Chapter 04 IEEE 802.11 Media Access Control

1
Chapter 04 IEEE 802.11 Media Access Control

• Center for Information Technology

2
Objectives
Describe and apply the following concepts
surrounding WLAN frames - Terminology Review
Frames, Packets, and Datagrams - Terminology
Review Bits, Bytes, and Octets - Terminology
MAC and PHY Understand IEEE 802.11
CSMA/CA Understand and compare frame types and
formats Identify, explain, and apply the frame
and frame exchange sequences - Active (Probes)
and Passive (Beacons) Scanning - Dynamic Rate
Switching
3
Objectives
Summarize the processes involved in
authentication and association - The IEEE 802.11
State Machine - Open System Authentication,
Shared Key Authentication, and Deauthentication -
Association, Reassociation, and
Disassociation Define, describe, and apply IEEE
802.11 coordination functions and channel access
methods and features available for optimizing
data flow across the RF medium - DCF and PCF
Coordination Functions - RTS/CTS - Fragmentation
4
Terminology Review
Whatever data is communicated, Layer 4 -
Transport layer - usually breaks the data into
TCP segments. These segments are sent to Layer 3
and become the packets. When these packets are
passed on to Layer 2, they become frames. And now
it is ready to be placed on the wire or RF medium
using the Layer 1 technologies implemented.
5
Terminology Review
Term Packet is usually used for
connection-oriented communications (TCP). Term
Datagram is usually used for connectionless
communications (UDP). Frames are collections of
data and management information needed to carry
the data from one place to another on the
network. Different networking technologies use
different frame formats Bits, Bytes, and
Octets The smallest element that can be
transmitted on any network is a bit. A bit is a
single value equal to 1 or 0. When we group 8
bits together, they form a byte. It is called an
octet in most standards.
6
Terminology Review
MAC and PHY MAC is an acronym for medium access
control. Within the Data Link layer (Layer 2) of
the OSI model, there are two sublayers known as
the Logical Link Control (LLC) and the MAC
sublayer PHY is an abbreviation for the Physical
layer of the OSI model. In order to provide for
different physical technologies (Infrared, DSSS,
FHSS, etc.) in IEEE 802.11, the PHY is divided
into two sublayers called the Physical Medium
Dependant (PMD) and the Physical Layer
Convergence Protocol (PLCP).
7
Terminology Review
The Physical Medium Dependent (PMD) is
responsible for actually transmitting the
information using some form of modulation such as
GPSK, DBPSK, or DQPSK. The Physical Layer
Convergence Protocol (PLCP) is responsible for
abstracting the PMD from the Data Link layer
protocols and abstracting the Data Link layer
protocols from the PMD. It acts as a translator
or coordinator between the real physical medium
and the MAC processes.
8
Terminology Review
Data Link Layer and Logical Link Control (LLC)
Sublayer The Data Link layer of the OSI model is
divided into two sublayers. These sublayers, in
IEEE 802.11 systems, are the IEEE 802.2 Logical
Link Control (LLC) sublayer, and the Media Access
Control (MAC) sublayer.
9
Terminology Review
The data units that are passed down through the
layers have specific names. These names are used
to distinguish the frame at one layer from the
frame at another layer and to distinguish the
preserviced frame from the serviced frame at each
layer. These names are MSDU, MPDU, PSDU, and
PPDU. MSDU, stands for MAC service data unit.
The MSDU is what is received from the upper
layers (OSI layers 73 via the LLC sublayer) to
be managed and transmitted by the lower layers
(OSI layers 21). It is the data accepted by the
MAC layer to be transmitted to the MAC layer of
another station on the network. MSDUs are
included in all wireless frames that carry
upper-layer data however, IEEE 802.11 management
frames do not contain MSDUs, since there is no
upper-layer data to transfer.
10
Terminology Review
The MPDU, MAC protocol data unit, is what is
delivered to the PLCP so that it can ultimately
be converted into a PPDU and transmitted. The
MSDU is what is received by the Data Link layer,
and the MPDU is what comes out of the Data Link
layer and is delivered to the Physical layer. It
is delivered to the PLCP. The PSDU is the PLCP
service data unit. The PSDU is what the PLCP
receives from the MAC sublayer. While the MAC
sublayer calls it the MPDU, the Physical layer
references the exact same objects as the PSDU.
The PLCP adds information to the PSDU and
provides the result to the PMD as a PPDU.
11
Terminology Review
The PPDU, PLCP protocol data unit, is what is
actually transmitted on the RF medium. The PPDU
is what the PMD receives from the PLCP. The
PPDU is the culmination of all that has happened
to the data from the time it left the application
starting at Layer 7 of the OSI model to the time
it is actually transmitted on the RF medium by
the PMD at Layer 1.
