Wireless basics

RF fundamentals

 As radio frequency signals propagate through the air,

obstacles within the RF path cause attenuation (loss) of
signal strength
 The following effects may occur
 Reflection: signal changes direction as it bounces off a
smooth surface
 Refraction: signal bends while passing through a
medium with different density
 Absorption: signal hitting an object is absorbed into the
material
 Diffraction: signal changes direction and intensity after
passing an obstacle
 Scattering: signal strikes rough surface and signals
scatter in many different directions
Antennas

 Increase signal strength

 Directional antennas (eg, grid, dish)
focus signal in particular direction(s)
to extend range
 These types of antennas are
good for point-to-point links
Grid
 Semi-directional antennas (eg, patch,
yagi) focus signal in one general
direction, but not as tightly focused as
directional antennas

Yagi
Antennas (cont.)

Typical Omni High-Gain Omni

Side
Side

Top Top

 Omni antennas radiate signals in a wide path

 Good for broad client coverage
 Radiation pattern is often compared to a donut
 Greater antenna gain increases range but also makes the
beam more directional (less broad coverage)
 Often used in point-to-multipoint deployments where one
antenna supports multiple remotes (as well as many clients)
Antenna beamwidth

Horizontal Vertical
Antenna Beamwidth Beamwidth
Dish
5-25 degrees 5-20 degrees
(Directional)
Yagi 30-80 degrees 15-60 degrees

Patch 30-180 degrees 5-90 degrees

Omni 360 degrees 10-80 degrees

 Beamwidth is measured in horizontal and vertical directions

(in degrees)
 Large beamwidth means broader coverage area but not
necessarily greater range
 Approximate examples provided above
Multipath interference

Reflected

LOS

Reflected

 Signal arrives at receiver from both line of sight (LOS) path

and the indirect reflected path(s)
 These signals interfere with each other and weaken the
strength of the usable signal at the receiver
 Antenna diversity (two antennas) is commonly used to reduce
this problem
 Receiver selects incoming signal on the antenna which
has the best signal
Frequency and wavelength

 Higher frequencies have shorter wavelengths

 Shorter wavelength signals are more easily blocked by obstacles than
large wavelength signals
 Therefore, lower frequency signals (e.g. 2.4 GHz) can better penetrate
obstacles such as walls and trees
 Work better for broad client access
 Higher frequency signals (e.g. 5 GHz) have shorter range (at equal
signal power to lower frequency signals) because they suffer greater
attenuation
 Antennas should be at least ½ wavelength long, and for diversity,
should be at least ½ wavelength apart
 2.4 GHz wavelength is 12.5 cm
 Because their waves can be more easily blocked, 5 GHz signals
(compared with 2.4 GHz) tend to be best used for wireless links
where there is clear LOS, eg, point-to-point links
 5 GHz links can be useful for wireless backhaul – this band has
more spectrum capacity enabling high bandwidth links
Fresnel zone

Fresnel Zone

Visual LOS

 Clear LOS is different than visual LOS – clear LOS requires that an
area surrounding the visual LOS be mostly free from obstruction
 This area is called the Fresnel zone and is illustrated above
 Trees and other obstacles can block the Fresnel zone – such blockage
should be minimized, especially for 5 GHz (or greater frequency) links
 At least 60% of the Fresnel zone should be clear for good performance
 Minimum clear radius around the visual LOS should be
r ~ 43xSQRT(distance-of-link / 4*frequency)
Polarization

 The polarization of an antenna is the orientation of the electric field

radiated by the antenna
 Depending on the installed orientation, antennas will either be vertically
or horizontally polarized
 Wireless networks often use vertical polarization – the antennas
are vertical
 A wireless link’s transmitter and receiver must use the same antenna
polarization
 Consider light shining through two pieces of wood with thin slits
 Light shines through the first slit (transmitter), then the second
(receiver)
 If one slit is polarized vertically and the other horizontally, very
little light gets through
Near-field interference

 In the near-field region, the signal

behaves as independent fields
from each element of the antenna,
Near-field with their individual directivity
 Problems that can be caused by
blocking the near-field
 Degraded sector coverage
 Decreased front-to-back ratio
 Decreased transmit-to-receive
antenna isolation

