CompTIA Network+ Training Kit: Wireless Networking

  • 12/15/2012

Wireless LAN Architecture

The elements that define a wireless LAN implementation are roughly similar to those of a wired LAN. There are multiple physical layer specifications, data-link layer frame formats, and a media access control mechanism. These elements are discussed in the following sections.

The Physical Layer

The various amendments to the 802.11 standard define a large number of physical layer attributes, including wireless topologies, media types, frequency bands, physical layer frame formats, radio frequency modulation types, channel widths, operational speeds, and others. Some of these attributes are discussed in the following sections.

Physical Layer Topologies

As you learned in Chapter 2, the term “topology” usually refers to the way in which the computers on a network are connected together. In a bus topology, for example, each computer is connected to the next one, in daisy chain fashion, whereas in a star topology, each computer is connected to a central hub. These examples apply to cabled networks, however. Wireless networks don’t have a concrete topology as cabled ones do. Unbounded media, by definition, enable wireless network devices to transmit signals to all of the other devices on the network simultaneously.

However, this does not equate to a mesh topology. Although each device theoretically can transmit signals to all of the other wireless devices on the network at any time, this does not necessarily mean that it will. Mobility is an integral part of the wireless network design, and a wireless LAN protocol must be able to compensate for systems that enter and leave the area in which the medium can operate. The result is that the topologies used by wireless networks are defined by the basic rules that they use to communicate, and not static arrangements of devices at specific locations. IEEE 802.11 supports two types of wireless network topology: the ad hoc topology and the infrastructure topology.

httpatomoreillycomsourcemspimages1447252.jpg The fundamental building block of an 802.11 wireless LAN is the basic service set (BSS). A BSS is a geographical area in which properly equipped wireless stations can communicate. The configuration and area of the BSS are dependent on the type of wireless medium in use and the nature of the environment in which it is running, among other things.

A network using a radio frequency–based medium might have a BSS that is roughly spherical, for example, whereas an infrared network works in straight lines. The boundaries of the BSS can be affected by environmental conditions, architectural elements of the site, and many other factors, but when a station moves within the basic service set’s sphere of influence, it can communicate with other stations also in the same BSS. When it moves outside of the BSS, communication ceases.

The simplest type of BSS consists of two or more wireless computers or other devices that have come within transmission range of each other, as shown in Figure 5-2. The process by which the devices enter into a BSS is called association. Each wireless device has an operational range dictated by its equipment, and as the two devices approach each other, the area of overlap between their ranges becomes the BSS.

Figure 5-2

Figure 5-2. A basic service set with two wireless stations in range of each other.

httpatomoreillycomsourcemspimages1447252.jpg This arrangement, in which all of the network devices in the BSS are mobile or portable, is called an ad hoc topology or an independent BSS (IBSS). The term “ad hoc topology” refers to the fact that a network of this type might come together without prior planning and exist only as long as the devices need to communicate. This type of topology operates as a peer-to-peer network, because every device in the BSS can communicate with every other device.

httpatomoreillycomsourcemspimages1447252.jpg Although an ad hoc network uses basic service sets that are transient and constantly mutable, it is also possible to build a wireless network with BSSs that are somewhat more permanent. This is the basis of a network that uses an infrastructure topology. An infrastructure network consists of at least one wireless access point (WAP), also referred to simply as an access point (AP), which is either a stand-alone device or a wireless-equipped computer that is also connected to a standard bounded network by using a cable. The access point has an operational range that is relatively fixed (when compared to an IBSS) and functions as the base station for a BSS.

Any mobile station that moves within the AP’s sphere of influence is associated into the BSS and becomes able to communicate with the cabled network, as shown in Figure 5-3. Note that this is more of a client/server arrangement than a peer-to-peer one. The AP enables multiple wireless stations to communicate with the systems on the cabled network, but their ability to communicate with each other depends on the AP configuration. However, the use of an AP does not prevent mobile stations from communicating with each other independently of the AP.

It is because the AP is permanently connected to the cabled network and fixed in place that this type of network is said to use an infrastructure topology. This arrangement is typical in corporate installations that have a permanent cabled network and that also must support wireless devices that access resources on the cabled network.

httpatomoreillycomsourcemspimages1447252.jpg An infrastructure network can have any number of access points, and therefore any number of basic service sets. The architectural element that connects BSSs together is called a distribution system (DS). Multiple BSSs on a common DS might be configured with a common service set identifier (SSID), and if so configured, they and the DS that connects them are collectively called an extended service set (ESS).

