Certified Wireless Network Administrator (CWNA) PW0-105 Chapter 9 802.11 MAC Architecture

Certified Wireless Network Administrator (CWNA)PW0-105

Chapter 9802.11 MAC Architecture

Chapter 9 Overview

• Packets, Frames, and Bits• Data-Link Layer• Physical Layer• 802.11 and 802.3 Interoperability• Three 802.11 Frame Types• Beacon Management Frame (Beacon)• Passive Scanning• Active Scanning

2Certified Wireless Network Administrator: CWNA – PW0-105

Chapter 9 Overview (continued)

• Authentication• Association• Authentication and Association States• Basic and Supported Rates• Roaming• Reassocation• Disassociation• ACK Frame• Fragmentation


Chapter 9 Overview (continued)

• Protection Mechanism• RTS/CTS• CTS-to-Self• Data Frames• Power Management• Band Steering


Packets, Frames, and Bits

• Main objective of a network – Transfer user data from one computing device to another

• Each layer of the OSI model adds header information as the frame is passed down to the next layer

• Headers tell the receiving computer how to process the data• Data transfer process

– Data starts at the application layer of the OSI model

– Data moves down the OSI model until it reaches the Physical layer

– Data is transferred across the network medium to the receiving device

– Data moves back up the OSI model of the receiving device

– Each layer processes the data based upon header information received from its peer layer on the sending device


Packets, Frames, and Bits (continued)

• Network Layer - Packets– IP address and header is added– Network header contains layer 4-7 data

• Data-Link Layer - Frames– MAC address and header is added– IP packet is encapsulated inside the frame

• Physical Layer – Bits– PHY header is added– Data is encoded into a carrier signal and transmitted


Data-Link and Physical Layers

• The following slide will review the components that make up the Data-Link and Physical layers


Data-Link Layer

• Divided into two sublayers• Upper portion – 802.2 Logical Link Control (LLC)

sublayer– Identical for all 802 networks (although not used by all

802 networks)

• Lower portion - Media Access Control (MAC) sublayer– Identical for all 802.11-based networks

• 802.11 standard defines operations at the MAC sublayer


MAC Service Data Unit (MSDU)

• The Network layer data (IP Packet) passed down to the Data-Link layer plus LLC data

• Contains data from the LLC and layers 3-7• 802.11 standard states maximum size of the

MSDU is 2,304 bytes• Maximum frame body size is actually 2,304

octets plus any overhead from encryption• Aggregate MSDU (A-MSDU) was introduced

with 802.11n amendment


MAC Protocol Data Unit (MPDU)

• The 802.11 frame• Contains

– Layer 2 header– Frame body– Trailer – 32 bit CRC known as the frame check

sequence (FCS)


Physical Layer

• Divided into two sublayers• Upper portion – Physical Layer Convergence

Procedure (PLCP) sublayer– Prepares the frame for transmission– Takes the frame from the MAC sublayer and creates

the PLCP Protocol Data Unit (PPDU)

• Lower portion – Physical Medium Depenent (PMD) sublayer– Modulates and transmits the data as bits


PLCP Service Data Unit (PSDU)

• Physical layer name for MPDU• Think of a door

– One side is the entrance– Other side is the exit– Two names – same door


PLCP Protocol Data Unit (PPDU)

• When PLCP receives the PSDU, it prepares it to be transmitted and creates the PPDU

• PSDU + preamble + PHY header• Preamble – used for synchronization between

transmitting and receiving 802.11 radios• PMD sublayer takes the PPDU, modulates the

data bits and begins transmitting


802.11 and 802.3 Interoperability

• 802.3 max frame size is just over 1,500 bytes• 802.11 max frame size is just over 2,300 bytes• IP maximum transmission unit (MTU) is

commonly 1,500 bytes, so frame size difference is usually not a problem

• 802.3 frame has two MAC address fields• 802.11 frame has up to four MAC address

fields (most frames only use three address fields)


802.11 and 802.3 Interoperability (continued)

• 802.3 address fields– Source address (SA)– Destination address (DA)

• 802.11 address fields– “Address1” through “Address4”– The contents of the 802.11 address fields represent

• Receiver address (RA)• Transmitter address (TA)• Basic Service Set Identifier (BSSID)• Destination address (DA)• Source address (SA)


