Вы находитесь на странице: 1из 111

TMUE

MCSE
S. T. LIANG
1

Wireless Local Area Networks
Department of Computer Science
Taipei Municipal University of Education, Taiwan 100, R.O.C.
Shih Tsung Liang
stliang@ieee.tw
TMUE
MCSE
S. T. LIANG
TMUE
MCSE
S. T. LIANG
2
Table of Content
Introduction to IEEE 802.11 wireless LAN
IEEE 802.11 MAC Operation
IEEE 802.11 MAC Management
TMUE
MCSE
S. T. LIANG
3

Introduction to IEEE 802.11 wireless LAN
Department of Math. Computer Science Education Engineering
Taipei Municipal Teachers College, Taiwan 100, R.O.C.
Shih Tsung Liang
stliang@tmtc.edu.tw
TMUE
MCSE
S. T. LIANG
TMUE
MCSE
S. T. LIANG
4
Outline
What a Wireless LAN is ?
Standardization of Wireless LAN
IEEE 802.11 Physical Layer Evolutions
Other IEEE Wireless Projects
WLAN Driving Factors
Wireless LAN Applications
IEEE 802.11 WLAN Architecture
IEEE 802.11 specified Services
Services Invoked for a Mobile Station
TMUE
MCSE
S. T. LIANG
5
What a Wireless LAN is ?
A WLAN can be considered as a
wireless version of an Ethernet
LAN
Main WLAN components :
Wireless Terminals (or
Stations);
Access Points (linking the
WLAN to other networks)
TMUE
MCSE
S. T. LIANG
6
Standardization of Wireless LAN
Wireless networks are standardized by IEEE
Under 802 LAN MAN standards committee
mobile terminal
access point
server
fixed terminal
Application
TCP
802.11 PHY
802.11 MAC
IP
802.3 MAC
802.3 PHY
Application
TCP
802.3 PHY
802.3 MAC
IP
802.11 MAC
802.11 PHY
LLC
infrastructure network
LLC LLC
TMUE
MCSE
S. T. LIANG
7
Standardization of Wireless LAN
IEEE 802.11 Adopted in 1997.
Defines:
MAC sublayer
MAC management protocols and services
Three Physical (PHY) layers
IR: Infra-Red
FHSS: Frequency Hopping Spread Spectrum radio, 2.4GHz band
DSSS: Direct Sequence Spread Spectrum radio, 2.4Ghz band
TMUE
MCSE
S. T. LIANG
8
IEEE 802.11 Physical Layer Evolutions
802.2 Logical Link Control
802.1 Bridging
802.11
Medium Access
802.3
Medium Access
802.11b
Physical
802.11a
Physical
802.11
Physical
802.11g
Physical
802.3
Physical
Data
Link
Layer
Physical
Layer

802.11b 802.11a 802.11g


Frequency 2.4GHz 5GHz 2.4GHz
Speed
(Real-world avg)
11Mbps
(5Mbps)
54Mbps
(28Mbps)
54Mbps
(28Mbps)
Range 100+ Feet 60 Feet 100+ Feet
Modulation CCK
(Complementary
Code Keying)
OFDM OFDM and
DSSS
Compatibility b only a only;
a and b via
a+b products
b and g,
possibly a
compatible
TMUE
MCSE
S. T. LIANG
9
Source: www.80211-planet.com
Estimated Throughput
IEEE 802.11 Physical Layer Evolutions
TMUE
MCSE
S. T. LIANG
10
Source: www.80211-planet.com
Pros and cons 802.11b
IEEE 802.11 Physical Layer Evolutions
Pros
Modest price.
Mature technology with
many products available.
Throughput is adequate
for most home and office
applications.
In the best devices,
throughput fluctuates little,
out to the maximum range.
Cons
Slowest throughput.
Less spectrum.
Only 3 channels available
in 2.4GHz band.
Possible interference with
other 2.4GHz devices
(cordless phones,
microwaves, garage-door
openers)

TMUE
MCSE
S. T. LIANG
11
Source: www.80211-planet.com
Pros and cons 802.11a
IEEE 802.11 Physical Layer Evolutions
Pros
Higher throughput at short
ranges.
Probably better for
throughput-intensive
multimedia applications
than 802.11b.
8 channels and OFDM
technology, resulting in
less interference among
APs and more users.
Cons
More expensive.
Less mature technology.
Shorter range and greater
throughput fluctuation
beyond 20 feet.
Require more APs
Primarily only in North
America (b is worldwide)
TMUE
MCSE
S. T. LIANG
12
Source: www.80211-planet.com
Pros and cons 802.11g
IEEE 802.11 Physical Layer Evolutions
Pros
Backwards compatibility.
Throughput will be at least
double that of 802.11b.
Range will be at least
equal that of 802.11b.
Will use both DSSS and
OFDM technologies
Cons
Unavailable until early
2003.
Only 3 channels available
in 2.4GHz band.
Possible interference with
other 2.4GHz devices
(cordless phones,
microwaves, garage-door
openers)

TMUE
MCSE
S. T. LIANG
13
Other IEEE Wireless Projects
MAC Layer enhancements
IEEE 802.11e QoS
Addresses Quality of Service issues
Will enable differentiated traffic servicing, based on the requirements of the
specific traffic type
IEEE 802.11i Security
Higher (user) level authentication
Advanced security algorithms
Addresses existing 802.11 security issues
Multi-Vendor Access Point Interoperability
IEEE 802.11f IAPP
Addresses issues with roaming between unrelated Access Points
IEEE 802.11n high throughput (Under Development)
Rated speeds of 100 Mbps to 600 Mbps
Will operate in both the 2.4 GHz and 5 GHz bands
Will use MIMO
TMUE
MCSE
S. T. LIANG
14
Wireless LAN Driving Factors
Increased demand for mobile computing
Productivity increases when the network can be accessed
seamlessly from multiple locations within the premises or around
outside hotspots
Cost savings comparing to wired networks (for cables, cable
deployment, network installation / administration / maintenance)
Communication in areas with deployment constraints (e.g., historical
buildings)
Easiness to set-up temporary, ad-hoc networks (e.g., for meeting
rooms, emergencies)
802.11g has been widespread accepted for usage in corporate
networks, remote working and business travels (hotels, airports,
convention centers). Upgrade to 802.11n will be expected.
TMUE
MCSE
S. T. LIANG
15
Wireless LAN Applications
Enterprise
Wired LAN replacement, ad-hoc networks (NICs for PCs, printers, switches, and
other office appliances)
Multiple cell coverage, high user density, roaming
Home
Networking for fixed (Residential Gateways, Set-Top Boxes) portable (Laptops)
and mobile (Notebook) terminals
Distribution of digital video, Internet broadband access, sharing of PC
peripherals,
Education
Cost effective network access to teachers and students anywhere within the
school from mobile and fixed terminals
Retail / Manufacturing
Inventory, prices management (labeling, shelf audits, updates), customer aid
for shopping lists, POS/cash register downloads
Hotels
Seamless connectivity for guest rooms and meeting rooms
Public Access Points
TMUE
MCSE
S. T. LIANG
16
802.11 WLAN Architecture
infrastructure
network
ad-hoc network
AP
AP
AP
wired network
AP: Access Point
TMUE
MCSE
S. T. LIANG
17
802.11 Infrastructure Network
Distribution System
Portal
802.x LAN
Access
Point
802.11 LAN
BSS
2