Figure 5-3

Figure 5-3. A basic service set with an access point and two wireless stations in range of it.

In practice, the DS is typically a cabled network that uses the IEEE 802.3 (Ethernet) protocol, but the network can conceivably use a wireless distribution system (WDS) also. A WDS is a device or group of devices that provides a wireless interconnection of access points, much as an Ethernet network provides such an interconnection in a wired DS. Technically, the WAP in a network of this type is also called a portal, because it provides access to a network using another data-link layer protocol. It’s possible for the DS to function solely as a means of connecting APs together, and not provide access to resources on a cabled network, but this is relatively rare.

The configuration of the BSSs connected by a distribution system can take almost any physical form. The BSSs can be widely distant from each other, providing wireless network connectivity in specific remote areas, or they can overlap, providing a large area of contiguous wireless connectivity. It is also possible for an infrastructure BSS to be concurrent with an IBSS. The 802.11 standard makes no distinction between the two topologies, because both must present the exact same appearance to the LLC sublayer operating at the upper half of the data-link layer.

httpatomoreillycomsourcemspimages1447252.jpg Infrastructure networks require some means of identification, so the 802.11 standard defines a means for creating addresses and names for them. Wireless devices have 6-byte MAC addresses (or hardware addresses), just as Ethernet devices do, so in a simple infrastructure network, the MAC address of the access point becomes the basic service set identifier (BSSID) for the network. In the case of an ad hoc network, the BSSID is a randomly generated number, with the Universal/Local bit of the organizationally unique identifier (OUI) set to 1 (Local) and the Unicast/Multicast bit set to 0 (Unicast).

httpatomoreillycomsourcemspimages1447252.jpg Because humans have trouble remembering long addresses, wireless networks have names as well. The service set identifier (SSID) is a 32-bit string that identifies a BSS and all of its members. The SSIDs are the names of the wireless LANs you see when you use a client to scan for a network to join. In an infrastructure network, the administrator typically assigns an SSID to the access point when configuring it. If not, the AP uses a default name set at the factory. In an ad hoc network, the first device joining the network sets the SSID.

An extended service set must have all of its access points configured to use the same SSID. In this case, the name is technically referred to as an extended service set identifier (ESSID), although device interfaces often refer to it simply as the SSID.

Physical Layer Media

The IEEE 802.11 standard defines four basic types of physical layer media, three that use radio frequency signals and one that uses infrared light signals. A wireless LAN can use any one of these media, all of which interface with the same MAC layer. These four media types are as follows:

  • Frequency-Hopping Spread Spectrum (FHSS)

  • Direct-Sequence Spread Spectrum (DSSS)

  • Orthogonal Frequency-Division Multiplexing (OFDM)

  • Infrared

Two of the RF media use spread spectrum communications, which is a common form of radio transmission used in many wireless applications. Invented during the 1940s, spread spectrum technology takes an existing narrowband radio signal and spreads it among a range of frequencies in any one of several ways. Depending on the method employed, the result may be a signal that utilizes more bandwidth but that might be easier for a receiver to detect. At the same time, the signal might also be difficult to intercept, because attempts to locate it by scanning through the frequency bands turn up only isolated fragments, and it might be difficult to jam, because a wider range of frequencies would have to be blocked for the jamming to be effective.

httpatomoreillycomsourcemspimages1447252.jpg The difference between the various types of spread spectrum communications lies in the method by which the signals are distributed among the frequencies. Frequency-Hopping Spread Spectrum (FHSS), for example, uses a predetermined code or algorithm to dictate frequency shifts that occur continually, in discrete increments, over a wide band of frequencies. The 802.11 FHSS implementation calls for 79 channels of 1 MHz each, although some countries/regions impose smaller limits.

Obviously, the receiving device must be equipped with the same algorithm in order to read the signal properly. The rate at which the frequency changes (that is, the amount of time that the signal remains at each frequency before hopping to the next one) is independent of the bit rate of the data transmission. If the frequency hopping rate is faster than the signal’s bit rate, the technology is called a fast hop system. If the frequency hopping rate is slower than the bit rate, you have a slow hop system. The 802.11 FHSS implementation runs at 1 Mbps, with an optional 2 Mbps rate. The use of FHSS was abandoned after the initial 802.11 standard.

httpatomoreillycomsourcemspimages1447252.jpg In Direct-Sequence Spread Spectrum (DSSS) communications, the transmitting device modulates the signal by using a digital code called a chip or chipping code, which has a bit rate larger than that of the data signal. The chipping code is a redundant bit pattern that essentially turns each bit in the data signal into several bits that the device actually transmits. The longer the chipping code, the greater the enlargement of the original data signal. This enlargement of the signal makes it easier for the receiver to recover the transmitted data if some bits are damaged. The more the signal is enlarged, the smaller the significance is that is attributed to each bit. As with FHSS, a receiver that doesn’t possess the chipping code used by the transmitter can’t interpret the DSSS signal, seeing it as just noise.