12
IEEE 802.11 CSMA/CA
13
CSMA/CD versus CSMA/CA
Ethernet networks (IEEE 802.3) use a form of
collision management known as collision detection
(CD). Wireless networks use a different form of
collision management known as collision avoidance
(CA). The full name of the physical media access
management used in wireless networks is carrier
sense multiple access/collision avoidance or
CSMA/CA. The carrier sense in CSMA means that
the devices will attempt to sense whether the
physical medium is available before
communicating. The multiple access indicates that
multiple devices will be accessing the physical
medium.
14
CSMA/CD versus CSMA/CA
In a CD implementation of CSMA, when a collision
is detected, both devices go silent for a
pseudo-random period of time. Collision
avoidance is achieved by signaling to the other
devices that one device is about to communicate.
CSMA/CA is not perfect due to hidden node
problems.
15
CSMA/CD
Before networked device sends a frame, listens to
see if another device currently transmitting. If
traffic exists, wait otherwise send. Devices
continue listening while sending frame. If
collision occurs, stops and broadcasts a jam
signal.
16
CSMA/CD
CSMA/CD cannot be used on wireless networks
Difficult to detect collisions and Hidden node
problem
17
Hidden node problem
18
Carrier Sense
Carrier sense is the process of checking to see
if the medium is in use or busy. There are two
kinds of carrier sense virtual carrier sense and
physical carrier sense. Physical carrier sense
uses clear channel assessment (CCA) to determine
if the physical medium is in use. Virtual
carrier sense uses a network allocation vector
(NAV). The NAV is a timer in each station that is
used to determine if the station can utilize the
medium. If the NAV has a value of 0, the station
may contend for the medium. If the NAV has a
value greater than 0, the station must wait until
the timer counts down to 0 to contend for the
medium. Stations configure their NAV timers
according to Duration fields in other frames
using the medium.
19
Interframe Spacing
After the station has determined that the medium
is available, using carrier sensing techniques,
it must observe interframe spacing (IFS)
policies. IFS is a time interval in which frames
cannot be transmitted by stations within a BSS.
This space between frames ensures that frames do
not overlap each other. The time interval
differs, depending on the frame type and
the applicable IFS type for that frame. These IFS
types include the following types - SIFS -
PIFS - DIFS - EIFS
20
Interframe Spacing SIFS, PIFS, DIFS, EIFS
Short interframe spacing (SIFS) is the shortest
of the available IFS parameters. Frames that are
specified to use SIFS will take priority over
frames that are specified to use PIFS, DIFS, or
extended IFS (EIFS). Distributed (coordination
function) interframe spacing (DIFS) is used by
standard data frames. Extended interframe
spacing (EIFS) is used when a frame reception
begins but the received frame is incomplete or is
corrupted based on the Frame Check Sequence (FCS)
value.
21
Interframe Spacing SIFS, PIFS, DIFS, EIFS
CSMA/CA with one station transmitting
22
Interframe Spacing SIFS, PIFS, DIFS, EIFS
CSMA/CA with two stations transmitting
23
Contention Window
After the IFS delay interval has passed, the
device must then initiate a random backoff
algorithm and then contend for the wireless
medium if the Distributed Coordination Function
is in effect. This random backoff algorithm is
processed and applied using the contention
window. Random Backoff Times All stations having
a frame to transmit choose a random time period
within the range specified as the contention
window. Next, the predefined algorithm multiplies
the randomly chosen integer by a slot time. The
slot time is a fixed-length time interval that is
defined for each PHY, such as DSSS, FHSS, or OFDM.
24
Collision Avoidance
The carrier sense, IFS, and random backoff times
are used in order to decrease the likelihood that
any two stations will try to transmit at the same
time on the WM. The IFS parameters are also used
in order to provide priority to the more
time-sensitive frames such as ACK frames and CTS
frames. The CCA (PHY and MAC), IFS, variable
contention window, and random backoff times,
together, form the core of the Distributed
Coordination Function. Even with all of these
efforts, a collision can still occur. In order to
deal with these scenarios, acknowledgment, or
ACK, frames are used. An ACK frame is a short
frame that uses the SIFS to let the sending
device know that the receiving device has indeed
received the frame. If the sending device does
not receive an ACK frame, it will attempt to
retransmit the frame.
