Wireless LANs based on the IEEE 802.11 standards allow wire- free networking in the local area network environment using the unlicensed 2.4 or 5.3 GHz unlicensed radio band. They're used everywhere from homes to Fortune 500 companies to hotspot Internet access. This article will offer a brief summary of the various network topologies in various environments.
Figure 1
In the most common and cheapest example of a home Wireless LAN, Figure 1 shows a single device acting as the Firewall, Router, Switch, and Wireless Access Point. These Wireless Routers can provide a wide range of functions such as:
Protects the home network from outside intruders
Allows the sharing of a single Internet IP address from an ISP (Internet Service Provider)
Provides Wired Ethernet service for typically 4 computers but can also be expanded with another Ethernet Switch or Hub
Serves as a Wireless Access Point for multiple wireless computers
These devices come from a variety of manufacturers such as Linksys (Cisco), D-Link, Netgear, SMC, Belkin, and other companies. Basic models can be purchased for as little as $30 and high-end models can be more than $150. The basic models typically have a single Wi-Fi radio offering 2.4 GHz 802.11b/g operation while the higher end models will offer dual-band Wi-Fi radios or high-speed MIMO capability. Dual-band Access Points have two radios which provide 2.4 GHz 802.11b/g and 5.3 GHz 802.11a capability while MIMO Access Points use multiple radios to boost performance in the 2.4 GHz range. Dual-band Access Points are essentially two Access Points in one and can serve two non-interfering frequencies at the same time while the newer MIMO devices boost speed in the 2.4 GHz range along with superior range. Unfortunately, the 2.4 GHz range is often congested and manufacturers have stayed away from dual-band MIMO devices because of cost concerns since they're already the most expensive to begin with. Dual-band devices don't have the highest performance or range, but allow you to operate in the relatively uncongested 5.3 GHz range and allow two devices to operate at full speed simultaneously if they are in different bands.
Figure 2
Figure 2 is a less common example of a home network where the Wireless Access Point is a separate device. This topology is more expensive but offers more flexibility. Consolidated router/wireless devices may not offer all the features desired by power users. In this configuration, it's possible for the Access Point to cost more than an equivalent Router and AP in one and that's probably due to the fact that there are fewer sold since most people prefer the combined functionality. Some people require higher end routers and switches that have features such as bandwidth throttling and gigabit Ethernet and having a modular design allows them the flexibility they need.
More detailed information on building a home network can be foundhere.
Figure 3
Wireless Bridges allow buildings to connect wirelessly when wiring is too expensive or a second redundant connection is needed as a backup for a wired connection. 802.11 devices are commonly used for this application as well as optical line-of-sight Wireless bridges. 802.11 radio based solutions are usually much cheaper and don't require a line-of-sight between the antennas to operate, but are significantly slower than optical solutions. 802.11 solutions typically operate in the 5 to 30 mbps range while optical solutions operate in the 100 to 1000 mbps range. Both types of bridges can operate beyond 10 miles although the radio based solution is more likely to reach these distances because it doesn't require line-of-sight. The down side to radio based solutions is the lower speed and the possibility of RF (radio frequency) interference while optical solutions aren't affected by RF. The down side of optical solutions is the higher entry price and the fact that line-of-sight isn't always possible between two locations.
Figure 4
Figure 4 illustrates a typical scenario where a Wireless Bridge is used to wirelessly extend an Ethernet network. There are many types of 802.11 bridges and some of them use proprietary methods of interlinking and may not always offer the best compatibility or security. A preferable solution is to use a simple Wireless Bridge that can connect to any common infrastructure-type Access Point as a regularWPA client to provide a secured wireless connection. Once bridged, an additional Ethernet Switch can be used to expand the port capacity and link multiple Wired Ethernet computers to the LAN over the wireless bridge. This is a cheaper option than outfitting multiple fixed position Desktop PCs with wireless Ethernet cards and having to configure them.
Figure 5
Medium sized businesses have traditionally used a simple design where they simply put up multiple Access Points throughout their facilities where they needed Wireless coverage. This particular approach is probably the most common because it has a low cost of entry although it becomes difficult to manage once the number of Access Points gets beyond a hand full. Most of these types of Wireless LANs allow you to roam from Access Point to Access Point because they're configured on the same Ethernet subnet andSSID.
