Wireless Networking

Study of IEEE 802.11 Specification

Communication Networks,

Summer 2002








Instructor: Pallegadda Kistareddy

Author: Phani K. Neelakantham,

Graduate Student,

ECE Department,

Villanova University.




·         Introduction

·         IEEE 802.11 Features

·         IEEE 802.11 Family

·         802.11 Operating Modes

·         IEEE 802.11 Layers

o        Physical Layer

o        Data Link Layer

·         802.11 Security

·         Performance Features

·         Conclusion

·         References


Over recent years, the market for wireless communications has enjoyed tremendous growth. Wireless technology now reaches or is capable of reaching virtually every location on the face of the earth. Hundreds of millions of people exchange information every day using pagers, cellular telephones, and other wireless communication products.

In 1997, the Institute of Electrical and Electronics Engineers (IEEE) ratified the 802.11 specification for wireless Ethernet. IEEE 802.11 serves the same purpose as the IEEE 802.3 standard for wired Ethernet: establishing standards for vendor-to-vendor interoperability.  IEEE 802.11 was devised by vendors who perceived computer local area networks (LANs) as the largest potential market for their wireless products. Consequently, the 802.11 specification enables wireless devices to operate with computers using standard operating systems for applications that require the transmission of large files.  Since its adoption, the IEEE 802.11b high rate extension has sparked great interest in the wireless market. Using this specification, wireless LAN (WLAN) designers can finally develop systems that link portable devices and PCs at Ethernet quality data rates of 11Mbps. The IEEE 802.11 specification is a WLAN standard that defines a set of specifications for physical layers (PHYs) and a medium access control (MAC) layer. On the high-rate side, the 802.11b spec defines a set of requirements for a new PHY as an ex-tension to the legacy direct sequence spread spectrum (DSSS) PHY. IEEE 802.11 is a set of minimum requirements for wireless manufacturers to follow in order to ensure interoperability among similar devices. The arduous process of creating the 802.11 standard took seven years, and sought to achieve the following goals:

·         Define a class of wireless products suitable for computer LANS

·         Continue to serve existing mobile user applications

·         Drive down costs by encouraging competition among wireless product vendors.

Since a Wireless LAN relies on common transmission medium, the transmissions of the network stations must be coordinated by the Medium Access Protocol (MAC). This coordination in the IEEE 802.11 is achieved by means of control information which is carried explicitly by the control messages traveling along the medium (e.g. ACK messages), or can be provided implicitly by the medium itself, by the channel which is either active or idle (i.e. carrier sensing).

IEEE 802.11 Features:

The 802.11 standard provides MAC and PHY functionality for wireless connectivity of fixed, portable and moving stations moving at pedestrian and vehicular speeds within a local area. Specific features of the 802.11 standard include the following:

·         Support of asynchronous and time-bounded delivery service

·         Continuity of service within extended areas via a Distribution System, such as Ethernet.

·         Accommodation of transmission rates of 1 and 2 Mbps

·         Support of most market applications

·         Multicast (including broadcast) services

·         Network management services

·         Registration and authentication services

Like all IEEE 802 standards, the 802.11 standards focus on the bottom two levels of the ISO model, the physical layer and data link layer (Figure 1). Any LAN application, network operating system, or protocol, including TCP/IP and Novell NetWare, will run on an 802.11-compliant WLAN as easily as they run over Ethernet.


IEEE 802.11 Family:

There are several specifications in the 802.11 family:

·         802.11 -- applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS).

·         802.11a -- an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS.

·         802.11b (also referred to as 802.11 High Rate or Wi-Fi) -- an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet.

·         802.11g -- applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band.


802.11 Operating Modes:

802.11 defines two pieces of equipment, a wireless station, which is usually a PC equipped with a wireless network interface card (NIC), and an access point (AP), which acts as a bridge between the wireless and wired networks. An access point usually consists of a radio, a wired network interface (e.g., 802.3), and bridging software conforming to the 802.1x bridging standard. The access point acts as the base station for the wireless network, aggregating access for multiple wireless stations onto the wired network. Wireless end stations can be 802.11 PC Card, PCI, or ISA NICs, or embedded solutions in non-PC clients (such as an 802.11-based telephone handset).

