802.

11 MAC
Based on

Data communication and Networking by Behrouz Forouzan

&
802.11 Wireless Networks

Dr Muhammad Nabeel Asghar

 Licensing
The use of a radio spectrum is rigorously controlled by regulatory
authorities through licensing processes.
Licensing guarantees the exclusive use of a particular set of
frequencies.

Region Regulatory Authorities

US Federal Communication Commission (FCC)
European CEPT’s European Radio-communications
Office (ERO)
Other International Telecommunications Union (ITU)
Allocations
17/05/2015 2
 Introduction to Wi-Fi system
Layers involved
Application

Presentation

Network Session
Operating
Transport TCP
System
(NOS) Network IP

Data LLC – 802.2

Link MAC – 802.11
802.11
Physical 802.11a/b/g
 Insight into 802.11

LLC

MAC Layer
MAC Management
MAC
Sublayer Station
Management

PLCP Sublayer PHY Layer

PHY Management

PMD Sublayer
Wireless Ethernet (IEEE 802.11b)
The IEEE 802.11b, also called wireless Ethernet, is now the dominant
WLAN standard.
Two version of IEEE 802.11b exist:
◦ Frequency-hopping spread-spectrum (FHSS) with data rates of 1 and 2 Mbps
and
◦ Direct-sequence spread-spectrum (DSSS) with data rates of 1, 2, 5.5 and
11Mbps, which dominates the market due to its higher speed.
 Direct Sequence Spread Spectrum (DSSS)
Each bit sent by the sender is replaced by a sequence of bits
called a chip code.
The time needed to send one chip code must be the same as the
time needed to send one original bit.
DSSS uses the entire 2.4 GHz WLAN frequency band to transmit
information. DSSS is capable of data rates of up to 11 Mbps with
fallback rates of 5.5, 2 and 1 Mbps. Lower rates are used
whenever interference or congestion occurs.

Chip code for 0: 110011 Chip code for 1: 000111

0 0 1 1 0
 802.11b DSSS Data Transmission

802.11b transmits data using radio waves, a

form of analog transmission.
The direct sequence spread spectrum (DSSS)
form of 802.11b divides the bandwidth into
three 22 MHz channels, each separated by a
3 MHz guardband at: 2.412, 2.437 and 2.642
GHz.
 Frequency Hopping Spread Spectrum
(FHSS)
The sender sends on one carrier frequency for a short amount of time, then
hop to another carrier frequency for the same amount of time, hops again to
still another for the same amount of time, and so on.
If the bandwidth of the original signal is B, the allocated spread spectrum
bandwidth is N X B.
FHSS divides the frequency band into a series of channels and then changes its
frequency channel about every half a second, using a pseudorandom
sequence.
FHSS is more secure, but is only capable of data rates of 1 or 2 Mbps, since the
frequency band gets divided up into a number of channels.
 What is Wi-Fi?

Wi-Fi: Wireless Fidelity

• A set of standard for wireless LAN, based on
IEEE 802.11 spec.
• Certified products can use the official Wi-Fi
logo which indicates that the product is
interoperable with any other products also
showing the logo
• “Wi-Fi” is used in the same way as “Ethernet”
is used in place of IEEE 802.3
 WiFi technology - Standards

IEEE 802.11
◦ 1 and 2 Mbps, Frequency Hopping, DSSS, (915 or 1400 MHz) or IR, Ratified in
1977
IEEE 802.11a, upto 54 Mbps, 5 GHz, OFDM
IEEE 802.11b up to 11 Mbps, 2.4 GHz, DSSS both ratified in 1999
IEEE 802.11g, up to 54Mbps, 2.4GHz, OFDM. Downward compatible
with 802.11b, Ratified in 2003
IEEE 802.11 Architecture
Distribution system (DS)
Access point (AP)
Basic service set (BSS)
◦ Stations competing for access to shared wireless medium
◦ Isolated or connected to backbone DS through AP
Extended service set (ESS)
◦ Two or more basic service sets interconnected by DS
 802.11 Terminology (1)