802.11 and 802.3 Interoperability (continued)

• 802.11 MAC Header


Three 802.11 Frame Types

• Three major frame types– Management– Control– Data

• Frame types are further subdivided into multiple subtypes

• Many frame types provide support for PCF media access method, and thus have never been implemented


Management Frames

• Majority of the frame types• Management MAC Protocol Data Unit (MMPDU)• Used by 802.11 to join and leave the BSS• Not necessary on wired networks due to

physical connection• Wireless network must establish logical network

connection before data can be transmitted• Do not carry upper-layer information


Management Frames

• 14 Management Frame subtypes– Association request– Association response– Reassociation request– Reassociation response– Probe request– Probe response– Beacon– Announcement traffic indication message (ATIM)


– Disassociation– Authentication– Deauthentication– Action– Action No ACK– Timing advertisement

Control Frames

• Assist with the delivery of the data frames• Transmitted at one of the basic rates• Provide 3 primary tasks

– Clear the channel– Acquire the channel– Provide unicast frame acknowledgements

• Contain only header information


Control Frames

• 9 Control Frame subtypes– Power Save Poll (PS-Poll0– Request to send (RTS)– Clear to send (CTS)– Acknowledgement (ACK)– Contention Free-End (CF-End)– CF-End + CF-ACK– Block ACK Request (BlockAckReq)– Block ACK (BlockAck)– Controll wrapper


Data Frames

• Carry the actual data• Layer 3-7 MSDU payload is normally encrypted• Some data frames carry no MSDU – provide a

specific function• Data subtype is referred to as the “simple data

frame”


Data Frames

15 Data Frame subtypes


• QoS Data [HCF]

• QoS Null (no data) [HCF]

• QoS Data + CF-ACK [HCF]

• QoS Data + CF-Poll [HCF]

• QoS Data + CF-ACK + CF-Poll [HCF]

• QoS CF-Poll (no data) [HCF]

• QoS CF-ACK + CF-Poll (no data) [HCF]

• Data (simple data frame)

• Null function (no data)

• Data + CF-ACK [PCF only]

• Data + CF-Poll [PCF only]

• Data + CF-ACK + CF-Poll [PCF only]

• CF-ACK (no data) [PCF only]

• CF-Poll (no data) [PCF only]

• CF-ACK + CF-Poll (no data) [PCF only]

Beacon Management Frame (Beacon)

• One of the most important frame types• Heartbeat of the wireless network• Contains timestamp used to synchronize station

transmissions• Transmitted by each AP• Separate beacons per SSID• Separate beacons per radio• Approximately 10 times per second (per AP, per

SSID, per radio)


Beacon Management Frame (Beacon)

• Contains– Time Stamp (synchronization information)– Spread Spectrum Parameter Sets (DSSS-, OFDM-, HT-specific

information)– Channel Information (channel used by AP or IBSS)– Data Rates (Basic and supported rates)– Service Set Capabilities (Extra BSS or IBSS parameters)– SSID– Traffic Indication Map (TIM) (Used during Power Save)– QoS Capabilities (QoS and EDCA information)– Robust Security Network (RSN) Capabilities (TKIP or CCMP info and

authentication method)– Vendor Proprietary Information


Passive Scanning

• Used by station to discover an AP before connecting

• Station listens for beacon frames• Used to identify APs that are advertising SSIDs• If multiple APs advertise the same SSID,

station will connect to AP with strongest signal


Active Scanning

• Used by station to discover an AP before connecting• Station transmits probe request management frame• Probe request could contain specific SSID (directed

probe request)• Probe request could contain null SSID (null probe

request)• APs reply with probe response management frame• Probe response is almost identical to a beacon• Commonly occurs even after a station is connected to

an AP (allows station to identify other available APs)


Authentication

• First step when connecting to a basic service set (BSS)

• Should be referred to as “802.11 Authentication”

• Often misunderstood or misinterpreted

• Authenticates that both the station and the AP are capable of 802.11 communications

• Analogous to plugging in an Ethernet cable and establishing a link beat

• Two legacy methods of authentication defined– Open System authentication (commonly used with new methods

of security)

– Shared Key authentication (Do not use)