802.11 LAN
BSS
1

Access
Point
Station (STA)
terminal with access mechanisms to
the wireless medium and radio contact
to the access point
Basic Service Set (BSS)
group of stations using the same radio
frequency
Access Point
station integrated into the wireless LAN
and the distribution system
Portal
bridge to other (wired) networks
Distribution System
interconnection network to form one
logical network (EES: Extended
Service Set) based
on several BSS
STA
1

STA
2
STA
3

ESS
TMUE
MCSE
S. T. LIANG
18
802.11 Ad-hoc Network
802.11 LAN
IBSS
2

802.11 LAN
IBSS
1

STA
1

STA
4

STA
5

STA
2

STA
3

Direct communication within a
limited range
Station (STA):
terminal with access
mechanisms to the wireless
medium
Independent Basic Service
Set (IBSS):
group of stations using the
same radio frequency
Single-hop only
TMUE
MCSE
S. T. LIANG
19
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

*note*
1. All conformant stations (including APs) provide SS
2. APs provide access to DSS
TMUE
MCSE
S. T. LIANG
20
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

Used by all stations to establish
their identities to stations with which
they will communicate
IEEE 802.11 provides link-level
authentication (not end-to-end)
IEEE 802.11 requires mutually
acceptable, successful,
authentication (or no data can be
delivered)
A station may be authenticated with
many other stations at any given
instant
Preauthentications are allowed
TMUE
MCSE
S. T. LIANG
21
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

Used to terminate an existing
authentication
Deauthentication shall cause the
station to be disassociated
May be invoked by either
authenticated party (AP or non-AP)
Deauthentication is not a request but a
notification
TMUE
MCSE
S. T. LIANG
22
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

IEEE 802.11 specifies an optional
privacy algorithm, WEP, to perform the
encryption of message
WEP stands for Wired Equivalent
Privacy
The default privacy state for all 802.11
stations is in the clear
TMUE
MCSE
S. T. LIANG
23
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

To provide reliable delivery of data
frames
TMUE
MCSE
S. T. LIANG
24
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

Initiated by an mobile station to make
a logical connection with an AP, so the
AP can accept data frames from/to the
station.
At any given instant, a station may be
associated with no more than one AP
TMUE
MCSE
S. T. LIANG
25
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

Being invoked whenever an existing
association is to be terminated
AP may invoke disassociation to
inform stations that AP no longer
provide the link
Stations shall attempt to disassociate
whenever they leave a network
TMUE
MCSE
S. T. LIANG
26
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

Being invoked to move a current
association from one AP to another
TMUE
MCSE
S. T. LIANG
27
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

When an AP receives a frame, it
invoke the distribution service to
determine the output point that
corresponds to the desired recipient
TMUE
MCSE
S. T. LIANG
28
Services specified by IEEE 802.11
Station Services (SS)
Authentication
De-authentication
Privacy
MSDU delivery
Distribution System Services (DSS)
Association
Disassociation
Re-association
Distribution
Integration

When the output point is determined to be a
portal, the integration function should be invoked
The integration function is responsible for
accomplishing whatever is needed to deliver a
message from (to) the DSM to (from) the
integrated LAN media
(e.g., frame format translation)
TMUE
MCSE
S. T. LIANG
29
Relationships between Services
A STA keeps two state variables for each STA with which direct
communication via the WM is needed:
Authentication state
Association state
The current state existing between the source and destination
station determine the IEEE 802.11 frame types that may be
exchanged between that pair of STAs
STA
1

STA
2

state
authentication association
STA
1
v
STA
2
v v
STA
0
(AP)
state
authentication association
STA
0
v
state
authentication association
STA
0
v v
TMUE
MCSE
S. T. LIANG
30
Relationships between Services
Class 1
Frames
Class 1&2
Frames
Class 1,2,&3
Frames
Successful
Authentication
Successful
Association or
Re-association
De-Authentication
Notification
Disassociation
Notification
De-Authentication
Notification
State 1:
Unauthenticated,
Unassociated
State 2:
Authenticated,
Unassociated
State 3:
Authenticated,
Associated
Control frames RTS, CTS, ACK, CF-
END+ACK, CF-END
Management
frames
Probe request/response,
Beacon, Authentication,
Deauthentication, ATIM
Data frames ad-hoc transfer only
Management
frames
Association
request/response,
Reassociation
request/response,
Disassociation
Control frames PS-Poll
Data frames Data frames allowed
C
l
a
s
s

1

C
l
a
s
s

2

C
l
a
s
s

3

TMUE
MCSE
S. T. LIANG
31
Services Invoked for a Mobile Station
a
b
c
e
f
a. As the station find AP1, it will authenticate and
associate with AP1.
b. As the station moves, it may pre-authenticate
with AP2
c. Station may re-associate with AP2
d. The re-association would cause AP2 to notify AP1
of new location of the station
e. AP2 is disassociated with station
f. The station would need to find AP3 and
authenticate and associate with AP3
d
back
AP 1
AP 2
AP 3
Move
TMUE
MCSE
S. T. LIANG
32