Station (STA):
◦ Device that contains IEEE 802.11 conformant MAC and PHY, Interface to the wireless medium, but does
not provide access to a distribution system
◦ Most often end-stations available in terminals (work-stations, Laptops, etc)
 802.11 Terminology (2)

Access Point (AP)

◦ Device that contains IEEE 802.11 conformant MAC and PHY interface to the wireless medium, and
provide access to a distribution system for associated stations
◦ Most often infrastructure products that connect to wired backbones
 802.11 Terminology (3)

BSS: Basic Service Set

◦ A set of stations controlled by a single “coordination Function” (= the logical
function that determines when a station can transmit or receive)
◦ Similar to a “cell” in pre IEEE terminology
◦ A BSS can have an Access point (both in standalone networks and in building-
wide configurations), or can run without and Access-point (in standalone
networks only)
◦ Diameter of the cell is app. twice the coverage distance between two wireless
stations
Basic Service Set (BSS)

BSS
 Independent BSIC Service Set (IBSS)

A Basic Service Set (BSS) which forms a self-contained network in

which no access to a Distribution System is available
A BSS without an Access Point
One of the station in the IBSS can be configured to “initiate” the
network and assume the Coordination Function
Diameter of the cell determined by coverage distance between two
wireless stations
802.11 Architecture – Ad Hoc
Independent Basic Service Set (IBSS)

• referred to as an Ad-Hoc Network

Independent Basic Service Set (IBSS)

IBSS
 802.11 terminology (more)

Extended Service Set (ESS)

◦ A set of two or more Basic Service Sets interconnected by a Distribution
System (DS)
◦ Traffic always flows via Access Pint
Distribution System (DS)
◦ A system to interconnect a set of Basic Service Sets
◦ Integrated, A single Access Point in a standalone network
◦ Wired: Using cable to interconnect the Access Point
◦ Wireless: Using wireless to interconnect the Access Point
 Distribution System
To extend the coverage area of a wireless network, sometimes we want to
connect multiple BSSs.

The component used to interconnect BSS’s is called “Distribution System (DS).”

The medium used for the DS can be either wired or wireless

◦ The wired Ethernet is mostly used as the DS.

The DS itself can be considered as a layer-2 network.

An access point (AP) is a station that provides access to the DS by providing DS

services in addition to acting as a station.

Data move between a BSS and the DS via an AP.

17/05/2015 20
 Distribution System
There are three types of DS:
◦ Integrated
◦ A single Access Point in a standalone network

◦ Wired
◦ Using cable to interconnect the Access Point

◦ Wireless
◦ Using wireless to interconnect the Access Point

17/05/2015 21
Extended Service Set (ESS)
single BSS (with integrated DS)

BSS
Extended Service Set (ESS)
BSS’s with wired Distribution System (DS)

BSS

BSS
 Extended Service Set (ESS)
BSS’s and wireless Distribution System (DS)

BSS

BSS
 802.11 Architecture - Infrastructure
Infrastructure BSS
Distribution
Internet System (DS)

Access Point E Access Point F

Access Point G Access Point H

Access Point A Access Point B

Access Point C Access Point D
 802.11 Terminology

Service Set Identifier (SSID)

◦ Network name
◦ 32 octets long
◦ One network (ESS or IBSS) has one SSID
 Basic Service Set Identifier (BSSID)

Cell identifier
6 octets long (MAC address format)
One BSS has one SSID
Value of BSSID is the same as the MAC address of the radio in the Access Point
 How WLAN network works

Station 1 Station 6
Station 2 Station 5

Access Point A Access Point B Access Point C

Station 4
Station 7
Station 3

Each Station is Associated with a particular AP

– Stations 1, 2, and 3 are associated with Access Point A
– Stations 4 and 5 are associated with Access Point B
– Stations 6 and 7 are associated with Access Point C
Transition Types Based On Mobility
No transition
◦ Stationary or moves only within BSS

BSS transition
◦ Station moving from one BSS to another BSS in same ESS

ESS transition
◦ Station moving from BSS in one ESS to BSS within another ESS
 Roaming