Far-field  In the far-field region, the antenna

appears to be a point-source
 The contributions of individual
elements are indistinguishable
Radio basics terms

 What is a dBm?
 Power in dBm = 10*log(power in milliwatts)
 10 mW = 10 dBm, 1000 mW = 1 W = 30 dBm
 What is a dBi?
 Antenna gain compared to an isotropic (spherical) pattern
 Tropos mesh router omni (7.4 dBi)
 Police car antenna (3-5 dBi)
 Laptop internal antenna (0 dBi)
 Effective Isotropic Radiated Power (EIRP)
 EIRP = measure of antenna power and antenna field
shaping
 EIRP (dBm) = transmit power (dBm) + antenna gain (dBi)

 Maximum allowed EIRP varies by country

 USA/Canada/Taiwan/many others (36 dBm = 4 W)
 Japan and Korea (23 dBm = 200 mW)
 European Union (20 dBm = 100 mW)
What is a dB?

 dB is a Ratio
 Power
 3 dB increase = 2x the power
 3 dB decrease = ½ the power
 Free space path loss, assuming that all other parameters
remain constant
 Halving the path length = a 6 dB increase in received
signal level, or 4 times the power
 Doubling the path length = a 6 dB decrease in
received signal level, or one-quarter the power
Effective Isotropic Radiated Power (EIRP)
Power of transmitted signal emanating from antenna

Loss = dB (Coax Cables,

Connectors, Cables, Antenna
Tx Power
in dBm Combiners, Duplexers, Gain, in
Attenuation) dB
Cable loss

Cable Type 400 MHz 2.4 GHz 5.8 GHz

Loss (dB/100 ft.) Loss (dB/100 ft.) Loss (dB/100 ft.)
LMR400 2.6 6.8 10.8
LMR600 1.62 4.45 7.25
1/2" Heliax 2.25 5.7 10.5

 Cable loss can have significant attenuation effect

 Much more loss in a longer cable
 Loss also varies by cable type and frequency (see above)
 Consider cables when calculating link budget
 Link budget is the total signal loss budget between
transmitter and receiver
Wireless basics: measurement

Transmitter Receiver

 Wireless transmissions can be increased (amplified)

 Using large antennas
 And/or an amplified radio
 Transmissions are reduced (attenuated) by foliage,
buildings, interference, non-LOS (going around corners) Y X
 The degree of amplification or attenuation is non-linear 3dB 2x
and is measured in decibels (dB) 10dB 10 x
 Y (dB) = 10 Log10 X 20dB 100 x
 Y = number of decibels (dB value) -10dB 1/10
 X = number of times signal is amplified/attenuated -30dB 1/1000
Wireless basics: measurement
dBm = log10 (mW)*10
mW = 10^(dBM/10)
7 dBi

Tropos 7320
Standard AP
~1W
100 mW
29
20dBm
dBm
36 - 10 - 20 = 6 dBm
29 + 7 = 36 dBm
Transmitter Receiver

 Radio output power is measured in decibels (dBm) as an absolute value

above 1 mW
 A 100 mW access point generates 20 dBm
 A 1 Watt (1,000 mW) radio generates 30 dBm
 Total amplification or attenuation is calculated by adding dBm values
 A radio with a 29 dBm amplifier and 7 dBi antennas produces 36dBm EIRP
 This is the FCC point-to-multipoint limit
 Tropos routers are available pre-configured with lower power for
countries with lower regulatory limits
 In example above, 10dB loss due to buildings plus a 20dB loss through trees
means a total attenuation of 30dB
 Signal is reduced to 1/1,000 of its original power
Power limits
EIRP is limited in each regulatory domain

 FCC controls power levels in the USA

 Other countries have different regulations
 In the USA the Maximum EIRP for 2.4 GHz 802.11 point-to-
multipoint links is 36 dBm or 4 W
 30 dBm can come from the internal radio
 The rest must come from antenna gain
 If high gain antennas are used, the radio must be
attenuated in software or by using hardware attenuators.
Signal-to-noise ratio (SNR)

 Signal-to-noise ratio
 Common use of dB
 Compares ratio of signal to noise
 Calculated as the difference between signal and noise
power in dB
 Eg, for signal of -70 dBm and noise of -90 dBm, SNR =
20 dB