The DSSS implementation in the original 802.11 document supports 1-Mbps and 2-Mbps transmission rates. IEEE 802.11b expands this capability by adding transmission rates of 5.5 and 11 Mbps. Of the spread spectrum media, only DSSS supports these faster rates, which is the primary reason why it was retained in 802.11b and FHSS was abandoned.

httpatomoreillycomsourcemspimages1447252.jpg The third RF medium, Orthogonal Frequency-Division Multiplexing (OFDM), uses a different type of signaling. Instead of using a single carrier, as the spread spectrum media do, OFDM uses multiple carriers running in parallel at low signal rates to provide a data transmission rate that is similar to those of single carrier modulation types. Each of the subcarriers uses a standard modulation technique, such as Quadrature Amplitude Modulation (QAM) or Binary Phase Shift Keying (BPSK). The advantage of OFDM over the single carrier media is in the fault tolerant nature of its signals. Factors such as attenuation and interference typically affect some of the OFDM subcarriers, but not all of them, leaving part of the transmission intact.

The original 802.11 standard also included an infrared specification for the physical layer, which uses frequencies in the 850 to 950 nanometer range, just below the visible light spectrum. This specification remains in the standard despite having never been implemented on wireless LANs, because of its limited range.

Unlike most infrared media, the IEEE 802.11 infrared implementation does not require direct line-of-sight communications; an infrared network can function using diffuse or reflected signals. However, the range of communications is limited to about 10 to 20 meters, and can only function properly in an indoor environment with surfaces that provide adequate signal diffusion or reflection. This makes infrared unsuitable for mobile devices and places more constraints on the physical location of the wireless device than any of the RF specifications. Like FHSS, the 802.11 infrared medium supports only a 1-Mbps transmission rate and an optional rate of 2 Mbps.

Frequencies and Channels

Most 802.11 networks in operation today are based on the 802.11b/g standards, using the 2.4-GHz frequency band that occupies the 83 MHz of bandwidth between 2.4000 and 2.4835 GHz. These frequencies are unlicensed in most countries/regions, although there are varying limitations on the signal strength imposed by different governments. As mentioned earlier, the 2.4-GHz band is comparatively crowded with signals from other wireless consumer devices.

The 802.11n standard reintroduces the use of the 5-GHz band from 802.11a, but implementations that support the 5-GHz band are relatively rare and are found at the high end of the price range. The 802.11ac standard, in its current form, will use only the 5-GHz band.

httpatomoreillycomsourcemspimages1447252.jpg The wireless LAN standards divide the frequency band that a given technology uses into channels, so that multiple networks can coexist in the same area by using different parts of the available bandwidth. The channels defined by the standards up to and including 802.11g are 20 to 22 MHz in width (depending on the type of modulation).

For example, in implementations using DSSS modulation, the channels are 22 MHz wide, and the 2.4-GHz band contains channels that are 5 MHz apart. This enables the standard to define 13 channels in that band, as shown in Figure 5-4. (A fourteenth channel, located 12 MHz away from channel 13, was added by Japanese manufacturers and is not supported in all implementations.)

Figure 5-4

Figure 5-4. The 22-MHz channels in the 2.4-GHz band.

httpatomoreillycomsourcemspimages1447252.jpg Of course, spacing 22-MHz channels 5 MHz apart means that the channels are going to overlap, making it possible for networks using different channels to interfere with each other. This can result in the need for retransmissions at the data-link layer, reducing network throughput and increasing latency. Therefore, in the 2.4-GHz band, it has become a common practice to favor channels 1, 6, and 11, because they do not overlap and do not interfere with each other, as shown in Figure 5-5. Administrators of large wireless LANs often create a multiple channel architecture that uses only those three channels for that reason.

Figure 5-5

Figure 5-5. Non-overlapping 22-MHz channels in the 2.4-GHz band.

This practice has persisted even on 802.11g networks, which is unfortunate, because the OFDM modulation that 802.11g uses creates channels that are 20 MHz wide, not 22 MHz. With 20-MHz widths, the non-overlapping channels are 1, 5, 9, and 13, as shown in Figure 5-6.