Station 1
Station 6
Station 2 Station 5

Station 1
Access Point B
Access Point A Access Point C

Station 1
Station 4
Station 7
Station 3 Station 1

• Mobile stations may move…

- Beyond the coverage area of their Access Point
- But within range of another Access Point
• Reassociation allows station to continue operation
 Roaming Approach

• Station decides that link to current AP is poor

• Station uses scanning function to find new AP
– or uses information from previous scans

• Station sends Reassociation Request to new AP

• If Reassociation Response is received
successfully
– Then: station has roamed to the new AP
– otherwise: station scans for another AP

• If AP accepts Reassociation Request

– AP indicates Reassociation to the Distribution System
– Distribution System information is updated
 Scanning

• Scanning required for many functions.

– finding and joining a network
– finding a new AP while roaming

• Passive Scanning
– Find networks simply by listening for Beacons

• Active Scanning
– On each channel
» Send a Probe, Wait for a Probe Response
 Passive Scanning

Passive scanning is the process of listening for beacons on each

cannel for a specific period of time after the station is initialised
These beacons are sent by access point (infrastructure mode) or
client stations (ad hoc mode), and the scanning station catalogs
characteristics about the access points or stations based on these
beacons
The station searching for a network listens for beacons until it hears
a beacons listing the SSID of the network it wishes to join.
 Active Scanning
Active scanning involved the sending of a probe request frame from a wireless station
Station send this probe frame when they are actively seeking a network to join. The probe frame
will contain either the SSID of the network they wish join or a broadcast SSID.
If a probe request is sent specifying an SSID, then only access points that are serving that SSID
will respond with probe response frame.
The point of probing in this manner is to locate access points through which the station can
attach to the network.
Once an access point with the proper SSID is found, the station initiates the authentication and
association steps of joining the network through that access point.
 Initial connection to AP
(Active scanning)
Steps to Association:

Station sends Probe.

APs send Probe Response.
Access Point A Access Point B

Station selects best AP.

Station sends Association

Request to selected AP.
AP sends Association
Response.

ReAssociation follows a similar process

 Challenges for the MAC

RF link quality
◦ Especially when uses the unlicensed ISM band
◦ Has to work around the radiation from Microwave ovens and other RF sources
◦ In addition, multi-path fading is also a problem
Reliable Data Delivery
More efficient to deal with errors at the MAC level than higher layer (such
as TCP)
Frame exchange protocol
◦ Source station transmits data
◦ Destination responds with acknowledgment (ACK)
◦ If source doesn’t receive ACK, it retransmits frame
Four frame exchange
◦ Source issues request to send (RTS)
◦ Destination responds with clear to send (CTS)
◦ Source transmits data
◦ Destination responds with ACK
 Positive acknowledgment

Frame

Time

ACK

Unlike other link layer protocols, 802.11 incorporate positive acknowledgement

Hidden Node Problem

Area reachable Area reachable

by node 1 by node 3

1 2 3

Node 2 can communicate with both node 1 and 3

Something prevent node 1 and 3 from communicating directly
From perspective of node 1, node 3 is a ‘hidden node’
 RTS/CTS clearing
(1) (2)

(1) RTS
RTS
(3) Frame
(4) ACK CTS

Frame

(2) CTS

ACK
 MAC Access Modes (1)

DCF: is the basis of the standard CSMA/CA. Like Ethernet, it first check to see
that the radio link is clear before transmission. To avoid collision, stations uses a
random backoff after each time. It may use CTS/RTS to further reduces the
possibility of collision.
 MAC Access Modes (2)

PCF: The point coordination function provides contention-free services. Special

stations called point coordinators are used to ensure the medium is provided
without contention. Point coordinators reside in access points, so the PCF is
restrict to infrastructure network. To gain priority over standard contention-
based services, the PCF allows stations to transmit frames after a shorter
interval.
 MAC Access Modes (3)