From a management standpoint, each Access Point is managed individually as well as the managed port that it's connected to. In more advanced implementations where multiple Virtual SSIDs are supported,VLAN trunking is used to connect the Access Point to multiple subnets over a single Ethernet connection to a managed switch port. The Switch in this case needs to be configured to support multiple VLANs over a single port. Although it's possible to use a template to configure multiple Access Points, it can still become difficult to manage a large number of Access Points when firmwares and configurations need updating.
From a security standpoint, each Access Point must be configured to handle its own Access Control and Authentication. RADIUS servers make this task easier because the Access Points can delegate Access Control and Authentication to the centralized RADIUS servers which in turn can be tied in to a central user database such as Windows Active Directory. But even so, a RADIUS relationship still needs to be built between each Access Point and each RADIUS server which can be complex if the number of Access Points are high.
Figure 6
Switched Wireless LANs are the latest advancement in wireless networking where simplified Access Points are controlled by a centralized Wireless Controller. Data is passed and managed through these centralized Wireless Controllers from manufacturers like Cisco (via Airespace acquisition), Aruba Networks, Symbol, andTrapeze Networks. The Access Points in this case have a simpler operating system designed to be of minimal complexity and the more complex logic is embedded in the Wireless Controller. The Access Points usually don't physically connect to the Wireless Controllers, but they're logically switched or routed through the Wireless Controllers. To support multiple VLANs, data is encapsulated in to a tunnel of some sort so that there is a direct logical connection from the Access Point to the Wireless Controller even if the devices are on different subnets.
From a management standpoint, the administrator only needs to manage the Wireless LAN controller which in turn can control hundreds of Access Points. These Access Points can use certain custom DHCP attributes to figure out where the Wireless Controller is and automatically link to it to become an extension of the Controller. This vastly improves the scalability of switched Wireless LANs because additional Access Points are essentially plug and play. For multi-VLAN support, the Access Points no longer need a special VLAN trunking port on the switch where it connects to and can use any old access port on any Switch or even Hub which eases manageability. The VLAN data is encapsulated and sent to the central Wireless Controller where it handles a single high speed multi-VLAN connection to the core network Switch. Security management is also consolidated because all Access Control and Authentication is handled at the centralized Controller rather than having it on each Access Point. Only the centralized Wireless Controller needs to be tied in to the RADIUS server which in turn is tied in to Active Directory in the example shown in Figure 6.
Another benefit of a Switched Wireless LAN is low-latency roaming. This allows latency sensitive applications like VoIP and Citrix. Cut-over times can happen in as 50 milliseconds which are mostly unnoticeable. Traditional Wireless LANs where each Access Point is configured independently have cut-over times in the 1000 millisecond range which can ruin phone calls and drop application sessions on Wireless devices. The main downside to Switched Wireless LANs is the additional cost because of the additional expense of the Wireless Controller. But in large Wireless LAN deployments, these additional costs can easily be offset by the ease of manageability.
The 802.11 standard specifies a common medium access control (MAC) Layer, which provides a variety of functions that support the operation of 802.11-based wireless LANs. In general, the MAC Layer manages and maintains communications between 802.11 stations (radio network cards and access points) by coordinating access to a shared radio channel and utilizing protocols that enhance communications over a wireless medium. Often viewed as the "brains" of the network, the 802.11 MAC Layer uses an 802.11 Physical (PHY) Layer, such as 802.11b or 802.11a, to perform the tasks of carrier sensing, transmission, and receiving of 802.11 frames.
Before transmitting frames, a station must first gain access to the medium, which is a radio channel that stations share. The 802.11 standard defines two forms of medium access, distributed coordination function (DCF) and point coordination function (PCF). DCF is mandatory and based on the CSMA/CA (carrier sense multiple access with collision avoidance) protocol. With DCF, 802.11 stations contend for access and attempt to send frames when there is no other station transmitting. If another station is sending a frame, stations are polite and wait until the channel is free.
As a condition to accessing the medium, the MAC Layer checks the value of its network allocation vector (NAV), which is a counter resident at each station that represents the amount of time that the previous frame needs to send its frame. The NAV must be zero before a station can attempt to send a frame. Prior to transmitting a frame, a station calculates the amount of time necessary to send the frame based on the frame's length and data rate. The station places a value representing this time in the duration field in the header of the frame. When stations receive the frame, they examine this duration field value and use it as the basis for setting their corresponding NAVs. This process reserves the medium for the sending station.