Figure 5-6

Figure 5-6. Non-overlapping 20-MHz channels on an 802.11g network.

httpatomoreillycomsourcemspimages1447252.jpg 802.11n networks support both 20-MHz and 40-MHz channels. When you select the 40-MHz option, the device allocates two adjacent 20-MHz channels and combines them, a process called channel bonding. Devices that do not have support for 40-MHz channels use only the 20-MHz primary channel; devices with 40-MHz channel support use both. This can effectively double the data transfer rate of the network, but there are complications to this practice.

In the 2.4-GHz band, there is no way to deploy a multiple channel architecture using 40-MHz channels without overlapping, as shown in Figure 5-7. The Wi-Fi Alliance recommends not using 40-MHz channels in the 2.4-GHz band for this reason.

Overlapping 40-MHz channels in the 2.4-GHz band.

Figure 5-7. Overlapping 40-MHz channels in the 2.4-GHz band.

Fortunately, the 802.11n standard also supports the use of the 5-GHz band, which provides much more room for non-overlapping channels, as well as other advantages. Support for the 5-GHz band is not a requirement of the standard, however. Many 802.11n devices can use only the 2.4-GHz band. Those that do support the 5-GHz band are usually dual-band devices, so that they can connect with 802.11b/g equipment that uses only 2.4 GHz.

Physical Layer Frames

Instead of a relatively simple signaling scheme such as the Manchester encoding technique used by Ethernet, the media operating at the 802.11 physical layer have their own frame formats that encapsulate the frames generated at the data-link layer. This is necessary to support the complex nature of the media.

Each of the media that the 802.11 standard supports has its own physical layer frame format, but all of the frames perform the same basic functions, such as the following:

  • Signaling the start of the frame

  • Specifying the length of the data field

  • Specifying the transmission rate

  • Providing a cyclical redundancy check (CRC) value for error detection

The Data-Link Layer

Like the IEEE 802.3 (Ethernet) standard, the 802.11 document defines only half of the functionality found at the data-link layer. As in the other IEEE 802 protocols, the LLC sublayer forms the upper half of the data-link layer and is defined in the IEEE 802.2 standard. The 802.11 document defines the MAC sublayer functionality, which consists of a connectionless transport service that carries LLC data to a destination on the network in the form of MAC service data units (MSDUs). And as in other data-link layer protocols, this service is defined by a frame format (actually several frame formats, in this case) and a media access control mechanism. The MAC sublayer also provides security services, such as authentication and encryption, and reordering of MSDUs.

Data-Link Layer Frames

The 802.11 standard defines three basic types of frames at the MAC layer, which are as follows:

  • Data frames Used to transmit upper-layer data between stations

  • Control frames Used to regulate access to the network medium and to acknowledge transmitted data frames

  • Management frames Used to exchange network management information to perform network functions such as association and authentication

The general MAC frame format is shown in Figure 5-8.

Figure 5-8

Figure 5-8. The IEEE 802.11 MAC sublayer frame format.

The functions of the frame fields are as follows:

  • Frame Control (2 bytes) Contains 11 subfields that enable various protocol functions, including the version of the 802.11 standard, the MAC frame type, and the frame function.

  • Duration/ID (2 bytes) In control frames used for power-save polling, this field contains the association identity (AID) of the station transmitting the frame. In all other frame types, the field indicates the amount of time (in microseconds) needed to transmit a frame and its short interframe space (SIFS) interval.

  • Address 1 (6 bytes) Contains an address that identifies the recipient of the frame, using one of the five addresses used in 802.11 MAC sublayer communications.

  • Address 2 (6 bytes) Contains one of the five addresses used in 802.11 MAC sublayer communications.

  • Address 3 (6 bytes) Contains one of the five addresses used in 802.11 MAC sublayer communications.

  • Sequence Control (2 bytes) Contains two fields used to associate the fragments of a particular sequence and assemble them into the right order at the destination system.

  • Address 4 (6 bytes) Contains one of the five addresses used in 802.11 MAC sublayer communications. Not present in control and management frames and some data frames.

  • Frame Body (0 to 2,312 bytes) Contains the actual information being transmitted to the receiving station.

  • Frame Check Sequence (4 bytes) Contains a CRC value used by the receiving system to verify that the frame was transmitted without errors.

The four address fields in the MAC frame identify different types of systems depending on the type of frame being transmitted and its destination in relation to the DS. You can determine the systems whose addresses are contained in the four address fields by using the information in Table 5-2.

