IEEE 802.11 Management Frames

1
IEEE 802.11Management Frames

• Gasts Book (Chapter 4)
• Prof. Yu-Chee Tseng
• CS, NCTU

2
Outline

• Fixed Fields
• Information Elements
• Management Frames
• Association and Probe

3
Introduction

• Establishing the identity of a network station in
  a wired network is easy.
• just drag wires from a central office to stations
• Wireless network must create management feature
  to provide similar functionality.

4
3 Steps of Management

• MS searches of connectivity
• like finding a wired data jack on the wall
• Network authenticates the MS
• in wired network, this is provided by the cable
  itself
• MS associates with the AP to gain access

5
Structure of Management Frames

• header similar
• frame body (two types)
• fixed fields 10 types, fixed length
• information elements variable length, can be
  defined by newer version of 802.11, appear in
  specific order
• These fields are building blocks of management
  frames (and will be assembled later).

6
Fixed Fields

• These fields are building blocks of management
  frames (and will be assembled later).

7
Fixed FieldAuthentication Algorithm Number

• 2 bytes to identify the type of authentication in
  the authentication process
• only 2 values are defined currently
• 0 Open System authentication
• 1 Shared Key authentication
• 2 - 65,535 reserved for future use

8
Fixed Field Authentication Transaction Sequence
Number

• authentication multi-step process consisting of
  challenges and responses
• 2 bytes to track the progress of the auth.
  exchange
• 1 to 65,535 (never uses 0)

9
Fixed Field Beacon Interval

• to indicate how frequent beacons sent
• time unit (TU) 1,024 us (about 1 ms)
• beacon interval is commonly set to 100 TU (about
  100 ms 0.1 sec)

10
Fixed FieldCapability Information

• to advertise the networks capability
• in Beacon
• in Probe Request/Response
• stations that do not implement all features in
  the capability are not allowed to join

11

• ESS/IBSS (mutually exclusive)
• AP sets ESS 1 and IBSS 0 (infrastructure)
• stations in IBSS sets ESS 0 and IBSS 1 (ad
  hoc mode)
• Privacy
• 1 required to use WEP for confidentiality
• Short Preamble
• 1 short preamble to support high-rate DSSS PHY
  in 802.11b
• PBCC
• 1 binary convolution coding modulation for
  high-rate DSS PHY in 802.11b
• Channel Agility
• 1 use channel agility to support high-rate DSS
  PHY in 802.11b

12

• CF Polling Bits
• STA can set CF capability in Association/Reassocia
  tion mgt. frame
• AP can set CF capability in Beacon, Probe
  Response, Ass./Reass. Response,

13
Fixed Field Current AP Address

• to indicate the MAC address of AP currently
  associated
• STA can transmit this address when associating
  with a different AP to transfer the association
  and retrieve buffered frames from old AP.

14
Fixed FieldListen Interval

• To indicate under PS mode, how often a STA will
  wake up to check buffered frames.
• unit one beacon interval
• From this, AP can determine
• to estimate the resource required for buffering
• may refuse to serve resource-intensive asso.

15
Fixed FieldAssociation ID

• An associated STA is given an Asso. ID to assist
  with control and mgt. functions.
• 14 bits available (1-2,007 hosts)

to be compatible with Duration/ID field
16
Fixed FieldTimestamp

• the number of microseconds the BSS has been
  active
• for synchronization purpose
• 64 bits (need gt 580,000 years to wrap back)

17
Fixed FieldReason Code

• STA may send Disass. or Deauth. frames in
  response to traffic when the sender has not
  properly joined the network with Reason Code.

ex
18
Fixed Field Status Code

• to indicate whether an operation succeed or fail,
  with proper Status Code

ex
19
Information Elements

• These fields are building blocks of management
  frames (and will be assembled later).