IEEE 802.11 MAC Operation
Department of Math. Computer Science Education Engineering
Taipei Municipal University of Education, Taiwan 100, R.O.C.
Shih Tsung Liang
stliang@tmue.edu.tw
TMUE
MCSE
S. T. LIANG
TMUE
MCSE
S. T. LIANG
33
Outline
MAC Sublayer and OSI Reference Model
MAC Sublayer Functionality
MAC Architecture
DCF
PCF
Coexist of PCF and DCF
MAC Frame Formats
TMUE
MCSE
S. T. LIANG
34
MAC sublayer and OSI reference model
802.2 logical link control
802.3
CSMA-
CD
802.5
token
ring
802.11
wireless
LANs
Other
LANs
Various physical layers
LLC
MAC
PHY
IEEE 802
Network layer
Data Link layer
Physical layer
OSI
Success for it is odd !!
TMUE
MCSE
S. T. LIANG
35
MAC Sublayer Functionality
to provide a reliable MSDU delivery
to control access to wireless medium
Distributed Coordination FunctionDCF
Point Coordination FunctionPCF
to provide authentication and privacy for data
delivery
MAC provides a privacy service called Wired
Equivalent PrivacyWEPencryption
TMUE
MCSE
S. T. LIANG
36
Point Coordination
Function (PCF)
Distribution Coordination Function
DCF
Reguired for Contention-Free
services Used for Contention
Services and basis of PCF

Physical

MAC
Extent
MAC Architecture
TMUE
MCSE
S. T. LIANG
37
DCF
CSMA/CA
Error Recovery Mechanisms
DCF Access Procedure

TMUE
MCSE
S. T. LIANG
38
CSMA/CA
Why CSMA/CD doesnt work?
The hidden terminal problem!


STA
1

STA
2
STA
3

STA
1
can communicate with only STA
2
.
STA
2
can communicate with STA
1
and STA
3
.
STA
3
can communicate with only STA
2
.

The frame from STA
1
to STA
2
can be corrupted by a transmission initiated by STA
3
.
The STA
3
did not know the ongoing transmission from STA
1
to STA
2

TMUE
MCSE
S. T. LIANG
39
CSMA/CA
To cope with the hidden terminal problem
Medium reservation through the exchange of RTS
and CTS frames prior to the actual data
STA
1

STA
2
STA
3

RTS
CTS
Area cleared by
RTS (Request To Send)
Area cleared by
CTS (Clear To Send)
TMUE
MCSE
S. T. LIANG
40
CSMA/CA
MAC-Level Acknowledgement
Wireless media are noisy and unreliable
The source needs to make sure the frame has
been correctly received by the destination
If the source does not receive the ACK, the
source will retransmit the frame
TMUE
MCSE
S. T. LIANG
41
CSMA/CA
4-way MAC frame exchange protocol
Source Destination
ACK
Data
CTS
RTS
Collision
Protect!!
who protect me?
(size is the key!!)
TMUE
MCSE
S. T. LIANG
42
CSMA/CA
More about 4-way handshake
RTS and CTS may be disabled by the
dot11RTSThreshold attribute in the MIB
(Management Information Base)
If frame length > dot11RTSThreshold
4-way frame exchange with RTS and CTS
If frame length dot11RTSThreshold
frame exchange without RTS and CTS
The default dot11RTSThreshold is 128
In environments STAs can hear from each other, a
higher dot11RTSThreshold can reduce the
bandwidth consumption on RTS and CTS
TMUE
MCSE
S. T. LIANG
43
CSMA/CA
Carrier Sense Mechanism
Physical carrier sense
Physical layer carrier sense
Similar to 802.3
Check for Medium status (Idle/Busy)
Virtual carrier sense
Mac layer carrier sense
Network Allocation Vector (NAV)
A countdown counter to record the amount of time remains
before wireless channel clear
(i.e. NAV=0clear)


TMUE
MCSE
S. T. LIANG
44
CSMA/CA
Random Backoff
Time
Note:
The period of time immediately
following a busy medium is the highest
probability of collision ccurring.
Many stations may be waiting for the
medium to become idle and attempt to
transmit at the same time. Thus
whenever the station sensing a busy
medium, a random backoff time is
used.
Wait for frame
to transmit
NAV=0 ?
Check PHY
Medium
Idle?
Wait IFS
Still Idle ?
Transmit Frame
Flag=0 Flag=1
Flag==0 ?
Collision ?
Y
N
N
N
Y
Y Y
N
MAC control logic
TMUE
MCSE
S. T. LIANG
45
CSMA/CA
Random backoff time
Backoff time=Random()*aSlotTime
Random(): a uniform distributed
integer randomly selected from
[0,CW], where CW is contention
window
For each unsuccessful frame
transmission, CW doubles (from
CWmin to CWmax)
CW 2 CW+1
Reduces the collision probability

CW
min
CW
max

FHSS 15 1023
DSSS 31 1023
IR 63 1023
CWmin
=15
31
63
127
CWmax=255 255
0
50
100
150
200
250
300
1 2 3 4 5 6
Example
TMUE
MCSE
S. T. LIANG
46
Error Recovery Mechanisms
Errors (interference, collision)
STA sends an RTS but not receive the CTS
STA sends a data frame but not receive the ACK
Retransmission with retry limit
shortRetryLimit : frame length dot11RTSThreshold
longRetryLimit : frame length > dot11RTSThreshold

TMUE
MCSE
S. T. LIANG
47
DCF Access procedure
Interframe space (IFS)
SIFS: Short InterFrame Space
Used for immediate response actions (e.g., ACK, CTS)
PIFS: PCF InterFrame Space
Used by centralized controller in PCF scheme when using polls
DIFS: DCF InterFrame Space
Used by distribution coordination function (DCF) for asynchronous
frames contention
EIFS: Extended InterFrame Space
Used by the DCF after indication of the erroneous frame (e.g.,
FCS error)
Reception of an error-free frame during the EIFS causes the
access using EIFS is terminated and normal medium access
(using DIFS) continues

