE 802.11)

5 GHz
(IEEE 802.11)
HyperLAN
HyperLAN2

IEEE 802.11i Enhanced Security

Description

Enhancements to the 802.11 MAC standard to increase

the security; addresses new encryption methods and
upper layer authentication

Importance

High: weakness of WEP encryption is damaging the

802.11 standard perception in the market

Related
standards

This applies to 802.11b, 802.11a and 802.11g systems.

802.1x is key reference for upper layer authentication

Status +
Roadmap

Enhanced encryption software will replace WEP

software; This is on a recommended best practice /
voluntary basis; development in TgI: first draft Mar 2001;
next draft due Mar 2002; stable draft: July 2002; final
standard: Jan 2003

Products
affected

Client and AP cards (Controller chip, Firmware, Driver)

AP kernel, RG kernel, BG kernel

Ageres activity

Actively proposing WEP improvement methods,

participating in all official/interim meetings

Key players

Agere/Microsoft/Agere/Cisco/Atheros/Intel/3Com/Intersil/
Symbol/Certicom/RSA/Funk

Key issues

Mode of AES to use for encryption (CTR/CBC [CBC MIC]

or OCB [MIC and Encryption function])

IEEE 802.1X - Port Based Control

Description

A framework for regulating access control of client stations

to a network via the use of extensible authentication
methods

Importance

High: forms a key part of the important 802.11i proposals for

enhanced security

Related
standards

This applies to 802.11b, 802.11a and 802.11g systems

Status +
Roadmap

Standard available Spring 2001

Products affected Supported in AP-2000, AP-1000/500, Clients (MS drivers for

XP/2000 beta)
Ageres activity

Adding EAP auth types to products

Key players

Microsoft/Cisco/Certicom/RSA/Funk

Key issues

Home in IETF for EAP method discussions

IEEE 802.1p - Trac Class

Reference

IEEE 802.1p (Traffic Class and Dynamic Multicast Filtering)

Description

A method to differentiate traffic streams in priotity classes in

support of quality of service offering

Importance

Medium: forms a key part of the 802.11e proposals for QoS

at the MAC level

Related
standards

This applies to 802.11b, 802.11a and 802.11g systems; is an

addition to the 802.1d Bridge standard (annex H).

Status +
Roadmap

Final standard; incorporated in 1998 edition of 802.1d

(annex H)

Products affected Client and AP cards (Driver); AP kernel, RG kernel, BG

kernel
Ageres activity

Investigating implementation options

Key players

N/A

Key issues

N/A

Glossary of 802.11 Wireless Terms,

cont.
BSSID & ESSID: Data elds iden<fying a sta<ons BSS & ESS.
Clear Channel Assessment (CCA): A sta<on func<on used to
determine when it is OK to transmit.
Associa<on: A func<on that maps a sta<on to an Access
Point.
MAC Service Data Unit (MSDU): Data Frame passed between
user & MAC.
MAC Protocol Data Unit (MPDU): Data Frame passed
between MAC & PHY.
PLCP Packet (PLCP_PDU): Data Packet passed from PHY to
PHY over the Wireless Medium.

Overview, 802.11 Architecture

ESS
Existing
Wired LAN

AP
STA

BSS

AP

STA

STA

BSS

STA

Infrastructure
Network
STA
Ad Hoc
Network

STA

BSS

BSS
STA

STA

Ad Hoc
Network

Frequency Hopping and Direct

Sequence Spread Spectrum
Techniques

Spread Spectrum used to avoid interference from licensed and

other non-licensed users, and from noise, e.g., microwave ovens
Frequency Hopping (FHSS)
Using one of 78 hop sequences, hop to a new 1MHz channel (out of the
total of 79 channels) at least every 400milliseconds
Requires hop acquisi<on and synchroniza<on
Hops away from interference

Direct Sequence (DSSS)

Using one of 11 overlapping channels, mul<ply the data by an 11-bit
number to spread the 1M-symbol/sec data over 11MHz
Requires RF linearity over 11MHz
Spreading yields processing gain at receiver
Less immune to interference

802.11 Physical Layer

Preamble Sync, 16-bit Start Frame Delimiter, PLCP Header including 16-bit
Header CRC, MPDU, 32-bit CRC
FHSS
2 & 4GFSK
Data Whitening for Bias Suppression
32/33 bit stung and block inversion
7-bit LFSR scrambler

80-bit Preamble Sync paFern

32-bit Header

DSSS

DBPSK & DQPSK

Data Scrambling using 8-bit LFSR
128-bit Preamble Sync paFern
48-bit Header

802.11 Physical Layer, cont.

Antenna Diversity

Mul<path fading a signal can inhibit recep<on

Mul<ple antennas can signicantly minimize
Spacial Separa<on of Orthoganality
Choose Antenna during Preamble Sync paFern
Presence of Preamble Sync paFern
Presence of energy
RSSI - Received Signal Strength Indica5on

Combina<on of both

Clear Channel Assessment

Require reliable indica<on that channel is in use to defer transmission
Use same mechanisms as for Antenna Diversity
Use NAV informa<on

Performance, Theore<cal
Maximum Throughput

Throughput numbers in Mbits/sec:

Assumes 100ms beacon interval, RTS, CTS used, no collision

Slide courtesy of MaF Fischer, AMD

(MAC Service Data Unit)

1 Mbit/sec
DS

FH (400ms

2 Mbit/sec

MSDU size
(bytes)
128

DS

0.364

0.364

0.517

0.474

512

0.694

0.679

1.163

1.088

512

0.503

0.512

0.781

0.759

0.906

0.860

1.720

1.624

hop time)

FH (400ms
hop time)

(frag size = 128)

2304