25
Frame Types and Formats Compared
26
IEEE 802.11 Frame Format Versus IEEE 802.3 Frame
Format
A frame originating from a wired client and
destined for a wireless client will first be
transmitted on the wire as an 802.3 frame, and
then the access point will strip off the 802.3
headers and reframe the data unit as an 802.11
frame for transmission to the wireless
client. IEEE 802.3 frames support a maximum MSDU
payload size of 1500 bytes. IEEE 802.11 frames
support a maximum MSDU payload size of 2304
bytes 802.3 frames have only two MAC address
fields, whereas 802.11 frames have one, two,
three, or four. These four MAC address fields can
contain four of the following five MAC address
types, and the contents will be dependent on the
frame subtype - Basic Service Set Identifier
(BSSID) - Destination Address (DA) - Source
Address (SA) - Receiver Address (RA) -
Transmitter Address (TA)
27
Frame Types
Three frame types management frames, control
frames, and data frames. The Type subfield in the
Frame Control (FC) field of a general IEEE 802.11
frame may be 00 (management), 01 (control), or 10
(data). The Subtype subfield determines the
subtype of frame, within the frame types
specified, that is being transmitted. For
example, a Type subfield value of 00 with a
Subtype value of 0000 is an association request
frame however, a Type value of 10 with a Subtype
value of 0000 is a standard data frame.
28
Management Frames
Management frames are used to manage access to
wireless networks and to move associations from
one access point to another within an extended
service set (ESS).
29
Management Frames
Acknowledgment frame (ACK) Sent by receiving
device to sending device to confirm data frame
arrived intact. If ACK not returned, transmission
error assumed.
30
Control Frames, Data Frames
Control frames are used to assist with the
delivery of data frames and must be able to be
interpreted by all stations participating in a
BSS. This means that they must be transmitted
using a modulation technique and at a data rate
compatible with all hardware participating in the
BSS. Data frames are the actual carriers of
application-level data.
31
IEEE 802.11 Frames and Frame Exchange Sequences
32
MAC Functions
Scanning Before a station can participate in a
BSS, it must be able to find the access points
that provide access to that service
set Synchronization Some IEEE 802.11 features
require all stations to have the same time.
Stations can update their clocks based on the
time stamp value in beacon frames. Frame
Transmission Stations must abide by the
frame transmission rules of the BSS to which they
are associated. Authentication Authentication is
performed before a station can be associated with
a BSS.
33
MAC Functions
Association Once authentication is complete, the
station can become associated with the BSS.
Reassociation When a user roams throughout a
service area, that user may reach a point where
one AP within an ESS will provide a stronger
signal than the currently associated AP. When
this occurs, the station will reassociate with
the new AP. Data Protection Data encryption may
be employed to assist in preventing crackers from
accessing the data that is transmitted on the
WM. Power Management Since the transmitters/receiv
ers in wireless client devices consume a
noteworthy amount of power, this feature are
provided that assist in extending battery life by
causing the transceiver to sleep for specified
intervals. Fragmentation It is beneficial to
fragment frames before they are transmitted onto
the WM. This occurs as a result of intermittent
interference. RTS/CTS Request to Send/Clear to
Send is a feature of IEEE 802.11 that will help
prevent hidden node problems.
34
Beacon Management Frame
In an ad hoc wireless network (IBSS), all the
stations take turns broadcasting the beacon
frame. This is because there is no access point
in an independent basic service set
(IBSS). Beacon frames can be used by client
stations seeking wireless network to join, or
these client stations may use other frames known
as probe request and probe response frames.
35
Beacon Management Frame
36
Active Scanning (Probes)
Active scanning uses probe request and probe
response frames instead of the beacon frame to
find a WLAN to join. Freeware tool NetStumbler
can be used for active scanning
37
Active Scanning (Probes)
Active scanning involves channel switching and
scanning each channel in a stations channel
list. 1. Switch to a channel. 2. Wait for an
incoming frame or for the ProbeDelay timer to
expire. 3. If the ProbeDelay timer expires, use
DCF for access to the WM and send a probe request
frame. 4. Wait for the MinChannelTime to pass. a.
If the WM was never busy, there is no WLAN on
this channel. Move to the next channel. b. If
the WM was busy, wait until MaxChannelTime has
expired and then process any probe response
frames.
38
Passive Scanning (Beacons)
The passive scanning the client station listens
(receives) in order to find the access points.
This is done by receiving beacon frames and using
them to find the access point for the BSS to be
joined. When multiple access points transmit
beacon frames that are received by the passive
scanning station, the station will determine the
access point with the best signal (RSSI) and
attempt to authenticate and associate with that
access point.