shortest

longest

TMUE
MCSE
S. T. LIANG
48
DCF Access procedure
Basic Access Method
Busy
Medium
SIFS
PIFS
DIFS
Backoff
Window
Slot Time
Defer Access
Select Slot and decrement backoff
as long as medium is idle
DIFS
Contention Window
Immediate access when
medium is free >= DIFS
Next Frame
TMUE
MCSE
S. T. LIANG
49
DCF Access procedure
Example of backoff procedure
busy
busy
busy
busy
C
C C
C
C
backoff=12
backoff=9
backoff=5
backoff=7
backoff=3
DIFS
DIFS DIFS DIFS
backoff=4
C After MSDU arriving at MAC, STA 3 senses medium free for DIFS, so it initiates transmission
immediately without backoff interval
C For STA 1,2, and 4, their DIFS intervals are interrupted by STA 3. Thus, the backoff
Intervals for STA 1, 2, and 4, are generated randomly (e.g., 12, 5, and 9, respectively)
C After transmission of STA 2, the remaining backoff interval of STA 1 is (12-5) = 7.
C After transmission of STA 2, the remaining backoff interval of STA 4 is (9-5) = 4.
C After transmission of STA 4, the remaining backoff interval of STA1 is (7-4) = 3.
STA 1
STA 2
STA 3
STA 4
TMUE
MCSE
S. T. LIANG
50
DCF Access procedure
Example of backoff procedure (continue)
C STA 3 senses medium free for DIFS and initiates transmission immediately
C For STA 1,2, and 4, their DIFS intervals are interrupted by STA 3. Thus, the backoff
Intervals for station 1, 2, and 4, are generated randomly (e.g., 9, 5, and 5, respectively)
C Collision occurs between STA 2 and 4.
C After the collision of STA 2 and 4, the remaining backoff interval of station 1 is (9-5) = 4.
C The backoff Intervals for retransmission of STA 2, and 4, are generated randomly (e.g.,
20 and 18, respectively). (tend to be larger the initial attempt)
busy
busy
busy
backoff=9
backoff=5
backoff=5
backoff=4
DIFS
DIFS DIFS DIFS
backoff=18
STA 1
STA 2
STA 3
STA 4
busy
backoff=20
busy
backoff=16
backoff=14
C
C C
C
C
TMUE
MCSE
S. T. LIANG
51
PCF
PCF operation
Priority-based access for providing contention-free
transmission
The Point coordinator (PC; always located in AP)
takes control the medium
Stations request PC to join the polling list
The PCF uses the PIFS (<DIFS) to seize control of the
medium and then begins a contention-free period (CFP)
PC regularly polls the stations for traffic via the CF-poll
frame
TMUE
MCSE
S. T. LIANG
52
PCF
PCF operation
At the beginning of CFP, PC sends Beacon frame
Beacon includes CF parameters
(CFPMaxDuration: length of CF period)
All stations receive Beacon
Update NAV with the CFPMaxDuration
Cannot access the medium until contention-free period end
PC transmits the CF-End frame to announce the end
of CFP
All stations receive the CF-END frame reset their
NAVs
TMUE
MCSE
S. T. LIANG
53
PCF
Frame types using in PCF
CF-Poll
Data+CF-Poll
Data+CF-ACK+CF-Poll
CF-ACK+CF-Poll
Data
Data+CF-ACK
CF-ACK
Null
Only sent by PC
If the STA has no frame to send
when polled, the response shall be
a Null frame.
The null response is required to
distinguish a no-traffic condition
from a collision (via overlapping
PCs)
TMUE
MCSE
S. T. LIANG
54
PCF
Example of PCF frame transfer
CF_MAX_Duration
D1,D2 - downlink frames to STA
U1,U2 - uplink frames from STA
Beacon D1+Poll
NAV
SIFS
SIFS
U1+Ack
D2+Ack+Poll
SIFS
U2+Ack
SIFS
SIFS
CF-End
Uplink
Downlink
Contentio Free Period (CFP) for PCF
Contention
Period
Contention-Free Repetition Interval
Reset NAV
PIFS
TMUE
MCSE
S. T. LIANG
55
The coexist of DCF & PCF
CFP and CP are alternative
How to prevent DCF stations to access medium?
Update NAV with the CFPMaxDuration in Beacon
The interframe space used in PCF is PIFS (<DIFS)
B PCF DCF B PCF DCF
CFP CP CFP CP
CFP Repetition Interval
TMUE
MCSE
S. T. LIANG
56
MAC Frames
MAC accepts MSDU from higher layers and
adds header and trailer to create the MPDU
MAC may fragment a MSDU into several
MPDUs
MAC frames types: data, control, and
management
TMUE
MCSE
S. T. LIANG
57
General Frame Format
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
NAV information
Or
Short Id for PS-Poll
Upper layer data
2048 byte max
256 upper layer header
Protocol
version
type subtype
To
DS
From
DS
More
frag
retry
Pwr
mgt
More
data
WEP order
2 2 4 1 1 1 1 1 1 1 1
0, for Current
version of the
standard
00:mgt
01:control
10:data
11:rsvd
0, last frag of the
data or mgt frame.
Control frames
are not fraged.
1, the frames is a
retransmission.
0, the station is in
active mode.
1, the station will enter
pwr mgt mode. (no
more communication).
Must be the same value
for a single frame
exchange. (2-way or 4-
way)
1, the frame body is
encrypted (only for
data frames or mgt.
frames of subtype
authentication)
TMUE
MCSE
S. T. LIANG
58
Frame Subtypes
0000-1001 rsvd
1010 PS-Poll
1011 RTS
1100 CTS
1101 ACK
1110 CF-End
1111 CF-End+ACK