HCF: Some applications need to have service quality that is a step above best-
effort delivery, but the rigorous timing of the PCF is not required. The HCF allows
stations to maintain multiple service queues and balance access to the wireless
medium in favour of applications that require better service quality. It is not fully
standardised yet.
 Carrier Sense

It is used to determine if the medium is available

Physical carrier-sensing is provided by the physical layer and depend on the
medium and modulation used.
Virtual carrier-sensing is provided by the Network Allocation Vector (NAV).
 Physical carrier sense

It is provided by physical layer

Depend on the medium and modulation used
It is difficult (or expensive)
Hidden nodes potentially lurking everywhere, physical carrier-
sensing cannot provide all the necessary information
 Virtual Carrier Sense

Provided by the Network Allocation Vector (NAV)

Most 802.11 frames carry a duration field, which can be used to
reserve the medium for a fixed time period
The NAV is a timer that indicates the amount of time the medium
will be reserved.
Other stations count down from the NAV to 0
When the NAV is non-zero, the virtual carrier sensing function
indicates that he medium is busy
Medium Access Control Logic
CSMA/CA flowchart
 Network Allocation Vector (NAV)

SIFS

Sender RTS Frame

Time

SIFS SIFS
CTS ACK
Receiver
Time

DIFS
NAV(RTS)
NAV
NAV(CTS) Time

Access to medium deferred Contention window

 Interframe Spacing

DIFS

PIFS

Contention window
SIFS
Busy Frame transmission

Backoff Time
Other stations buffer slots
and defer frames

Short interframe space (SIFS): is used for the highest priority

transmissions.
PCF interframe space (PIFS): is used by the PCF during contention-free
operation.
DCF interframe space (DIFS): is the minimum medium idle time for
contention-based service.
Interframe Space (IFS) Values
Short IFS (SIFS)
◦ Shortest IFS
◦ Used for immediate response actions
Point coordination function IFS (PIFS)
◦ Midlength IFS
◦ Used by centralized controller in PCF scheme when using polls
Distributed coordination function IFS (DIFS)
◦ Longest IFS
◦ Used as minimum delay of asynchronous frames contending for access
IFS Usage
SIFS
◦ Acknowledgment (ACK)
◦ Clear to send (CTS)
◦ Poll response
PIFS
◦ Used by centralized controller in issuing polls
◦ Takes precedence over normal contention traffic
DIFS
◦ Used for all ordinary asynchronous traffic
 Contention-based Access Using the DCF

Two basic rules:

◦ If the medium has been idle for longer than the DIFS, transmission can begin
immediately. Carrier sensing is performed using both a physical medium-
dependent method and the Virtual (NAV) method.
◦ If the previous frame was received without errors, the medium must be free for at least the
DIFS
◦ If the previous transmission contained errors, the medium must be free for the amount of
the EIFS.
◦ If the medium is busy, the station must wait for the channel to become idle.
802.11 refers to the wait as access deferral. If access is deferred, the station
waits for the medium to be idle for the DIFS and prepares for the exceptional
backoff procedure.
 CSMA/CA-based DCF
DIFS
Contention Window
PIFS

SIFS
Busy Medium Backoff-Window Next Frame
Slot time

Defer Access Select Slot and Decrement Backoff as long as medium is idle.

• To reduce collision probability

- Stations wait for medium to become free
- Select random backoff to avoid collisions
• Efficient Backoff algorithm helps to stable at high loads
- Exponential Backoff window increases for retransmissions
- Backoff timer elapses only when medium is idle
 Error Recovery with the DCF
When an error is detected, the station with data must resend the frame
Errors must be detected by the sending station
In some cases, the sender can infer frame loss by the lack of a positive
acknowledgement from the receiver
Retry counters are incremented when frame are retransmitted.
Each frame of fragment has a single retry counter associated with it
Stations have two retry counters: short retry and long retry
Frames that are short than RTS threshold are considered to be short;
frames longer than the threshold are long
 Short retry counter

The short retry counter is reset to 0, when:

◦ A CTS frame is received in response to a retransmitted RTS
◦ A MAC-layer acknowledgement is received after a nonfragmented
retransmission
◦ A broadcast or multicast frame is received
 Long retry count

Long retry count is rest to 0, when:

◦ A MAC-layer acknowledgement is received for a frame longer than RTS
threshold
◦ A broadcast or multicast is received
 Backoff with the DCF
After frame transmission has completed and the DIFS has
elapsed, stations may attempt to retransmit congestion-based
data
A period called the contention window or backoff window
follows the DIFS
The window is divided into slots
Slot length is medium-dependent; higher-speed physical layers
use shorter slot time
 Backoff with the DCF – Cont’d
Station pick a random slot and wait for that slot before
attempting to access the medium; all slots are equally likely
selections.
When several stations are attempting to transmit, the station
that picks the first slot (the station with the lowest random
number) wins
All slot numbers should be equally likely
 Fragmentation

High level packet and some large management frames may need to be broken into smaller
pieces to fit through the wireless channel
Fragmentation may also help improve reliability in the presence of interference
Interference affects only small fragments
Fragmentation takes place when the length of a higher -level packet exceeds the fragmentation
by configured threshold
Fragments all have the same frame sequence number but have descending fragment number to
aid in reassembly
Frame control information also indicates whether more fragments are coming
All of the fragments that comprise a frame are normally sent in a fragmentation burst
 Fragmentation
DIFS
PIFS
SIFS
Other NAV (RTS) NAV (Fragment 0) Backoff-Window
NAV (CTS) NAV (ACK 0)
SIFS
Src RTS Fragment 0 Fragment 1

Dest CTS ACK0 ACK1

• Burst of fragments which are individually

acknowledged
• Random backoff and retransmission of failing
fragment when no ACK is returned.
• NAV in data fragments and Ack frames are used for
channel reservation mechanism.
MAC Management

• Synchronization
– finding and staying with a WLAN
– Synchronization functions
• Power Management
– Sleeping without missing any messages
– Power Management functions
• Association and Reassociation
– Joining a network
– Roaming, moving from one AP to another
– Scanning
 MAC management Frames
Beacon
◦ Timestamp, Beacon Interval, SSID, Supported Rates, Traffic Indication Map,
Capabilities, etc.
Probe
◦ SSID, Capabilities, Supported Rates
Probe Response
◦ Timestamp, Beacon Interval, SSID, Supported Rates, Capabilities, etc (same as
Beacon except for TIM)
Association Request
◦ Capability, SSID, Supported Rates
Association Response
◦ Capability, Association ID, Supported Rates
 Cont’d

Reassociation Request
◦ Capability, SSID, Supported Rates, Current AP Address
Reassociation Response
◦ Capability, Association ID, Supported Rates
Disassociation
◦ Reason code
Authentication
◦ Algorithm, Sequence, Status, Challenge Text
Deauthentication
◦ Reason
 Synchronization in 802.11

• Timing Synchronization Function (TSF)

– All stations maintain a local timer
– Beacons contain Timestamp for the entire BSS
– Timestamp from Beacons used to calibrate local clocks

• TSF used for Power Management

– Beacons sent from AP at well known intervals
 Power Management

• Idle stations to go to sleep

– station’s power save mode to be stored in AP

• AP buffers packets for sleeping stations.

– AP announces which stations have frames buffered by
Traffic Indication Map (TIM) in every Beacon

• Power Saving stations wake up periodically to

listen for Beacons
• TSF assures AP and Power Save stations
sync’ed.
– stations will wake up at right time to hear a Beacon
 "Actual time" stamp in Beacon
Beacon Interval

X X X X
Time Axis

Beaco Busy Medium

n
• AP sends Beacons periodically.
• Beacons are scheduled at Beacon Interval.
• Transmission may be delayed by CSMA deferral.
– Beacons are scheduled to send at Target Beacon
Transmission Time
• Timestamp contains timer value at transmit time.
 802.11 MAC Frame Format