An important aspect of the DCF is a random back off timer that a station uses if it detects a busy medium. If the channel is in use, the station must wait a random period of time before attempting to access the medium again. This ensures that multiple stations wanting to send data don't transmit at the same time. The random delay causes stations to wait different periods of time and avoids all of them sensing the medium at exactly the same time, finding the channel idle, transmitting, and colliding with each other. The back off timer significantly reduces the number of collisions and corresponding retransmissions, especially when the number of active users increases.
With radio-based LANs, a transmitting station can't listen for collisions while sending data, mainly because the station can't have it's receiver on while transmitting the frame. As a result, the receiving station needs to send an acknowledgement (ACK) if it detects no errors in the received frame. If the sending station doesn't receive an ACK after a specified period of time, the sending station will assume that there was a collision (or RF interference) and retransmit the frame.
For supporting time-bounded delivery of data frames, the 802.11 standard defines the optional point coordination function (PCF) where the access point grants access to an individual station to the medium by polling the station during the contention free period. Stations can't transmit frames unless the access point polls them first. The period of time for PCF-based data traffic (if enabled) occurs alternately between contention (DCF) periods.
The access point polls stations according to a polling list, then switches to a contention period when stations use DCF. This process enables support for both synchronous (i.e., video applications) and asynchronous (i.e., e-mail and Web browsing applications) modes of operation.
No known wireless NICs or access points on the market today, however, implement PCF.
802.11 MAC Layer Functions
The following summarizes primary 802.11 MAC functions, especially as they relate to infrastructure wireless LANs:
Scanning: The 802.11 standard defines both passive and active scanning; whereby, a radio NIC searches for access points. Passive scanning is mandatory where each NIC scans individual channels to find the best access point signal. Periodically, access points broadcast a beacon, and the radio NIC receives these beacons while scanning and takes note of the corresponding signal strengths. The beacons contain information about the access point, including service set identifier (SSID), supported data rates, etc. The radio NIC can use this information along with the signal strength to compare access points and decide upon which one to use.
Optional active scanning is similar, except the radio NIC initiates the process by broadcasting a probe frame, and all access points within range respond with a probe response. Active scanning enables a radio NIC to receive immediate response from access points, without waiting for a beacon transmission. The issue, however, is that active scanning imposes additional overhead on the network because of the transmission of probe and corresponding response frames.
Authentication: Authentication is the process of proving identity, and the 802.11 standard specifies two forms: Open system authentication and shared key authentication. Open system authentication is mandatory, and it's a two step process. A radio NIC first initiates the process by sending an authentication request frame to the access point. The access point replies with an authentication response frame containing approval or disapproval of authentication indicated in the Status Code field in the frame body.
Shared key authentication is an optional four step process that bases authentication on whether the authenticating device has the correct WEP (wired equivalent privacy) key. The radio NIC starts by sending an authentication request frame to the access point. The access point then places challenge text into the frame body of a response frame and sends it to the radio NIC. The radio NIC uses its WEP key to encrypt the challenge text and then sends it back to the access point in another authentication frame. The access point decrypts the challenge text and compares it to the initial text. If the text is equivalent, then the access point assumes that the radio NIC has the correct key. The access point finishes the sequence by sending an authentication frame to the radio NIC with the approval or disapproval.
Association: Once authenticated, the radio NIC must associate with the access point before sending data frames. Association is necessary to synchronize the radio NIC and access point with important information, such as supported data rates. The radio NIC initiates the association by sending an association request frame containing elements such as SSID and supported data rates. The access point responds by sending an association response frame containing an association ID along with other information regarding the access point. Once the radio NIC and access point complete the association process, they can send data frames to each other.
WEP: With the optional WEP enabled, the wireless NIC will encrypt the body (not header) of each frame before transmission using a common key, and the receiving station will decrypt the frame upon receipt using the common key. The 802.11 standard specifies a 40-bit key and no key distribution method, which makes 802.11 wireless LANs vulnerable to eavesdroppers. The 802.11i committee, however, is improving 802.11 security by incorporating 802.1X and stronger encryption into the standard.