The 802.11 standard defines two modes: Infrastructure mode and Ad hoc mode. In Infrastructure mode the wireless network consists of at least one access point connected to the wired network infrastructure and a set of wireless end stations. This configuration is called a Basic Service Set (BSS). An Extended Service Set (ESS) is a set of two or more BSSs forming a single sub network. Since most corporate WLANs require access to the wired LAN for services (file servers, printers, Internet links) they will operate in infrastructure mode.

Ad hoc mode (also called peer-to-peer mode or an Independent Basic Service Set, or IBSS) is simply a set of 802.11 wireless stations that communicate directly with one another without using an access point or any connection to a wired network. This mode is useful for quickly and easily setting up a wireless network anywhere that a wireless infrastructure does not exist or is not required for services, such as a hotel room, convention center, or airport, or where access to the wired network is barred (such as for consultants at a client site).


IEEE 802.11 Layers:

The IEEE 802.11 standard defines a MAC protocol and three possible physical layer interfaces (PHYs) providing a capacity of 1 to 2 Mbps. The three possible PHYs are : FHSS frequency hopping spread spectrum, DSSS direct sequence spread spectrum, IR infra-red.The basic architecture, features, and services of 802.11b are defined by the original 802.11 standard. The 802.11b specification affects only the physical layer, adding higher data rates and more robust connectivity.


Figure 1. 802.11 and the ISO Model - 7KB

Fig 1:  802.11 and ISO Model

Physical Layer:

FHSS and DSSS utilize the 2.4GHz Industrial, Scientific and Medical (ISM) band (2.4000-2.4835 GHz). Using the frequency hopping technique, the 2.4 GHz band is divided into 75 one-MHz sub channels (each using Gaussian minimum shift keying (GMSK). The sender and receiver agree on a hopping pattern, and data is sent over a sequence of the sub channels at a hop rate of 2.5 Hops/sec. Each conversation within the 802.11 network occurs over a different hopping pattern, and the patterns are designed to minimize the chance of two senders using the same sub channel simultaneously. FHSS techniques allow for a relatively simple radio design, but are limited to speeds of no higher than 2 Mbps (the increase from 1 Mbps is achieved by using four-level GMSK). This limitation is driven primarily by FCC regulations that restrict sub channel bandwidth to 1 MHz. These regulations force FHSS systems to spread their usage across the entire 2.4 GHz band, meaning they must hop often, which leads to a high amount of hopping overhead.

In contrast, the direct sequence signaling technique divides the 2.4 GHz band into 14 channels (11 channels for US) and each uses differential binary phase shift keying (DBPSK). For multiple channels to coexist in the same location, they should be 25 MHz apart to avoid interference. This means, that at most 3 channels can coexist in one location. Data is sent across one of these channels without hopping to other channels. To compensate for noise on a given channel, a technique called “chipping” is used. Each bit of user data is converted into a series of redundant bit patterns called “chips.” The inherent redundancy of each chip combined with spreading the signal across the channel provides for a form of error checking and correction; even if part of the signal is damaged, it can still be recovered in many cases, minimizing the need for retransmissions.

Finally, the wavelength of the IR signal in the third possible physical layer scheme ranges from 850 to 950nm; it is designated for indoor and generally line of sight use. Again, 1Mbps and 2Mbps data rates are provided per channel.

The comparison can be tabulated as (IR implicitly included ):



Lowest cost

Highest cost

Lowest power consumption

Highest power consumption

Highest aggregate capacity using multiple physical layers

Lowest aggregate capacity using multiple physical layers than frequency hopping.

Less range than direct sequence, but greater range than infrared

More range than frequency hopping and infrared physical layers

Most tolerant to signal interference

Smallest number of geographically separate radio cells due to a limited number of channels.