Association

• Occurs after 802.11 authentication process• Station becomes a member of a BSS• Station can send data to the AP and onto the

distribution system medium• Association identifier (AID) identifies each

station


Authentication and Association States

• Authentication states– Unauthenticated– Authenticated

• Association states– Unassociated– Associated

• Three possible states for the station– State 1: initial start state, unauthenticated and

unassociated– State 2: authenticated and unassociated– State 3: authenticated and associated


Authentication and Association States


Basic and Supported Rates

• Basic Rates = required rates• Client must be capable of the basic rates in

order to join the BSS• Supported Rates = the group data rates that

the AP will use when communicating with the station

• Both are advertised as part of the beacon


Roaming

• The ability for a station to transition from one AP to another, while maintaining upper-layer communications

• When to roam is decided by the station only• There is no standard for when to roam• When to roam is typically determined by

– Signal level– Noise level– Bit-error rate


Reassociation

• The process of roaming to another AP


Disassociation

• A notification not a request• Cannot be refused (except when management

frame protection is enabled and MIC fails)• Polite way to terminate the association• Client or AP will disassociate when shutting

down


Deauthentication

• A notification not a request• Cannot be refused (except when management

frame protection is enabled and MIC fails)• Deauthentication will automatically cause a

disassociation


ACK Frame

• Key component of CSMA/CA• Used to confirm receipt of a transmitted frame• Consists of 14 octets


Fragmentation

• Breaks and 802.11 frame into smaller pieces• Transmits each piece as an individual frame• Inherently increases transmission time• If network is experiencing data corruption,

retransmission of smaller fragments can increase overall data throughput


Protection Mechanism

• Provides compatibility for higher data rate devices to operate along side lower data rate devices

• Also known as mixed mode or protected mode• Contrary to what some people think, faster

devices do not simply switch to the lower data rate


Request to Send/Clear to Send (RTS/CTS)

• Mechanism that performs NAV distribution• Reserves the medium prior to the transmission of the

data frame• Primarily used as a protection mechanism or when

hidden nodes exist


CTS-to-Self

• Mechanism that performs NAV distribution• Reserves the medium prior to the transmission of the

data frame• Used strictly as a protection mechanism


Data Frames

• Most common data frame is the simple data frame

• AP and controller integration services take the MSDU payload of an 802.11 data frame and transfers it into an 802.3 Ethernet frame

• MSDU data payload is often encrypted• Null function frame is often used to signal

Power Save status


Power Management

• Helps increase station battery life• Active mode

– Wireless station is always ready to transmit or receive– Sometimes referred to as Continuous Aware mode– Provides no battery conservation

• Power Save Mode– Station will shut down the transceiver for short periods of time to

conserve power

• Traffic Indication Map (TIM)– Field in the beacon that lists all stations that have undelivered data,

waiting for station to wake up to receive the data


Power Management (continued)

• Delivery Traffic Indication Message (DTIM)– Ensures that stations using power management are awake

when multicast or broadcast traffic is sent

• Announcement Traffic Indication Message (ATIM)– A frame used in an IBSS that notifies a station that another

station has buffered data for it

• WMM Power Save and U-APSD– Wireless multimedia power save and unscheduled automatic

power save delivery– Enhanced power management method– Uses a trigger mechanism to receive buffered unicast traffic






802.11n Power Management

• Spatial multiplexing power save (SM power save)– Enables MIMO device to power down all but one

radio chain

• Power same multi-poll (PSMP)– An extension of APSD


Band Steering

• Proprietary, non-standard• Implemented by many vendors, often using

similar but different techniques• AP encourages multi-band station to connect

using 5 GHz radio instead of 2.4 GHz radio• Station will most likely experience higher

throughput on 5 GHz network


Chapter 9 Summary

• Packets, Frames, and Bits• Data-Link Layer• Physical Layer• 802.11 and 802.3 Interoperability• Three 802.11 Frame Types• Beacon Management Frame (Beacon)• Passive Scanning• Active Scanning


Chapter 9 Summary (continued)

• Authentication• Association• Authentication and Association States• Basic and Supported Rates• Roaming• Reassocation• Disassociation• ACK Frame


Chapter 9 Summary (continued)

• Fragmentation• Protection Mechanism• RTS/CTS• CTS-to-Self• Data Frames• Power Management• Band Steering


Documents

Certified Wireless Network Administrator (CWNA) PW0-105 Chapter 9 802.11 MAC Architecture