RTS/CTS: The optional request-to send and clear-to-send (RTS/CTS) function allows the access point to control use of the medium for stations activating RTS/CTS. With most radio NICs, users can set a maximum frame length threshold whereby the radio NIC will activate RTS/CTS. For example, a frame length of 1,000 bytes will trigger RTS/CTS for all frames larger than 1,000 bytes. The use of RTS/CTS alleviates hidden node problems, that is, where two or more radio NICs can't hear each other and they are associated with the same access point.
If the radio NIC activates RTS/CTS, it will first send a RTS frame to access point before sending a data frame. The access point will then respond with a CTS frame, indicating that the radio NIC can send the data frame. With the CTS frame, the access point will provide a value in the duration field of the frame header that holds off other stations from transmitting until after the radio NIC initiating the RTS can send its data frame. This avoids collisions between hidden nodes. The RTS/CTS handshake continues for each frame, as long as the frame size exceeds the threshold set in the corresponding radio NIC.
Power Save Mode: The optional power save mode that a user can turn on or off enables the radio NIC to conserve battery power when there is no need to send data. With power save mode on, the radio NIC indicates its desire to enter "sleep" state to the access point via a status bit located in the header of each frame. The access point takes note of each radio NIC wishing to enter power save mode, and buffers packets corresponding to the sleeping station.
In order to still receive data frames, the sleeping NIC must wake up periodically (at the right time) to receive regular beacon transmissions coming from the access point. These beacons identify whether sleeping stations have frames buffered at the access point and waiting for delivery to their respective destinations. The radio NICs having awaiting frames will request them from the access point. After receiving the frames, the radio NIC can go back to sleep.
Fragmentation: The optional fragmentation function enables an 802.11 station to divide data packets into smaller frames. This is done to avoid needing to retransmit large frames in the presence of RF interference. The bits errors resulting from RF interference are likely to affect a single frame, and it requires less overhead to retransmit a smaller frame rather than a larger one. As with RTS/CTS, users can generally set a maximum frame length threshold whereby the radio NIC will activate fragmentation. If the frame size is larger than the threshold, the radio NIC will break the packet into multiple frames, with each frame no larger than the threshold value.
802.11 MAC (Media Access Control)
The following section describes the common Media Access Control layer used by the 802.11 family of standards.
The 802.11 family uses a MAC layer known as CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) NOTE: Classic Ethernet uses CSMA/CD - collision detection). CSMA/CA is, like all Ethernet protocols, peer-to-peer (there is no requirement for a master station).
In CSMA/CA a Wireless node that wants to transmit performs the following sequence:
Listen on the desired channel.
If channel is idle (no active transmitters) it sends a packet.
If channel is busy (an active transmitter) node waits until transmission stops then a further CONTENTION period. (The Contention period is a random period after every transmit on every node and statistically allows every node equal access to the media. To allow tx to rx turn around the contention time is slotted 50 micro sec for FH and 20 micro sec for DS systems).
If the channel is still idle at the end of the CONTENTION period the node transmits its packet otherwise it repeats the process defined in 3 above until it gets a free channel.
CSMA/CA Protocol
Key:
D = DCF Inter Frame Space (DIFS)
S = Short Inter Frame Space (SIFS)
CW = Contention Window
MPDU = MAC Protocol Data Unit
A = Ack
802 11 also offers a polling mode (known as PCF - Point Co-ordination Function) which is fairly classic polling scheme e.g. 3270 bi-sync!! As with all polling protocols a single master (Base Station) is required.
To improve efficiency additional features are employed:
Positive Acknowledgement (ACK)
MAC level retransmission
Fragmentation
ACKing
At the end of every packet the receiver, if it has successfully received the packet, will return an ACK packet (if not received or received with errors the receiver will NOT respond i.e. there is no NACK). The transmit window allows for the ACK i.e. CONTENTION period starts after the ACK should have been sent.
MAC level retransmission
If no ACK is received the sender will retry the transmit (using the normal CSMA/CA procedures) until either successful or the operation is abandoned with exhausted retries.