Lowest potential data rates from individual physical layers

Highest potential data rates from individual physical layers as compared to frequency hopping. (The current version of 802.11 specifies the same data rates for both frequency hopping and direct sequence; however, future versions of the standard are likely to support higher data rates for direct sequence.)


The key contribution of the 802.11b addition to the wireless LAN standard was to standardize the physical layer support of two new speeds, 5.5 Mbps and 11 Mbps. To accomplish this, DSSS had to be selected as the sole physical layer technique for the standard since, as noted above, frequency hopping cannot support the higher speeds without violating current FCC regulations. The implication is that 802.11b systems will interoperate with 1 Mbps and 2 Mbps 802.11 DSSS systems, but will not work with 1 Mbps and 2 Mbps 802.11 FHSS systems.

To support very noisy environments as well as extended range, 802.11b WLANs use dynamic rate shifting, allowing data rates to be automatically adjusted to compensate for the changing nature of the radio channel. Ideally, users connect at the full 11 Mbps rate. However when devices move beyond the optimal range for 11 Mbps operation, or if substantial interference is present, 802.11b devices will transmit at lower speeds, falling back to 5.5, 2, and 1 Mbps. Likewise, if the device moves back within the range of a higher-speed transmission, the connection will automatically speed up again. Rate shifting is a physical-layer mechanism transparent to the user and the upper layers of the protocol stack.

Data Link Layer:

The data link layer within 802.11 consists of two sub layers: Logical Link Control (LLC) and Media Access Control (MAC). 802.11 uses the same 802.2 LLC and 48-bit addressing as other 802 LANs, allowing for very simple bridging from wireless to IEEE wired networks, but the MAC is unique to WLANs. The goal of the MAC layer is to provide access control functions (such as addressing, access coordination, frame check sequence generation and checking, and LLC PDU delimiting) for shared-medium PHYs in support of the LLC layer. The MAC layer performs the addressing and recognition of frames in support of the LLC.

For 802.3 Ethernet LANs, the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol regulates how Ethernet stations establish access to the wire and how they detect and handle collisions that occur when two or more devices try to simultaneously communicate over the LAN. In an 802.11 WLAN, collision detection is not possible due to what is known as the “near/far” problem: to detect a collision, a station must be able to transmit and listen at the same time, but in radio systems the transmission drowns out the ability of the station to “hear” a collision. 802.11 therefore uses a slightly modified protocol known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) or the Distributed Coordination Function (DCF). CSMA/CA attempts to avoid collisions by using explicit packet acknowledgment (ACK), which means an ACK packet is sent by the receiving station to confirm that the data packet arrived intact. Another MAC-layer problem specific to wireless is the “hidden node” issue, in which two stations on opposite sides of an access point can both “hear” activity from an access point, but not from each other, usually due to distance or an obstruction. To solve this problem, 802.11 specifies an optional Request to Send/Clear to Send (RTS/CTS) protocol at the MAC layer. When this feature is in use, a sending station transmits an RTS and waits for the access point to reply with a CTS. Since all stations in the network can hear the access point, the CTS causes them to delay any intended transmissions, allowing the sending station to transmit and receive a packet acknowledgment without any chance of collision. Since RTS/CTS adds additional overhead to the network by temporarily reserving the medium, it is typically used only on the largest-sized packets, for which retransmission would be expensive from a bandwidth standpoint.

The MAC protocol is formed of two separate coexisting coordination functions that provide support for asynchronous data transfer and optionally distributed time-bounded services (DTBS). Asynchronous data transfer refers to traffic that is insensitive to time delays; it is supported by the distributed coordination function (DCF). Delay constrained traffic is handled by the point coordination function (PCF) of the protocol. Finally, the 802.11 MAC layer provides for two other robustness features: CRC checksum and packet fragmentation. Each packet has a CRC checksum calculated and attached to ensure that the data was not corrupted in transit. Packet fragmentation allows large packets to be broken into smaller units when sent over the air, which is useful in very congested environments or when interference is a factor, since larger packets have a better chance of being corrupted. This technique reduces the need for retransmission in many cases and thus improves overall wireless network performance. The MAC layer is responsible for reassembling fragments received, rendering the process transparent to higher-level protocols. The 802.11 MAC layer is responsible for how a client associates with an access point