 Signal becomes much weaker as it travels farther away

from the transmitter, ie, signal is weaker at the receiver
 Received signal must overcome ambient noise levels
present around the receiver at similar frequencies
802.11 standards

Max. Typical
Wi-Fi Freq.
Description Channel
Standards Modulation
Bandwidth Throughput
The original Wi-Fi 2.4 GHz
802.11b 11 Mbps 1-5 Mbps3
standard CCK1
Higher-speed,
5 GHz
802.11a shorter range 54 Mbps 1-20 Mbps3
OFDM2
standard
High speed
extension to 2.4 GHz
802.11g 54 Mbps 1-20 Mbps3
802.11b. 802.11b OFDM2
client compatible
Highest speed, 2.4 & 5 GHz 50-144
802.11n 600 Mbps
ratified Sept 2009 OFDM2 Mbps3
1Complimentary Code Keying
2Orthogonal Frequency Division Multiplexing
3Typical throughput rates depend on deployment environment (indoor, outdoor, etc.) and
required range and coverage. Maximum throughput is constrained by significant overhead
present in the 802.11 protocol.
802.11b/g

Power 25 MHz

Channel 1 Channel 6 Channel 11

2.412 GHz 2.437 GHz 2.462 GHz

f
 11 channels spaced 5 MHz apart
 Located in the 2.4 GHz to 2.48 GHz band
 The main power lobe of each channel is ~ 20 MHz wide
 Channels 1, 6, and 11 are considered non-overlapping, ie, they don’t interfere
with each other
 In reality the secondary power lobes do overlap but this is not critical

 Spacing between the center frequencies of 1,6 and 11 are 25 MHz

 If wireless devices are co-located, non-overlapping channels should be used
 Other channels may be used in certain situations

 Efficient encoding allows 802.11g to deliver more throughput per channel

Co-location issue

 If too many clients are in a

specific location, adding more
access points on the same
channel causes interference
 To increase capacity at a specific
Channel 1 location, add wireless access
points on different (non-
Channel 6 Channel 11 overlapping) channels and
segment clients by channel
Shannon’s Theorem
Channel capacity (bits/sec) = bandwidth (Hz) x log2(1 + signal (mW)/noise (mW)

Transmitter Wireless Medium Receiver

 Channel capacity (throughput) depends only on

 Bandwidth of the medium
 Signal power at the receiver
 Noise power at the receiver
Data throughput

 Throughput (channel capacity) changes with

bandwidth
 Function of signal modulation and radio
frequency
24.0
802.11g Throughput (Mb/sec)

 Throughput is also a function of received power, in

20.0 proportion to received background noise
(signal/noise ratio)
16.0  Throughput varies with distance as an inverse
power function, 1/dn
12.0 S/N Ratio = 1
 1/d2 in a vacuum, 1/d2.5 - 4 in the real world
8.0
 Throughput drops steeply with distance until the
4.0 received signal is the same as the background
noise
0  This threshold is defined by the receive sensitivity
Distance to Receiver at the critical throughput, measured in dBm
 Typical Rx sensitivity of current 802.11g card
at 1 Mbps is -77dBm
 Rx sensitivity for a Tropos 7320
at 1Mbps is -97dbm
Components of a wireless network

 Component of a traditional wireless network

 Wireless access points
 Wireless bridges
 Wireless clients
 Wireless gateways
 DHCP
 Service gateways
 Next-generation wireless devices
 Intelligent wireless mesh routers
 Purpose-built outdoor wireless routers
Wireless access points

 Traditional wireless access points

(AP) provide indoor clients with
wireless access to the LAN
 Clients are grouped according to
their AP
AP
BSS  Each group is called a Basic
Service Set (BSS)
 A BSSID identifies the AP (also
known as a wireless network
connection in Windows PCs)
Client
 The AP typically connects the BSS
to a wired LAN through an Ethernet
port
 Newer generation specialized
products are now available for
outdoor environment
Extended service set

ESS

AP AP
BSS BSS

Client Client

 The Extended Service Set (ESS) interconnects multiple

BSS using a distribution system, often wired Ethernet
 Clients connected to one AP can communicate to clients
connected to other APs via the distribution system
 BSS coverage overlap allows clients to roam from AP to AP
 The same SSID, called an ESSID, is used for all APs
Independent basic service set