Fragmentation
Bit error rates on wireless systems (10**-5, 10**-6) are substantially higher than wire-line systems (10**-12). Large blocks may approach the number of bits where the probability of an error occurring may = 1 i.e. every block could fail including the re-transmission. To reduce the possibility of this happening large blocks may be fragmented by the transmitter and reassembled by the receiver node e.g. a 1500 byte block (12,000 bits) may be fragmented into 5 blocks of 300 bytes (2,400 bits). While there is some overhead in doing this - both the probability of an error occurring is reduced and, in the event of an error, the re-transmission time is also reduced.
The Hidden Node Problem
The hidden node problem occurs in a point to multi-point network and is defined as being one in which three (or more nodes) are present. Node A, Node B and Node C. It is possible that in this case Node B can hear Node A (and vice versa) and Node B can hear Node C (and vice versa) BUT Node C cannot hear Node A. In a CSMA/CA environment Nodes A and C would both properly transmit (they cannot hear each other on the 'listen' phase so could both simultaneously and properly transmit a packet) but Node B would get corrupted data. Nodes A and C are said to be 'hidden' from each other.
Use of RTS and CTS
Hidden Nodes are solved by the use of a RTS (request to send)/CTS (clear to send) protocol prior to packet transmission. In our three node network above Node A sends a small RTS packet which is heard by Node B which send a small CTS packet which is heard by both Nodes A and Node C. Node C will not transmit in this case.
CSMA/CA with RTS/CTS
Key:
D = DCF Inter Frame Space (DIFS)
S = Short Inter Frame Space (SIFS)
CW = Contention Window
MPDU = MAC Protocol Data Unit
A = Ack
Node Identification
Each node in a 802.11 network is identified by its MAC address (exactly the same as Ethernet a 6 byte - 48 bit value). Receiving nodes recognize their MAC address.
Access Points
MAC Packet Format
The following defines the format of an 802.11 packet (for 802.3 packet format see here)
Frame Control |
Duration ID |
Address1 |
Address2 |
Address3 |
Sequence Control |
Address4 |
Data |
FCS |
2 |
2 |
6 |
6 |
6 |
2 |
6 |
0 - 2,312 |
4 |
Values:
NOTE: Bits are numbered right to left (i.e. bit number is same as 2**n)
Field |
Bits |
Values |
Notes/Description |
Frame |
15 - 14 |
|
Protocol version. Currently 0 |
|
13 - 12 |
|
Type |
|
11 - 8 |
|
Subtype |
|
7 |
|
To DS. 1 = to the distribution system. |
|
6 |
|
From DS. 1 = exit from the Distribution System. |
|
5 |
|
More Frag. 1 = more fragment frames to follow (last or unfragmented frame = 0) |
|
4 |
|
Retry. 1 = this is a re-transmission. |
|
3 |
|
Power Mgt. 1 = station in power save mode, 1 = active mode. |
|
2 |
|
More Data. 1 = additional frames buffered for the destination address (address x). |
|
1 |
|
WEP. 1 = data processed with WEP algorithm. 0 = no WEP. |
|
0 |
|
Order. 1 = frames must be strictly ordered. |
Duration ID |
15 - 0 |
|
For data frames = duration of frame. For Control Frames the associated identity of the transmitting station. |
Address 1 |
47 - 0 |
|
Source address (6 bytes). |
Address 2 |
47 - 0 |
|
Destination address (6 bytes). |
Address 3 |
47 - 0 |
|
Receiving station address (destination wireless station) |
Sequence Control |
15 - 0 |
|
|
Address 4 |
47 - 0 |
|
Transmitting wireless station. |
Frame Body |
|
|
0 - 2312 octets (bytes). |
FCS |
31 - 0 |
|
Frame Check Sequence (32 bit CRC). defined in P802.11. |
IEEE 802.11 Family
The section defines the family of standards and their coverage. You can now download for free these standards in PDF format.
Standard |
Frequency |
Notes |
802.11 |
2.400-2.483.5 GHz |
Common MAC Layer and PHY's for FHSS and DSSS at 1 and 2 Mbps. PHY for IR (850 to 950 mm) at 1 and 2 Mbps. |
802.11a |
5.15 - 5.25
GHz |
PHY for 5 GHz OFDM modulation. Speeds of 6, 9, 12, 18, 24 and 54 Mbps (6, 12, 24 manadatory). Uses common MAC. |
802.11b |
2.400 - 2.483.5 GHz |
Extends DSSS PHY to include 5.5 and 11 Mbps. Uses common MAC. |