2 bytes 2 bytes 6 bytes 6 bytes 6 bytes 2 bytes 6 bytes 0 - 2312 bytes 4 bytes

FC D Add 1 Add 2 Add 3 SC Add 4 Frame body FCS

2 bits 2 bits 4 bits 1 bit each

Protocol To From More Pwr More
type Subtype Retry Pro fr RSVD
version DS DS flag mgt data

Type: e.g. Management frame, type = 00 10+0000: data

Control frame, type = 01 10+0001: data +CF ACK
Data frame, type = 10 Protected Frame bit: used to be
Subtype: e.g. 00+0000: association request, called WEP. If the frame is
00+0001: Association response protected by link layer security
00+1000: Beacon protocol, this bit is set to 1.
01+1011: RTS
01+1100: CTS
MAC Frame Fields
Frame Control – frame type, control information
Duration/connection ID – channel allocation time
Addresses – context dependant, types include source and destination
Sequence control – numbering and reassembly
Frame body – MSDU or fragment of MSDU
Frame check sequence – 32-bit CRC
Frame Control Fields
Protocol version – 802.11 version
Type – control, management, or data
Subtype – identifies function of frame
To DS – 1 if destined for DS
From DS – 1 if leaving DS
More fragments – 1 if fragments follow
Retry – 1 if retransmission of previous frame
Frame Control Fields
Power management – 1 if transmitting station is in sleep mode
More data – Indicates that station has more data to send
WEP – 1 if wired equivalent protocol is implemented
Order – 1 if any data frame is sent using the Strictly Ordered service
Control Frame Subtypes
Power save – poll (PS-Poll)
Request to send (RTS)
Clear to send (CTS)
Acknowledgment
Contention-free (CF)-end
CF-end + CF-ack
Data Frame Subtypes
Data-carrying frames
◦ Data
◦ Data + CF-Ack
◦ Data + CF-Poll
◦ Data + CF-Ack + CF-Poll
Other subtypes (don’t carry user data)
◦ Null Function
◦ CF-Ack
◦ CF-Poll
◦ CF-Ack + CF-Poll
Management Frame Subtypes
Association request
Association response
Reassociation request
Reassociation response
Probe request
Probe response
Beacon
Management Frame Subtypes
Announcement traffic indication message
Dissociation
Authentication
Deauthentication
 Frame –cont’d

D: Duration/ID field

Bit 0 …. Bit 15

Duration (NAV) 0

Bit 0 …. Bit 15

CFP frame All ‘0’s 1

Bit 0 …. Bit 15

PS-Poll frame AID: range 1-2007 1

1
 Frame – Cont’d

Sequence control field:

4 bits 12 bits
Fragment no. Sequence number

Frame body: data field, high-layer payload, maximum 2304 bytes

Frame check sequence: cyclic redundancy check
Addresses
Addressing mechanisms
 Channel Overlapping

DSSS channel allocation and spectral relationship

P Ch
Ch ….
1 10

2.401 GHz 3 MHz 3 MHz 2.473 GHz

 DSSS non-overlapping channels

22 MHz

Channel 1 Channel 6 Channel 11

3 MHz f
2.401 GHz 3 MHz 2.473 GHz
Physical layers
Physical Media Defined by Original
802.11 Standard
Direct-sequence spread spectrum
◦ Operating in 2.4 GHz ISM band
◦ Data rates of 1 and 2 Mbps
Frequency-hopping spread spectrum
◦ Operating in 2.4 GHz ISM band
◦ Data rates of 1 and 2 Mbps
Infrared
◦ 1 and 2 Mbps
◦ Wavelength between 850 and 950 nm
IEEE 802.11a and IEEE 802.11b
IEEE 802.11a
◦ Makes use of 5-GHz band
◦ Provides rates of 6, 9 , 12, 18, 24, 36, 48, 54 Mbps
◦ Uses orthogonal frequency division multiplexing (OFDM)
◦ Subcarrier modulated using BPSK, QPSK, 16-QAM or 64-QAM
IEEE 802.11b
◦ Provides data rates of 5.5 and 11 Mbps
◦ Complementary code keying (CCK) modulation scheme