 802.11 specifies an option called

IBSS
 Also known as ad-hoc wireless
network
 Wireless LAN with no AP
 Wireless clients communicate to
each other as peer-to-peer
devices
 Useful for local user file sharing
but does not provide remote
connectivity
Wireless bridges

 In bridge mode, APs can be used to provide a wireless link

between wired LANs. This is known as an ad hoc network.
 Using this mode, the APs associate only with each other and
do not typically allow associations from wireless clients
 When combined with directional antennas, can be useful for
connecting LANs that are far apart
 In this method one AP is configured as root and the other is
not
 Tropos does not support ad hoc configurations
Repeater mode

 Repeater mode allows use of an intermediary access point

to extend range between the root AP and wireless clients
 The intermediary AP is acting as a wireless repeater
Power over Ethernet

 Power over Ethernet (PoE) avoids need to install electrical

outlets for indoor access points
 AP gets power from wired Ethernet connection via power
injector or switch with inline power
 In some cases, e.g., outdoor access points, PoE may be
used to provide power to peripheral devices, e.g., wireless
backhaul links
Wireless gateways

 In recent years, wireless residential gateways have become

popular
 Offer wired connectivity on the service provider side, e.g.,
cable or DSL
 Wireless connectivity on the client side, creating a small
wireless network inside the home
 Wireless gateways may also provide such functions as
Network Address Translation, Port Address Translation, DHCP,
firewall, VPN, etc.
 These devices are not to be confused with wireless bridges
which are used to connect one network, e.g., an indoor wired
LAN, to another network far away, e.g., an outdoor wireless
network
 Wireless bridges have higher Tx power and higher quality
antennas, whereas residential wireless gateways are
optimized for in-home use only
Wireless client devices

 Wireless client devices with built in 802.11 (typically b/g)

chips in smart phones, laptops, PCMCIA or USB adaptor
cards for laptops, PCI adaptor cards for desktops and
external bridges, amongst others
 802.11b/g is now nearly ubiquitous in laptops
 PCMCIA cards and external bridges can offer
performance advantages in Tx power, antennas, Rx
sensitivity, range and configurability
 Vendor-supplied software allows configuration of wireless
parameters
Wireless settings on client

 Most client devices will have a built in way of configuring

Wireless settings
 Using this service, you can scan for and select nearby
SSIDs to connect with, configure settings such as DHCP
and authentication keys, and manually add your own
private wireless networks
 Many laptop and wireless device vendors include their own
wireless client software
Client roaming

 The client normally decides when to roam to another AP

 When there are multiple AP choices, wireless software in the
client decides which AP to associate with based on metrics
such as Rx signal, SNR, bit error rate and others (collectively
referred to as Received Signal Strength Indicator – RSSI)
 Client software from different vendors does not use a
consistent set of metrics, eg, Dell client software might choose
a different AP than IBM client software
 Two types of client roaming problems which may sometimes
occur (both of which degrade performance)
 Once associated, the client stays connected to the same
AP even as the performance of the wireless link degrades
 Client software is too sensitive and frequently toggles
back and forth between two or more nearby APs
Service gateways

 Service gateways can centralize many of the functions

required for large scale wireless networks
 Subscriber authentication
 Address management
 Security policy
 Internet portal
 Billing, etc.
DHCP

 DHCP is important to the functioning of most wireless

networks
 A DHCP server automatically assigns IP addresses to clients
when they join the network
 Sometimes DHCP is built into the wireless node, other times it
is handled by an external DHCP server located on the wired
side of the network
 In some cases APs may also receive their addresses via
DHCP
 Using DHCP is much simpler than manually assigning static IP
addresses to devices
 When selecting a vendor for an external DHCP server to use
with a Tropos mesh network, ensure that the server
 Correctly interprets the GIADDR field
 Supports unicast (not broadcast) of DHCPOFFER
Next-generation wireless devices Wired backhaul
Optimal routing paths
Backup links

 Mesh networks – wireless interconnection of many access

points over large geographic areas, eg, a utility’s service
territory
 Intelligent routing – enables fault tolerant, load balanced, best
path routing over large scale mesh networks
 Outdoor wireless – wireless devices optimized for outdoor
environment; greater range, intelligent routing, mesh
Wireless frame types