Fig 2  shows the standard IEEE802.11 frame format. The IEEE standard 48-bit MAC addressing mode is used. The duration 2 byte field gives the duration of the transmission in microseconds. A CRC field allows error checking at the receiver. The frame control field has 2 type bits and 4 subtype bits that identify the frame (ACK, CTS, RTS, data...); it also has (among other things) a power management bit



            Fig 2:  IEEE802.11 Standard Frame Format

The protocol has 3 pre-defined intra-frame space (IFS) time periods with increasing duration: short IFS (SIFS), point coordination function IFS (PIFS) and distributed coordination function DCF-IFS (DIFS). The IFSs are mandatory periods of idle time and are used to control event priorities. Furthermore, every user maintains a Network Allocation Vector (NAV) which is the remaining busy period of the shared channel (in microseconds). Correct receipt of packets is signaled through ACK packets; an ACK packet should be returned SIFS seconds after the successful reception of a packet.

Time is divided in contention periods where DCF access is used and contention free periods where PCF access is used.The PCF cannot be used in ''ad hoc'' networks because the PCF function needs a Point Coordinator, a role that is usually bestowed upon the Access Points (APs) in ''infrastructure'' networks. In addition to the CSMA/CA protocol, the MAC layer supports authentication network management and privacy. Specifically, the MAC layer supports two flavors of authentication: open and shared key. In addition to controlling media access, the 802.11 HR MAC supports power conservation to extend the battery life of portable devices. The standard supports two power-utilization modes, called Continuous Aware Mode and Power Save Polling Mode.


802.11 Security:

WEP (wired equivalent privacy) is 802.11's optional encryption standard implemented in the MAC Layer that most radio network interface card (NIC) and access point vendor’s support. If a user activates WEP, the NIC encrypts the payload (frame body and CRC) of each 802.11 frame before transmission using an RC4 stream cipher provided by RSA Security. The receiving station, such as an access point or another radio NIC, performs decryption upon arrival of the frame. As a result, 802.11 WEP only encrypts data between 802.11 stations. Once the frame enters the wired side of the network, such as between access points, WEP no longer applies.

As part of the encryption process, WEP prepares a keyschedule ("seed") by concatenating the shared secret key supplied by the user of the sending station with a random-generated 24-bit initialization vector (IV). The IV lengthens the life of the secret key because the station can change the IV for each frame transmission. WEP inputs the resulting "seed" into a pseudo-random number generator that produces a keystream equal to the length of the frame's payload plus a 32-bit integrity check value (ICV). The ICV is a check sum that the receiving station eventually recalculates and compares to the one sent by the sending station to determine whether the transmitted data underwent any form of tampering while intransient. If the receiving station calculates an ICV that doesn't match the one found in the frame, then the receiving station can reject the frame or flag the user. WEP specifies a shared secret 40 or 64-bit key to encrypt and decrypt the data. With WEP, the receiving station must use the same key for decryption. Each radio NIC and access point, therefore, must be manually configured with the same key. Before transmission takes place, WEP combines the keystream with the payload/ICV through a bit wise XOR process, which produces ciphertext (encrypted data). WEP includes the IV in the clear (unencrypted) within the first few bytes of the frame body. The receiving station uses this IV along with the shared secret key supplied by the user of the receiving station to decrypt the payload portion of the frame body.