0000 Data
0001 Data+CF-ACK
0010 Data+CF-Poll
0011 Data+CF-ACK+CF-Poll
0100 Null Function
0101 CF-ACK (nodata)
0110 CF-Poll (nodata)
0111 CF-ACK+CF+Poll
1101-1111 rsvd
0000 Association Request
0001 Association Response
0010 Reassociation Request
0011 Reassociation Response
0100 Probe Request
0101 Probe Response
0110-0111 rsvd
1000 Beacon
1001 Announcement Traffic
Indication Message (ATIM)
1010 Disassociation
1011 Authentication
1100 Deauthentication
1101-1111 rsvd
CONTROL DATA MANAGEMENT
TMUE
MCSE
S. T. LIANG
59
Subfields: More data & Order
More data
It is set to 1 when there is at least one frame buffered at the AP
for the mobile station.
During the CFP, station (which is polled by the PC) can use this
field to inform the PC that there is at least one additional frame
available for transmission in response to a CF-Poll.
This field is set to 1 in broadcast/multicast frames transmitted by
the AP when additional broadcast/multicast frames remain to be
sent by the AP.
Order
It is set to one when the content of the data frame was provide to
the MAC with a request for strictly ordered service.
Cannot change the delivery order of broadcast and multicast frames,
relative to directed frames, originating from a single source station address
TMUE
MCSE
S. T. LIANG
60
Address Types
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
BSSID BSS Identifier
TA - Transmitter
RA - Receiver
SA - Source
DA - Destination
In infrastructure mode, BSSID is the
MAC addr. of the AP
In ad-hoc mode, BSSID=01 ^ 46 bit
random number
TMUE
MCSE
S. T. LIANG
61
Address Fields
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
Used for
receive
address
matching
decision
(RA)
Used to
identify the
transmitter of
the frame (TA)
Used to identify:
the source if the frame is
from an AP (SA)
the destination if the frame is
being sent to an AP (DA)
Used only
for frame
sent to
wireless
DS
(SA)
TMUE
MCSE
S. T. LIANG
62
Address Field Contents
Usage To
DS
From
DS
Address
1
Address
2
Address
3
Address
4
IBSS 0 0 RA=DA TA=
SA
BSSID N/A
From AP 0 1 RA=DA TA=
BSSID
SA N/A
To AP 1 0 RA=
BSSID
TA=
SA
DA N/A
Wireless DS 1 1 RA TA DA SA
TMUE
MCSE
S. T. LIANG
63
Example of End-to-End frame exchange
Wireless DS
To
DS
From
DS
Addr. 1 Addr. 2 Addr. 3 Addr. 4
1 0 AP1 STA1 STA2
STA1
STA2
AP1 AP2
1 1 AP2 AP1 STA2 STA1
0 1 STA2 AP2 STA1
C
C
C
C
C
C
TMUE
MCSE
S. T. LIANG
64
Duration/ID
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
16 bits in length contains either:
Duration:
NAV update value for duration<32768
Set as 32768 for frames transmitted during
the CFP
or
Association Identity (AID): 1-2007
used by a station to retrieve incoming frames
which are buffered in the AP
Only the PS-Poll frame contains AID
msb bits
00
01
11
TMUE
MCSE
S. T. LIANG
65
Sequence Control
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
Fragment Number

Sequence Number

12 bits 4 bits
Assigned sequentially by
sending station to each MSDU
If MSDU is fragmented, each
fragment of the MSDU contains
the same sequence number
The first or the only fragment
of an MSDU is assigned a
fragment number of zero
The subsequent fragments
have fragment numbers of
1,2,3.
TMUE
MCSE
S. T. LIANG
66
FCS
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
FCS: Frame Check Sequence
Applying theCCITT CRC-32 Polynomial
G(x) = x
32
+ x
26
+ x
23
+ x
22
+ x
16
+ x
12
+ x
11
+ x
10
+ x
8
+ x
7
+ x
5
+ x
4
+ x
2
+ x + 1
The FCS is calculated over all the fields of MAC header and the Frame Body field

TMUE
MCSE
S. T. LIANG
67
Format of Individual Control Frame
Six control frame subtypes
RTS
CTS
ACK
PS-Poll
CF-End
CF-End+ACK
Frame
control
Duration RA TA FCS
Frame
control
Duration RA FCS
RTS
CTS
2 2 6 6 4
2 2 6 4
Duration=time to transmit the pending frame,
CTS frame, and ACK frame + 3*SIFS interval
Duration=duration obtained from RTs
(time to transmit CTS frame + SIFS interval)
TMUE
MCSE
S. T. LIANG
68
Format of Individual Control Frame
Six control frame subtypes
RTS
CTS
ACK
PS-Poll
CF-End
CF-End+ACK
Frame
control
Duration RA FCS ACK
2 2 6 4
The RA value is copied from
the address 2 field immediately
previous directed data, management,
or PS-Poll frame
If more flag=0 in the immediately previous received data
Duration=0
else
duration obtained from the immediately previous received data
(time to transmit ACK frame + SIFS interval)
TMUE
MCSE
S. T. LIANG
69
Format of Individual Control Frame
Six control frame subtypes
RTS
CTS
ACK
PS-Poll
CF-End
CF-End+ACK
Frame
control
AID BSSID TA FCS
2 2 6 6 4
PS-Poll
PS-Poll
ACK
NAV
Station (TA)
AP (BSSID)
All stations
SIFS
The NAV value is
not part of the
PS-Poll frame, but is
set by every station
The frame is sent by a station
to request that the AP delivers
the buffered frames for the
station while it was in a power
saving mode
The AID is the value assigned to
the STA transmitting the frame by
the AP in the association response
frame
TMUE
MCSE
S. T. LIANG
70
Format of Individual Control Frame
Six control frame subtypes
RTS
CTS
ACK
PS-Poll
CF-End
CF-End+ACK
The BSSID is the address of the
STA contained in the AP
The RA is the broadcast group
address
The Duration field is set to 0
Frame
control
Duration RA BSSID FCS
2 2 6 6 4
CF-End/
CF-End + CF ACK
TMUE
MCSE
S. T. LIANG
71
Format of Data Frame
During the CFP
The duration field is set to 32768
During the CP
if address 1 field contains a group address,
the duration field is set to 0
else if more flag is set to 0,
the duration is set to the time required to send a ACK frame + SIFS interval
else /*more flag is set to 1*/
the duration is set to the time required to send the next fragment and 2 ACK
frames + 3*SIFS
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


data


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
TMUE
MCSE
S. T. LIANG
72
Transmission of MPDU
Sending unicast frame without RTS/CTS
t
SIFS
DIFS
data
ACK
other
stations
Destination
Source
data
DIFS
contention
NAV(data)
Defer Access
Duration=0 reset NAV
TMUE
MCSE
S. T. LIANG
73
Transmission of MPDU
Sending unicast frame with RTS/CTS
t
SIFS
DIFS
data
ACK
defer access
other
stations
Destination
Source
data
DIFS
contention
RTS
CTS
SIFS
SIFS
NAV (RTS)
NAV (CTS)
NAV (data)
TMUE
MCSE
S. T. LIANG
74
Transmission of MPDU
Sending fragmented MPDU with RTS/CTS
RTS
CTS
Frag 1
ACK 1
Frag 2
ACK 2
NAV (RTS)
NAV (CTS)
NAV (Frag 1)
NAV (ACK 1)
NAV(Frag2)
DIFS
SIFS SIFS SIFS SIFS SIFS
Source
Destination
Other stations
More flag=1 More flag=0
Duration=0 reset NAV
TMUE
MCSE
S. T. LIANG
75