 Management frames
 Probe frames
 Beacon frames
 Authentication frame
 Association frames
 Reassociation
 Others
 Control frames
 RTS/CTS
 ACK
 Power save poll
 Data frames
Joining a wireless network

Passive Scanning Active Scanning

Probe
Beacon
Probe Response

 When 802.11 client starts up, it scans for nearby BSS to join
 Scanning involves either beacons or probes
 The most commonly used method is passive scanning
 Clients listen to each channel for a set period of time for beacons sent from
APs
 Beacons provide time synchronization, SSID broadcast, AP identifier,
supported rates, power-save info
 If client hears the SSID of network it recognizes, it will join the BSS using the
AP received in the beacon
 If the client receives beacons from more than one AP on the same SSID, it
picks the AP with the best RSSI value
 In active scanning client stations send a probe request looking for a network to join
– if an AP receives a probe for its SSID it will answer with a probe response
Joining a wireless network (cont.)

Authentication Request
ACK

Association Response
ACK

 Once an available AP is found, two steps always occur before a

client can join
 Authentication: the AP verifies that the client has permission to
talk to it (e.g. Open, WEP, WPA, 802.1X)
 More on these later
 Association: after a client is authenticated it can then associate
with the AP, after which the client will be a member of the BSS
 Reassociation: the client changes its association from one AP to
another, the criteria and method for doing so differs from vendor to
vendor
Media access – contention management

 802.11 is a shared medium – two clients cannot transmit at once

 CSMA/CA – Carrier Sense Multiple Access Collision Avoidance (otherwise known as
Distributed Coordination Function – DCF) coordinates which client can transmit at a
particular moment
 CSMA/CA decisions are distributed between all wireless devices in an area (not
centralized)
 Carrier sense: client listens to see if anyone else is transmitting
 If NO (idle) – then client transmits
 If YES go into defer mode – client waits until idle + IFS + contention window
 Interframe Spacing (IFS): network must be idle for long enough to ensure that no two
frames are close enough together to be mistaken for one big frame
 Contention window: after IFS, a contention window period begins during which all clients
with a frame to send choose a random backoff time
 When a client’s backoff timer reaches zero it may transmit its frame (assuming
another client’s backoff timer did not expire first – in which case it goes back into
defer mode)
 Collision handling: even with these precautions collisions will sometime still occur
 When this happens there will be errors in frames
 Receiving client will not ACK to the sending client if the frame have a error
 Because it has not received an ACK, sending client retransmits the frame
Hidden node issue

 Client can hear the AP but not other client – can cause excess collisions
 Causes – obstacles, opposite sides of AP, multipath
 Possible fixes
 RTS/CTS

 Increase Tx power of client nodes (if option available)

 Remove obstacles

 Move the node(s)

 Not all hidden node issues can be fixed

 Some are necessarily a part of most wireless networks
RTS/CTS

RTS

CTS

Data

ACK

 Optionally, in high collision environments, RTS/CTS can be used to

supplement CSMA/CA contention control
 The client must send a Request to Send (RTS) to the AP and receive a
Clear to Send (CTS) from the AP before transmitting data
 RTS/CTS causes significant overhead
 By default RTS/CTS is turned off on clients but can be turned on
 There is often a threshold – only large frames use RTS/CTS
 Tropos routers respond RTS/CTS if the client uses them
 This approach is not normally recommended
Power management

 There are two power modes, active (802.11 always on) and PSP
 Client uses the power save bit in the MAC header to inform the
AP which mode the client is using
 The AP monitors whether a client is in active or PSP mode
 In active mode, the AP sends frames destined to the client right away
 Provides the best performance for AC powered clients
 Power Save Polling (PSP) can increase battery life of clients such as
laptops by using less power for 802.11 when wireless is not in use
 Client can be awake or dozing
 APs that received frames for clients using PSP do not forward the
frame immediately
 The AP buffers the frame, then using the Beacon sends a Traffic
Indication Message (TIM) to wake up the client
 The client transitions from dozing to awake and is ready to
receive the buffered frames from the AP
Automatic rate selection