Table 5-2. MAC Sublayer Address Types


Address 1 Value

Address 2 Value

Address 3 Value

Address 4 Value

Data frames exchanged by stations in the same IBSS, and all control and management frames




Not Used

Data frames transmitted to the DS




Not Used

Data frames exiting the DS




Not Used

Wireless distribution system (WDS) frames exchanged by APs in a DS





The five different types of addresses referenced in the table are as follows:

  • Source Address (SA) A MAC individual address that identifies the system that generated the information carried in the Frame Body field.

  • Destination Address (DA) A MAC individual or group address that identifies the final recipient of an MSDU.

  • Transmitter Address (TA) A MAC individual address that identifies the system that transmitted the information in the Frame Body field onto the current wireless medium (typically an AP).

  • Receiver Address (RA) A MAC individual or group address that identifies the immediate recipient of the information in the Frame Body field on the current wireless medium (typically an AP).

  • Basic Service Set ID (BSSID) A MAC address that identifies a particular BSS. On an infrastructure network, the BSSID is the MAC address of the station functioning as the AP of the BSS. On an ad hoc network (IBSS), the BSSID is a randomly generated value generated during the creation of the IBSS.

Media Access Control

httpatomoreillycomsourcemspimages1447252.jpg As with all data-link layer protocols that use a shared network medium, the media access control (MAC) mechanism is one of the 802.11 protocol’s primary defining elements. The standard defines the use of a MAC mechanism called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), which is a variation of the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) mechanism used by Ethernet.

The basic functional characteristics of wireless networks limit which MAC mechanisms these networks can use. For example, the Ethernet CSMA/CD mechanism requires every device on the network to receive every transmitted packet. An Ethernet system that doesn’t receive every packet can’t reliably detect collisions. In addition, Ethernet systems detect collisions through signal voltage variances or the simultaneous transmission and receipt of signals, both of which are impractical in a wireless environment.

One of the characteristics of the wireless networks defined in 802.11 is that stations can repeatedly enter and leave the BSS because of their mobility and the vagaries of the wireless medium. Therefore, the MAC mechanism on a wireless network must be able to accommodate this behavior.

The carrier sense and multiple access parts of the CSMA/CA mechanism are the same as those of an Ethernet network. A computer with data to transmit listens to the network medium and, if the medium is available, begins transmitting its data. If the network is busy, the computer backs off for a specified interval and begins the listening process again.

As with Ethernet, the CSMA part of the process can result in collisions. The difference in CSMA/CA is that systems attempt to avoid collisions in the first place by reserving bandwidth in advance, by specifying a value in the Duration/ID field of the MAC frame, or by using specialized control messages called request-to-send (RTS) and clear-to-send (CTS) messages.

The carrier sense part of the transmission process occurs on two levels, the physical and the virtual. The physical carrier sense mechanism is specific to the physical layer medium the network is using and is equivalent to the carrier sense performed by Ethernet systems. The virtual carrier sense mechanism, called a network allocation vector (NAV), involves the transmission of an RTS frame by the system with data to transmit, and a response from the intended recipient in the form of a CTS frame.

Both of these frames have a value in the Duration/ID field that specifies the amount of time needed for the sender to transmit the forthcoming data frame and receive an acknowledgment (ACK) frame in return. This message exchange essentially reserves the network medium for the life of this particular transaction, which is where the collision avoidance part of the mechanism comes in. Because both the RTS and CTS messages contain the Duration/ID value, any other system on the network receiving either one of the two messages observes the reservation and refrains from trying to transmit its own data during that time interval. This way, a station that is capable of receiving transmissions from one computer but not the other can still observe the CSMA/CA process.

In addition, the RTS/CTS exchange also enables a station to determine whether communication with the intended recipient is possible. If the sender of an RTS frame fails to receive a CTS frame from the recipient in return, it retransmits the RTS frame repeatedly, until a preestablished timeout is reached. Retransmitting the brief RTS message is much quicker than retransmitting large data frames, which shortens the entire process.

To detect collisions, IEEE 802.11 uses a positive acknowledgment system at the MAC sublayer. Each data frame that a station transmits must be followed by an ACK frame from the recipient, which is generated after a CRC check of the incoming data. If the frame’s CRC check fails, the recipient considers the packet to have been corrupted by a collision (or other phenomenon) and silently discards it. The station that transmitted the original data frame then retransmits it as many times as needed to receive an ACK, up to a predetermined limit.

Note that the failure of the sender to receive an ACK frame could be due to the corruption or nondelivery of the original data frame or the nondelivery of an ACK frame that the recipient did send in return. The 802.11 protocol does not distinguish between the two.

Related resources

There are currently no related titles.