39
Authentication and Association Processes
40
The IEEE 802.11 State Machine
The state machine of the IEEE 802.11 standard can
be in one of three states - Unauthenticated/Unass
ociated - Authenticated/Unassociated -
Authenticated/Associated
41
The IEEE 802.11 State Machine
State 1 Unauthenticated/Unassociated In the
initial state, a client station is completely
disconnected from the WLAN. Authentication
frames can be sent to the access points. State
2 Authenticated/Unassociated The second state of
the state machine is to authenticate an
unassociated state. To move from the first state
to the second, the client station must perform
some kind of valid authentication. This is
accomplished with authentication frames. State
3 Authenticated/Associated In order for a
station to be in this state, it must have first
been authenticated and then associated. The
process of moving from state 2 to this state is a
simple four-frame transaction. The client station
first sends an association request frame to an
access point to which it has been authenticated.
Second, the access point responds with an
acknowledgment frame. Next, the access point
sends an association response frame either
allowing or disallowing the association. The
client sends an acknowledgment frame as the
fourth and final step.
42
The IEEE 802.11 State Machine
43
Authentication - Deauthentication
There are two methods of authentication - Open
System authentication - Shared Key
authentication. The first would be used in less
secure environments. The second would be used in
more secure environments. Deauthentication
indicates that the deauthenticating station is
either leaving or has left the BSS or ESS. A
deauthentication frame will include the address
of the station being deauthenticated and the
address of the station with which the
deauthenticating station is currently
authenticated.
44
Open System Authentication
No true authentication (verification of identity)
occurs. Be specified as the default
authentication mechanism. The four steps do not
include any actual authentication of identity.
Access points configured to use Open
System authentication will always respond with a
positive authentication to any authentication
request.
45
Open System Authentication
46
Shared Key Authentication
Shared Key authentication utilizes the wired
equivalent privacy (WEP) key for authentication.
47
Shared Key Authentication
48
Association, Reassociation, and Disassociation
A station can be authenticated with multiple APs,
but it can be associated with only one. There are
three frames related to association association
frames, reassociation frames, and disassociation
frames. Association The process of association
Four frames are transmitted between the client
station and the AP station. The first frame is an
association request frame, which is followed by
an acknowledgment frame from the AP. The third
frame is an association response frame, which is
followed by an acknowledgment frame from the
client station.
49
Association, Reassociation, and Disassociation
Reassociation Reassociation occurs when a client
station roams from one AP to another within an
ESS. Device drops connection with one AP and
establish connection with another. Several reason
why reassociation may occur roaming, weakened
signal. When device determines link to current AP
is poor, begins scanning to find another AP
Disassociation The disassociation service is
the component of the MAC layer that is
responsible for processing a disassociation.
50
Data Flow Optimization Across the RF Medium
Transmitting on the WLAN DCF and
PCF Distributed Coordination Function (DCF)
Mandatory in 802.11 The DCF is the WM access
method. DCF is inclusive of the carrier sensing
mechanisms, interframe spacing, and backoff
timers. DCF is said to be a distributed
coordination function because the coordination of
access to the WM is distributed among the
wireless stations. Using the various methods, all
the stations work together to provide cooperative
access to the WM without the need for a
centralized medium access controller. Point
Coordination Function (PCF) An optional access
method The PCF centralizes access to the WM.
There is one point (station) in the WLAN that is
responsible for controlling access to the WM.
This point is the access point. (polling
mechanism)
51
RTS/CTS and CTS-to-Self Protocols
Instead of the access point polling the stations
to see which station needs to communicate, the
stations can tell the access point they need to
communicate and then wait for the access point to
give them the go-ahead. This method is called
Request to Send/Clear to Send (RTS/CTS). RTS/CTS
works according to the following process 1. A
station wishing to transmit using RTS/CTS sends a
Request to Send frame to the AP. 2. When the AP
receives the RTS request, it sends a Clear to
Send frame to the WLAN as a broadcast. 3. The
stations in the vicinity all hear the duration in
either the Request to Send frame or the Clear to
Send frame and know to stay silent. 4. The
original requesting station transmits its frame
and receives an acknowledgment during this quiet
window.
52
RTS/CTS and CTS-to-Self Protocols
used to solve hidden node problem
53
Fragmentation

• Divide data to be transmitted from one large
  frame into several smaller ones.
• - Reduces probability of collisions
• Reduces amount of time medium is in use.
• If data frame length exceeds specific value, MAC
  layer fragments it.
• Receiving station reassembles fragments.

54
Dynamic Rate Switching
Dynamic rate switching is the process of reducing
or increasing the data rate to the next supported
data rate as the quality of the RF signal
changes. As the quality of the signal degrades,
it becomes more and more difficult to demodulate
the more complex modulation schemes. By slowing
down the data rate, either with a different or
the same modulation, it becomes easier to
demodulate the data. A standards-based device
will only change the data rate to a supported
data rate of the standard. For example, a HR/DSSS
PHY will shift from 11 to 5.5 Mbps, but will not
shift from 11 to 6 Mbps because 6 Mbps is not
supported by the HR/DSSS PHY.