IEEE 802.11 MAC Management
Department of Math. Computer Science Education Engineering
Taipei Municipal Teachers College, Taiwan 100, R.O.C.
Shih Tsung Liang
stliang@tmtc.edu.tw
TMTC
MCSE
S. T. LIANG
TMUE
MCSE
S. T. LIANG
76
Outline
Why MAC Management
Authentication
Privacy (WEP)
Association and Reassociation
Power Management
TMUE
MCSE
S. T. LIANG
77
Why MAC Management ?
IEEE 802.11 is the first LAN standard to
include significant management capabilities
The environment of WLAN is more complex
than wired LAN. (to be dealt with MAC
Management)
Shared, open media
Anyone can get to the WLAN
Mobility
Power consumption for mobile devices
TMUE
MCSE
S. T. LIANG
78
MAC Management Frames
11 distinct frame types
Beacon
Probe Request and Response
Authentication and Deauthentication
Association Request and Response
Reassociation Request and Response
Disassociation
Announcement Traffic Indication Message(ATIM)
TMUE
MCSE
S. T. LIANG
79
Management Frame Body Components
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
Protocol
version
type subtype
To
DS
From
DS
More
frag
retry
Pwr
mgt
More
data
WEP order
00 Within management frames, frame body
consists of
Fixed fields: fixed length
Information elements: variable length
Information Element
Element
ID
Length Information
Octects
1
Variable length 1
TMUE
MCSE
S. T. LIANG
80
MAC sublayer Management Services
Authentication
Privacy (WEP)
Association and Reassociation
Synchronization
Power Management
TMUE
MCSE
S. T. LIANG
81
Authentication
IEEE 802.11 provides link-level authentication
between IEEE 802.11 STAs
Two subtypes of authentication service:
Open System
Shared Key
IEEE 802.11 requires mutually acceptable,
successful authentication
Authentication shall be used between stations and the AP in an
infrastructure BSS
Authentication may be used between two STAs in an IBSS
TMUE
MCSE
S. T. LIANG
82
Authentication
Open System authentication:
Responder
Authentication frame
Authentication Algorithm ID=Open System; sequence#=1
Authentication frame
Authentication ID=Open System; sequence#=2; authentication result
Requester
TMUE
MCSE
S. T. LIANG
83
Authentication
Shared key authentication
Require implementation of the (WEP) Option
Authentication frame
Authentication ID=shared key; sequence#=1
Authentication frame
Authentication frame
Authentication frame
Authentication ID=shared key; sequence#=2; challenge text
Authentication ID=shared key; sequence#=3; encrypted challenge text
Authentication ID=shared key; sequence#=4; authentication result
Responder
Requester
TMUE
MCSE
S. T. LIANG
84
Authentication
Pre-authentication
Authentication is required before an association
can be establish
The use of preauthentication takes the
authentication service overhead out of the time-
critical reassociation process
A station may authenticate with many stations
Authentication is initial by Mobile stations
Rogue AP may adopt the SSID of the ESS and
cause the near mobile stations get a DoS attack
TMUE
MCSE
S. T. LIANG
85
Authentication
Authentication Frame Body
Order Information
1 Authentication algorithm
number (FF)
2 Authentication transaction
sequence number (FF)
3 Status code (FF)
4 Challenge text (IE)
0 (Open System) 1 (Shared Key)
#1 #2 #1 #2 #3 #4
rsvd status rsvd status rsvd status
No No No Yes Yes No
Information Element
Element
ID=16
Length Information
Octects
1
Variable length 1
TMUE
MCSE
S. T. LIANG
86
Authentication
Authentication Frame
Body
Order Information
1 Authentication algorithm
number (FF)
2 Authentication transaction
sequence number (FF)
3 Status code (FF)
4 Challenge text (IE)
status Meaning
0 Successful
1 Unspecified failure
2-9 Reserved
10 Cannot support all requested capabilities in the
capability information field
11 Reassociation denied due to inability to confirm
that association algorithm
13 Responding station does not support the
specified authentication algorithm
15 Authentication rejected because of challenge
failure
16 Authentication rejected due to timeout waiting for
next frame in sequence
17 Association denied because AP is unable
to handle additional associated stations
18 Association denied due to requesting
station not supporting all of the data rates
in the BSSBasicRateSet parameter
19 -- Reserved
TMUE
MCSE
S. T. LIANG
87
Authentication
Deauthentication Frame Body
Order Information
1 Reson code (FF)
Reason
Code
Meaning
0 Reserved
1 Unspecified reason
2 Previous authentication no longer valid
3 Deauthenticated because sending station
is leaving (has left) IBSS or ESS
4 Disassociated due to inactivity
5 Disassociated because AP is unable to handle all
currently associated stations
6 Class 2 frame received from nonauthenticated station
7 Class 3 frame received from nonassociated station
8 Dissociated because sending station is leaving (or has
left) BSS
9 Station requesting (re)association is not authenticated
with responding station
10-65535 Reserved
2 Octects
TMUE
MCSE
S. T. LIANG
88
WEP privacy
WEP Frame Body Expansion
MSDU IV ICV
Pad
Initialization
Vector
Key
ID
Encrypted
Bytes 4 4 1-2304
Bits
24 6 2
ICV: Integrity Check Value
(ICV=CRC32(MSDU))
TMUE
MCSE
S. T. LIANG
89
WEP Privacy
IV


Ciphertext



||
WEP
PRNG
Key Sequence
||
Integrity Algorithm
ICV
Seed
Initialization
Vector (IV)
Secret Key
Plaintext
message
Encryption
TMUE
MCSE
S. T. LIANG
90
WEP Privacy
IV

