Frequency

Frequency is measured in Hertz (Hz), what used to be called cycles-per-second (cps). To simplify things, visualize a radio wave as a burst of a cloud of photons emanating from an antenna and moving outward at roughly the speed of light (the exact direction depends on the design of the antenna). Photons are carriers of electromagnetic energy, so you may also think of photons as simply energy if you prefer. Each burst of photons is a single wave. The number of waves that are emitted per second is called the frequency. The number of photons emitted in each burst is the amplitude.

Amplitude

The amplitude of a signal measures the power of a radio wave at a given point in space. The strength of a radio signal is proportional to the photon density. As the waves move farther from the transmitter, the amplitude decreases. A receiver standing right next to the transmitter will get hit with a lot more photons—and hence a lot more energy—than a receiver 10 miles away. The farther away you are, the fewer photons you can receive, and the weaker the signal will be. Signal strength decreases with distance.

You can visualize a radio wave as a flashing beacon light sitting atop a high tower. If the beacon flashes once every second, its frequency is 1 Hz. The brightness of the beacon is the amplitude. You could say that the beacon is a radio station transmitting at a certain frequency. If this sounds simple, it's because it really is. The complexity of radio waves comes into play when you use them to transmit data. More on that in a moment, but first, let's get a clearer handle on the significance of frequency.

Imagine you're viewing the beacon through dense fog at night. The brightness is such that you can barely make out the flashes, and you can't see the bulb or tower at all. Suddenly, the flashes start coming at a different frequency: twice every second. What happened? Here are a few possibilities:

• The beacon increased its frequency to 2 Hz.
• A pirate beacon appeared next to the first one and began operating at 1 Hz.
• A pirate beacon appeared next to the first one and began operating at 2 Hz.

Or it could be a combination of these, such as both beacons flashing at 2 Hz in perfect sync. The same dilemma occurs with radio frequencies, and it's why in many cases laws forbid different radio stations from operating on the same or similar frequencies unless they're separated by a sufficient distance.

If it were the case that a pirate were operating a second beacon at the same 1 Hz frequency, we'd have a case of interference, and it would be impossible to distinguish the pirate beacon from the legitimate one. On the other hand, if you could reasonably assume that no pirate beacon was operating on the same frequency, then we'd know that our beacon simply increased its frequency to 2 Hz.

Frequency Modulation (FM)

To encode data using FM, you could lower the frequency by 1 Hz to encode a 0, while increasing it by 1 Hz to encode a 1. Hence, a frequency of 3 Hz indicates a 1, and a frequency of 1 Hz indicates a 0.

Using this scheme, imagine that a receiver sees three flashes in a second (3 Hz), followed by a single flash a second later (1 Hz), and then two flashes every second thereafter (2 Hz). Because the receiver knows the carrier is 2 Hz, it simply compares the frequencies of the received signals to the carrier frequency and decodes the information accordingly. The received bits are 1 and 0, followed by no more data.

Notice that the throughput potential of this approach is quite limited. We can't transmit more than one bit per second. When used with digital data, frequency modulation is called frequency-shift keying (FSK).

Amplitude Modulation (AM)

To encode data using AM, you can make use of different amplitudes. The amplitude is analogous to the beacon's brightness level. Suppose the beacon has three different brightness levels: low, medium, and high. We'll use a low brightness to encode a 0 and a high brightness to encode a 1. A flash of medium brightness indicates no data.

Suppose a receiver sees the beacon very bright for 1 second, dim the next second, and then bright the third second. The carrier frequency is 2 Hz, and the frequency of the beacon flashes doesn't change, so the receiver must interpret the amplitude at each cycle. Hence, the data received is 110011.

Something profound about amplitude modulation is that the achievable throughput is proportional to the carrier frequency. For instance, by raising the frequency to 100 MHz, it's possible to encode 100,000,000 bits per second (100 Mbps)!

It's also possible to combine modulation methods. Quadrature amplitude modulation (QAM) uses AM and PSK to achieve unbelievably high throughput. In fact, in Wi-Fi networks QAM is exclusively used to achieve speeds of 24 Mbps and up.

To see a beacon light through dense fog, it may be necessary to increase the amplitude or brightness. In the same way, in order for a radio signal to get where it needs to go, the transmitter must send it out with sufficient power to overcome distance, obstacles, and even radio interference. I briefly mentioned amplitude as a measurement of power. At a transmitter, amplitude is proportional to the number of photons (i.e., the amount of energy) emitted in a given cycle. But when it comes to radio, what really matters is the power of the signal at the receiver.