But, WEP is vulnerable because of relatively short IVs and keys that remain static. With only 24 bits, WEP eventually uses the same IV for different data packets causing frequent reoccurrence for large networks. WEP2 (or TKIP) defines a 128-bit IV for clearing the lapse. Also, WEP only provides a method for authenticating radio NICs to access points, not the other way around. As a result, a hacker can "reroute" data through an alternate unauthorized path that avoids other security mechanisms. Instead of one-way authentication, wireless LANs need to implement mutual authentication to avoid this problem. In addition to the WEP2 solution, the 802.11 standard will likely include the Advanced Encryption Standard (AES) protocol. An issue, however, is that AES requires a coprocessor (additional hardware) to operate. Companies having installed wireless LANs will need to determine whether it's worth the costs of upgrade for better security

Performance features of 802.11:

·         Ease of Management:  Since an 802.11 wireless LAN differs from standard 802.3 and 802.5 wired LANs only at OSI Layers 1 and 2, so most of   the products come with SNMP version 2 and with SNMPs we can configure and probe APs via an easy-to-use interface like a Web browser. Some vendors have built Web servers into their APs for this reason. Finally, the ability to manage, configure, and upgrade APs in groups simplifies WLAN administration

·         Range and Throughput:  802.11b WLANs communicate using radio waves because these waves penetrate through many indoor structures or can reflect around obstacles. WLAN throughput depends on several factors, including the number of users, micro cell range, interference, multipath propagation, standards support, and hardware type.

·         Mobility: While 802.11b defines how a station associates with APs, it does not define how APs track users as they roam about, either at Layer 2 between two APs on the same subnet, or at Layer 3 when the user crosses a router boundary between subnets. The first issue is handled by vendor-specific inter-AP protocols, which vary in performance. The second issue is handled by Layer 3 roaming mechanisms. The most popular of these is Mobile IP, which is currently known as RFC 2002 in the Internet Engineering Task Force (IETF). An incomplete but useful alternative to the Layer 3 roaming problem is to implement the Dynamic Host Configuration Protocol (DHCP) across the network.

·         Power Management:  The 802.11b standard incorporates Power Saving Protocol to maximize the battery life of products using wireless devices.

·         Security:   The WEP 40-bit encryption built into 802.11b WLANs should be sufficient for most applications. Other access control techniques are available in addition to the 802.11 WEP authentication technique. For one, there is an identification value called an ESSID programmed into each access point to identify which subnet it is on. This can be used as an authentication check; if a station does not know this value; it is not allowed to associate with the access point. In addition, some vendors provide for a table of MAC addresses in an Access Control List to be included in the access point, restricting access to clients whose MAC addresses are on the list. Clients can thus be explicitly included (or excluded) at will.



Since wireless devices need to be small and wireless networks are bandwidth limited, some of the key challenges in wireless networks are Data rate enhancements, size and cost, low power networking and user security. The above described 802.11 protocol addresses many of these issues and research is still going on in this field. The Wireless Ethernet Compatibility Alliance (WECA) is releasing the 802.11a with “Wi-Fi Certified” brand (like the 802.11b products) and on top of all this, WECA will be changing its name. To better reflect the branding, they will become the Wi-Fi Alliance. The new Wi-Fi logo label will also feature a checklist specifying whether the product is certified for certain features. Top most among the check list will likely be the physical standard of 802.11a or b, but Eaton expects lines will exist for dual-band products, Quality of Service support, Security (perhaps TKIP or AES will each get a line), transmit power control, and potentially others. So the future looks bright and promising for the Wireless Ethernets with more standardized procedures and better-certified products.



·         802.11: www.80211-planet.com

·         The IEEE 802.11 Standard: www.pulsewan.com/data101/802_11_b_basics.htm

·         Wireless Networking: www.vicomsoft.com/knowledge/reference/wireless1.html

·         Issues and Challenges: www.ece.stevens-tech.edu/~mouli/WSTAarticle1.doc

·         802.11 MAC protocol: cwc.ucsd.edu/~rgholmie/WirelessPaper/node4.html

·         Spread Spectrum: www.wireless-nets.com

·         Computer Networks, A Systems Approach – Larry L. Peterson & Bruce S. Davie

·         A Brief Study of 802.11 Specification – Kiran Challagali

·         Wireless LANs: www.ieee-infocom.org/1998/papers/02a_2.pdf