Ciphertext



||
Key Sequence
Integrity Algorithm
ICV
Secret Key
Plaintext
message
WEP
PRNG
Seed
ICV
ICV=ICV ?
Decryption
TMUE
MCSE
S. T. LIANG
91
WEP Privacy
The shared key configuration
Default Key: key selected from a set of 4 default keys
Key maping: separate WEP key for each RA/TA pair
Privacy-related MIB attributes
dot11PrivacyInvoked (True send frames with encryption)
dot11WEPDefaultKeys (a four-element vector contains the default keys
to be used)
dot11WEPDefaultKeyID (a index to dot11WEPDefaultKeys)
aExcludeUnencrypted (True unencrypted data frame is ignored)
dot11WEPKeyMappings (an array indexed by RA/TA address to get the
key mapping key )
MAC WEPOn WEPKey
TMUE
MCSE
S. T. LIANG
92
WEP Privacy
Privacy-related MIB attributes
dot11WEPExcludedCount
Increment when receiving a frame with WEP=0 and
aExcludeUnencrypted =T
dot11UndecryptableCount
Increment when
receiving a frame with WEP=1 and dot11PrivacyInvoked=F, or
receiving a frame with WEP=1 and key does not exist
Possible Deny of Service attack on going if increase dramatically
dot11CVErrorCount
Increment when the decryption of frame results in an unmatched ICV
Possible Key broking attack on going if increase dramatically
TMUE
MCSE
S. T. LIANG
93
Assocation
Association Request
To be associated with an AP, after authenticated, a
STA initiates an association request (from the station)
including in it its capabilities information:
Data rates, high rate PHY options; contention-free capabilities,
support of WEP and any request for contention-free service.
The length of time in a low power operating mode.
AP will decide whether to grant the request
Policies and algorithms are not part of the standard.
EX: long periods in low power operation may need excessive
buffer commitments from AP.
Load balancing factors and availability of other APs nearby

TMUE
MCSE
S. T. LIANG
94
Assocation
Association Request Frame Body
Order Information
1 Capability Information (FF)
2 Listen interval (FF)
3 SSID (IE)
4 Supported rates (IE)
ESS IBSS
CF
Pollable
CF Poll
Request
Privacy Reserved
B0 B1 B3 B15 B2 B4 B5
10 for AP
01 for STA in IBSS
00 in this case !
Set if WEP
encryption
is required
0 0 STA not CF-Pollable
0 1 STA CF-Pollable, but not requesting
to join the CF-Polling list
1 0 STA CF-Pollable, requesting to join
the CF-Polling list
1 1 STA CF-Pollable, requesting never
be polled
For STA usage (not the AP)
TMUE
MCSE
S. T. LIANG
95
Assocation
Association Request Frame Body
Order Information
1 Capability Information (FF)
2 Listen interval (FF)
3 SSID (IE)
4 Supported rates (IE; ID=1)
2 Octects long
Used to indicate to the AP how often an
STA wakes to listen to Beacon
management frame (in units of Beacon
Interval)
An AP may use the listen interval
information in determining the life time of
frames that it buffers for an STA
Indicates the identity of an ESS (or IBSS)
A 0 length SSID the broadcast SSID
Element
ID=0
Length SSID
Octects
1
0 - 32 1
Indicates the supported rates in 1-8
otects each describes a single
supported rate in unit of 500k bps
(msb is dont care)
TMUE
MCSE
S. T. LIANG
96
Assocation
Association Response Frame Body
Order
Information
1 Capability Information (FF)
2 Status code (FF)
3 Association ID (AID) (IE)
4 Supported rates (IE)
ESS IBSS
CF
Pollable
CF Poll
Request
Privacy Reserved
B0 B1 B3 B15 B2 B4 B5
10 for AP
01 for STA in IBSS
10 in this case !
0 0 No point coordinator at AP
0 1 Point coordinator at AP for delivery
only (no polling)
1 0 Point coordinator at AP for delivery
and polling
1 1 Reserved
For AP usage (not the STA)
TMUE
MCSE
S. T. LIANG
97
Assocation
Association Response
Frame Body
Orde
r
Information
1 Capability Information (FF)
2 Status code (FF)
(2 octects long)
3 Association ID (AID) (IE)
4 Supported rates (IE)
status Meaning
0 Successful
1 Unspecified failure
2-9 Reserved
10 Cannot support all requested capabilities in the
capability information field
11 Reassociation denied due to inability to confirm that
association algorithm
13 Responding station does not support the specified
authentication algorithm
15 Authentication rejected because of challenge failure
16 Authentication rejected due to timeout waiting for
next frame in sequence
17 Association denied because AP is unable to
handle additional associated stations
18 Association denied due to requesting station
not supporting all of the data rates in the
BSSBasicRateSet parameter
19 -- Reserved
The AID field is a value assigned
by an AP during association that
represents the 16-bit ID of a STA
TMUE
MCSE
S. T. LIANG
98
Association
Association Response
Frame Body
Order Information
1 Capability Information (FF)
2 Status code (FF)
(2 octects long)
3 Association ID (AID) (IE)
4 Supported rates (IE)
Indicates the supported rates in 1-8
otects each describes a single
supported rate in unit of 500k bps
msb is set to
1, if the supported rate belongs to
the BSSBasicRateSet
0, otherwise
BSSBassicRateSet:
Set of integers, each in [2,127]
Set of data rates (in units of 500kbps) that
must be supported by all STAs to join this BSS
TMUE
MCSE
S. T. LIANG
99
Reassociation
Reassociation Request
Used when a STA is moving from the
coverage of an AP to that of a new AP
Lose contact with the old AP
Initiate a new association (Reassociation) with
the new AP
Provides information to DS about the location of the
STA
Provides also the address of the old AP for the
termination of association with the old AP when the
reassociation is granted
TMUE
MCSE
S. T. LIANG
100
Reassociation
Ressociation Request Frame Body
Order Information
1 Capability Information (FF)
2 Listen interval (FF)
3 Current AP address (FF)
4 SSID (IE; ID=0)
5 Supported rates (IE; ID=1)
The current AP address field is
the MAC address of the AP
with which the station is
currently associated
TMUE
MCSE
S. T. LIANG
101
Reassociation
Ressociation
Response Frame Body
Format is identical to the
Association Response frame
Order
Information
1 Capability Information (FF)
2 Status code (FF)
3 Association ID (AID) (IE)
4 Supported rates (IE)
status Meaning
0 Successful
1 Unspecified failure
2-9 Reserved
10 Cannot support all requested
capabilities in the capability
information field
11 Reassociation denied due to inability
to confirm that association algorithm
13 Responding station does not support the specified
authentication algorithm
15 Authentication rejected because of challenge failure
16 Authentication rejected due to timeout waiting for
next frame in sequence
17 Association denied because AP is unable to handle
additional associated stations
18 Association denied due to requesting station not
supporting all of the data rates in the
BSSBasicRateSet parameter
19 -- Reserved
TMUE
MCSE
S. T. LIANG
102
Power Management
Power management in an infrastructure network
STAs changing Power Management mode shall inform
the AP