 The client is normally responsible for negotiating the speed with which
it connects with the AP – called automatic rate selection
 Speed decreases as the distance between the client and AP increases
 Received signal gets weaker as distance from transmitter
increases
 If the signal is too weak to maintain a given data rate, automatic
rate selection decreases the rate
 Speed also decreases as interference increases
 Higher data rates require higher SNR to function
 Lower SNR results in slower connection speeds
 If client is negotiating with an 802.11b AP, available data rates are 1, 2,
5.5 and 11 Mbps
 If client is negotiating with an 802.11g AP, available data rates are 6, 9,
12, 18, 24, 36, 48 and 54 Mbps rates to chose from
 Many APs support both b/g – supporting both b and g clients at the
same time decreases the maximum available throughput
Near/far issue

 High power clients are located near the AP

 They drown out received signals from lower powered
clients located farther away
 Potential fixes
 Increase Tx power of far client
 Decrease Tx power of near client
 Move access point to a central location
 Add another access point closer to the far client
Fragmentation

 Maximum 802.11 frame size is 2034 bytes

 Usually limited to 1500 bytes by TCP/IP MTU size

 Good because the maximum frame size of wired Ethernet is

1500 bytes and wireless devices almost always talk to wired
Ethernet devices
 802.11 provides a mechanism to fragment frames
 The downside of fragmentation is that it adds overhead and
reduces protocol efficiency
 The upside is that fragmentation can reduce frame error rate
and time required for retransmission on error prone links
 Many vendors allow configuration of a fragmentation threshold (only
fragment frames larger than the threshold)
 Default setting should normally be used – consult vendor
documentation for advise on when to decrease the threshold
 Broadcast and multicast frames are not fragmented
Subscriber authentication

 There are three general methods to authenticate a client with an AP

 Open – no password required

 Shared key – same key is programmed on the client and AP

 WEP – 64-bit or 128-bit key (same for all clients)
 WPA – TKIP 128-bit key (common key + client MAC = unique key)
 Public/private key pair – certificate based authentication
 EAP-TLS – dynamically generated per-user, per session keys
 In addition, 802.1x specifies use of a centralized RADIUS database
to authenticate users – in this case there are three relevant devices
 Supplicant – client requesting access to the network

 Authenticator – the AP passes requests to the authentication

server
 Authentication server – the RADIUS server authenticates the
user
 This is not an exhaustive list of authentication methods
Encryption

 Combined with authentication methods, encryption is also

included for each access security method
 WEP – uses the RC4 stream cipher
 WEP key is used as a seed for the cipher algorithm
 Fast and efficient but not strong encryption
 WPA – pre-shared key (uses TKIP)
 PSK is not used to encrypt frames
 Each station has another unique encryption key
 Makes use of RC4 cipher
 WPA – AES
 Much stronger cipher than RC4
 Requires more processing power – some older hardware
cannot support
Additional security mechanisms

 802.11i (WPA2)
 Includes features that address security weakness in
802.11
 802.1x, EAP, RADIUS, AES 128-bit
 Not all wireless equipment supports WPA2
 Filtering
 Some APs support filtering of clients by MAC address
 Only specified hardware devices are allowed on the
network
 VPNs
 Layer 3 security (e.g. IPSEC, L2TP, SSL) is
sometimes built into wireless gateways or layered on
top of the Layer 2 wireless infrastructure
802.11 standards on the horizon

 These 802.11 features are at various stages of development (not yet fully
standardized or adopted)
 802.11e : will define a set of Quality of Service extensions to the
802.11 MAC layer designed to enable consistent delivery of delay
sensitive applications such as voice & video over WiFi networks
 WMM is a certification based on a subset of proposed features in 802.11e

 802.11F : defined a method for stations to request re-association to a

second access point as they roam (Inter-Access Point Protocol).
Vendors generally implemented their own mechanisms for fast hand-
off. 802.11F has now been discontinued as a standard
 802.11r draft is meant to standardize methods for fast-handoff

 802.11i (WPA2): addresses security limitations of WEP. Uses 802.1X

(Radius) based authentication and 128-bit AES encryption
 WPA2 compliant devices are starting to come out which comply with this
standard

 802.11s : will define standards for automatically forming mesh

networks with 802.11 access points. Currently most 802.11 networks
are not mesh networks; each AP connects to its own wired LAN, or to
other APs in a point-to-point link