20
Information Elements

• generic format
• Element ID and meanings

21
Information ElementService Set Identity (SSID)

• allow network manager to assign a logical ID to
  the service set
• STA may scan and join the network with a
  specified SSID
• SSID is the same for all BSS composing an ESS
• null SSID (known as broadcast SSID) is used in
  Probe Request frames to discover all 802.11 APs

22
Information ElementSupported Rate

• which rates are supported
• some mandatory, some optional
• indicated by the most significant bit
• 2 1 Mbps, 4 2 Mbps, 11 5.5 Mbps, 22 11
  Mbps

23
Information ElementFH Parameter Set

• dwell time amount of time in a channel (in TU)
• hop set set of hopping patterns
• hop pattern which hopping pattern in the hop set
• hop index current position in the hop sequence

24
Information ElementDS Parameter Set

• which channel when DSSS is used

25
Information ElementCF Parameter Set

• transmitted in Beacon by AP to advertise the CFP
  parameters
• optional

26
Information ElementTraffic Indication Map (TIM)

• to indicate which low-power STAs have buffered
  traffics waiting to be picked up
• partial virtual bitmap 8 2,008 bits
• each bit for one association ID
• 1 traffic buffered

27

• DTIM count
• when will the next DTIM frame arrives
• DTIM is for buffered broadcast/multicast
• unit beacon interval
• DTIM period
• period of DTIMs (unit beacon interval)
• Bitmap Control
• bit 0 is for traffic indication of Asso.ID 0
  (i.e., multicast traffic)
• the remaining 7 bits indicate the offset of the
  start of Virtual Bitmap
• so we can only transmit a portion of the virtual
  bitmap
• saving wireless bandwidth

28
Information ElementIBSS Parameter Set

• to indicate the period of IBSS Beacons in an ad
  hoc network
• unit TU
• the period is contained in ATIM (ATIM
  Announcement TIM)

29
Information ElementChallenge Text

• Shared-key authentication requires STA
  successfully decrypt an encrypted challenge.
• to be filled in the Challenge Text

30
Management Frames

• Fixed fields and information elements will be
  used in management frames

31
Management Frames Introduction

• Fixed fields and information elements will be
  used in the body of management frames to convey
  information.
• Frame types
• Beacon, Probe Request, Probe Response, ATIM,
  Disassociation, Deauthentication, Asso. Request,
  Reasso. Request, Asso. Response, Reasso.
  Response, Authentication

32
Mgt. Frame Beacon

• FH and DS Parameter Sets are mutually exclusive.

33
Beacon Generation byAPs and ad hoc networks
by AP
Beacon by contention (D1 random backoff)
Busy medium
by IBSS
34
Mgt. Frame Probe Request

• SSID to request a specific network
• if broadcast SSID is used, any network is fine
• Supported Rates

35
Mgt. Frame Probe Response

• If a Probe Request encounters a network with
  compatible parameters, the network sends Probe
  Response.
• In IBSS, beacon transmission is distributed. The
  STA who sent the previous Beacon replies the
  Probe Response.

36
Mgt. Frame ATIM (for IBSS)

• When a STA has buffered frames for a low-power
  receiver, it sends ATIM frame during the delivery
  period to notify the sleeping STA (in DA field).

37
Mgt. Frames Disassociation and Deauthentication

• Disassociation to end an asso.
• Deauthentication to end an authentication
  relationship

38
Mgt. Frame Association Request

• Once a STA identifies a compatible network, it
  may send an Asso. Req.
• The AP will verify the STAs parameters

39
Mgt. Frame Reassociation Request

• When roaming between BSSs under the same ESS,
  Reasso. Req. can be sent.
• Reasso. differs from Asso. in that it contains
  the old APs address, so the new AP will contact
  the old AP to pick up possible buffered frames at
  the old AP.

40
Mgt. Frames Asso./Reasso. Response

• To respond to the earlier request

41
Mgt. Frame Authentication

• exchanged between AP and STA for authentication
  purpose.
• auth. algo. no
• auth. trans. seq. no to track the progress
• depending on what auth. algo. is used

42
Association/Authentication andProbe/Response
43
Possible States

• A STA keeps two state variables for each STA
• Authentication state
• Association state

44
Probe Request/Response

• Active scanning when missing APs
• infrastructure mode probe response generated by
  AP
• IBSS mode probe response generated by the STA
  which generated the last beacon.

45
Ad Hoc Network Beacon vs. Probe
STA
STA
STA
STA
STA
STA
STA
STA
(first beacon)
(second beacon)
Beacon
STA
(probe request) (response)
STA
STA
Probe request
Probe response
STA
46

• For each channel, PROBE is sent.
• Probe Responses from all possible APs are
  collected, until Max_Probe_Response_Time.
• Then the best quality AP may be chosen.

47
Summary

• Building blocks of management frames
• fixed field
• information elemenet
• Management frames
• A probe request/response example