The AP shall then buffer MSDUs for it and only
transmit them at designated times
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
Protocol
version
type subtype
To
DS
From
DS
More
frag
retry
Pwr
mgt
More
data
WEP order
TMUE
MCSE
S. T. LIANG
103
Power Management
Power management in an infrastructure network
The AP shall transmit a Beacon every aBeaconPeriod providing
Timing Synchronization for the entire BSS
TIM (Traffic Indication Map) notification to STAs with frames buffered
in AP
STAs operating in power save mode shall periodically listen for
beacons, as determined by the STAs ListenInterval
Data frame will remain buffered for a time not less than the STAs
ListenInterval
For the station is to receive multicast/broadcast frames, it must be
awake at the beginning of every DTIM (Delivery TIM) Interval

Order Information
1 Capability Information (FF)
2 Listen interval (FF)
3 SSID (IE)
4 Supported rates (IE; ID=1)
Association Request
Frame Body
TMUE
MCSE
S. T. LIANG
104
Beacon Frame Body
Order Information
1 Timestamp (FF)
2 Beacon interval (FF)
3 Capability (IE)
4 SSID (IE; ID=0)
5 Supported rates (IE; ID=1)
6 FH Parameter Set (IE; ID=2)
7 DS Parameter Set (IE; ID=3)
8 CF Parameter Set (IE; ID=4)
9 IBSS Parameter Set (IE; ID=6)
10 TIM (IE; ID=5)
Power Management
8 octects long
This field represents the
value of TSFTimer (in s) of
a frames source
TSF stands for Timing
Synchronization Function
2 octects long
This field represents the
number of time unit (1024 s)
between target beacon
transmission times (TBTTs)
TMUE
MCSE
S. T. LIANG
105
Beacon Frame Body
Order Information
1 Timestamp (FF)
2 Beacon interval (FF)
3 Capability (IE)
4 SSID (IE; ID=0)
5 Supported rates (IE; ID=1)
6 FH Parameter Set (IE; ID=2)
7 DS Parameter Set (IE; ID=3)
8 CF Parameter Set (IE; ID=4)
9 IBSS Parameter Set (IE; ID=6)
10 TIM (IE; ID=5)
Power Management
Element
ID=5
Length
DTIM
Count
Octects 1 1
DTIM
Period
Bitmap
Control
Partial
Virtual
Bitmap
1 1 1 1-251
Indicate the
number of
beacon intervals
before the next
DTIM
Indicate the
number of beacon
intervals between
successive DTIM
Up to 2008 bits,
B
1
- B
2007
are the
buffered traffic
indicators for
AID=1- 2007
Traffic
Indicator
Bitmap
Offset
B
0
B
1
B
7
Buffered traffic indicator for AID=0
Set when DTIMCount=0 and there
are buffered multicast or broadcast
frames

Word offset of the Partial
virtual bitmap to indicate
the leading zero words
TMUE
MCSE
S. T. LIANG
106
Power Management
Power management in an infrastructure network
When indicated by TIM that there is at least one
buffered frames, the STA may send PS-Poll control
frame to request the frame
The AP transmits the requested frame and sets the
more data field to indicate additional buffered frames
are available (Please keep awake!!)
FC
Duration
/ID
Address
1

Address
2


Address
3


Sequence
Control


Address
4


Frame
Body


FCS

2 2 6 6 6 2 6 0-2312 4 bytes
Protocol
version
type subtype
To
DS
From
DS
More
frag
retry
Pwr
mgt
More
data
WEP order
TMUE
MCSE
S. T. LIANG
107
Power Management
Power management in an infrastructure network
AP
MH in active
mode
MH in PS
mode
O TIM interval
Beacon
TIM
Unicast
Active
OPS-poll
DTIM Interval
DTIM
Broadcast
O
O O O
Defered Beacon
TMUE
MCSE
S. T. LIANG
108
Power Management
Power management in an infrastructure network
ODTIM interval is consisted of multiple TIM intervals (i.e.
Beacon Intervals).
OMH sends a PS-Poll frame to AP to request the AP to
transmit a buffered frame via unicast.
OMH in PS mode can miss some TIM, but not DTIM.
OAfter receiving DTIM, MH in PS mode awakes for
receiving broadcast data (no polling is needed)
OAfter receiving TIM, MH in active mode transmits
earlier, so MH is PS mode stay awake.
OAfter receiving DTIM, MH in PS mode dozes due to
no broadcast data.
TMUE
MCSE
S. T. LIANG
109
Power Management
Power management in an IBSS
STAs in the PS mode should be awake prior to each
Target Beacon Transmission Time (TBTT) and keep
awake during the ATIM Window



In cases when the receiver is determined to be in a
PS mode, the sender should first transmit a ATIM
frame during the ATIM Window followed by the
transmission of data frame after the ATIM-ACK is
received
Based on the power management field
set in the STAs previous transmission or
historically failed transmission attempts
TMUE
MCSE
S. T. LIANG
110
Power Management
Power management in an IBSS
If a STA receives a directed ATIM frame containing its
individual address, or a multicast ATIM frame during
the ATIM Window, it shall remain in the awake state
until the end of the next ATIM Window
Directed ATIM frames shall be acknowledged. If no
acknowledgement is received, the ATIM shall be
retransmitted through DCF access
Multicast ATIM frames should not be acknowledged
TMUE
MCSE
S. T. LIANG
111
Power Management
Power management in an IBSS
Beacon interval Beacon interval
MH A
MH B
Beacon
Active
ATIM
Window
ATIM
Window
ATIM
Window
ATIM
ATIM-ACK
Frame
ACK
Target Beacon
Transmission Time