Decibel (dB)

The decibel compares two different power levels and yields an absolute number that indicates the ratio between them. Decibels are useful for representing ratios that range from extremely large to very small, such as you might have when comparing power levels that vary by orders of magnitude. In radio, dB is often used to represent signal gain or loss. Let's use the earlier example with the tiny mW levels, plugging them into the following decibel formula:

A2 = 0.0001 mW

A1 = 0.00001 mW

dB = 10*log (A2/A1)

You want to compare the new and improved signal value (A2) against the original or reference value (A1). Plugging the values into the formula yields a value of 10 dB. Hence, you can say that moving the station resulted in an increase of 10 dB. See how this corresponds with the fact that A2 is 10 times the value of A1. This exemplifies one of the well-known decibel laws called the law of 10s, which states that every 10 dB indicates a tenfold difference between the numbers being compared. Suppose now you move the receiver closer to the AP and get a received mW power of 0.1 mW. This would yield a result of 40 dB, indicating that the new signal is 10,000 times as much as the reference signal!

The law of 3s states that every 3 dB difference indicates a twofold difference in the numbers being compared. This time we'll use a different example. Suppose a station has a received signal strength of 2 mW from an AP. The station moves closer and now has a received signal strength of 4 mW—a twofold increase. There isn't even a need to perform the dB calculation. Using the law of 3s, you can determine that the received signal strength increased by about 3 dB.

It's worth noting that dB values will be negative when the reference value is less than the given value. Using the last example, if the station with a 4 mW received signal strength moves away from the AP and winds up with a received signal strength of 0.8 mW, the difference is about –7 dB.

The closer the dB value gets to 0, the less of a difference there is between the compared signals. In cases of very tiny differences, it's possible to have fractional dB. And 0 dB indicates that the signals are the same, a fact aptly named the law of zeros.

Decibel-Milliwatt (DBm)

In most Wi-Fi networks you're not going to run into power levels much above a few watts, and even then only in environments like warehouses or large outdoor venues where an AP needs to crank out a lot of power to overcome dense obstacles or cover long distances. For the most part, you'll be dealing with milliwatts. The dBm measures power relative to a single milliwatt and simplifies dB calculations by assuming a 1 mW reference power. To see how to use dBm, consider a scenario where you want to find the signal loss between a 300 mW transmitter and a receiver. You'd start by calculating the dBm at the transmitter:

dBm = 10*log(300mW/1mW)

The power of the signal being transmitted is about 25 dBm. Now suppose that the signal strength at the receiver is 0.0000001 mW. Measured in dBm, the received signal level would be –70 dBm. With a little simple math, you can determine the net signal loss by subtracting the received signal level from the transmitted level:

25 dBm – –70 dBm = 95 dBm

The total signal loss is 95 dBm.

Antenna Types

Thus far we've focused on power from two perspectives: the power of a signal generated by a transmitter, and the power of a signal received by a receiver. But this is an oversimplification. There's another factor you now need to consider: antennas.

Antennas are the unsung heroes of radio. They're what radiate energy out into space and make radio transmission possible. You're not likely going to be designing your own antennas, so you don't need to understand the theory behind how they work, but you do need to know the different types of antennas used in Wi-Fi networks.

The isotropic antenna is a theoretical antenna that radiates energy in all directions equally. Even though it doesn't exist, it's used as a reference example of a perfect antenna against which we can measure our real antennas. Because it radiates equally in all directions, changing its orientation in space relative to the receiver won't provide any signal gain. Hence, we say that is has zero gain. Gain is a measurement of how much an antenna's radiation pattern favors a particular direction. With an isotropic antenna, a receiver can hover over the antenna, stand next to it, or sit below it, and as long as the distance from the antenna remains the same, the receiver will receive the same amount of power from the antenna. You measure antenna gain in terms of dB-isotropic (dBi), indicating the comparison to the perfect isotropic antenna. The higher the dBi, the more directional the radiation pattern. Gain can vary widely among antennas, even of the same type.

Omnidirectional antennas are what you think of when you hear the word “antenna.” Long, flimsy omnidirectional antennas are typically called whip antennas. Antennas like the ones you find on Wi-Fi radios are shorter, just a few inches in length, and are straight and rigid. Omnidirectional antennas radiate outward in a donut-like pattern. Just imagine placing a donut over the shaft of an antenna, and you have a good visual of the radiation pattern. The gain of omnidirectional antennas varies greatly. Antennas integrated into Wi-Fi radios typically have a gain of about 2 dBi, whereas external antennas may go up to 15 dBi.

Directional antennas concentrate the radiation pattern in a certain direction. The Yagi antenna, for example, is a type of directional antenna that forms an approximately 90-degree beam. This works nicely if you want to cover just one spot, such as an outdoor field. The parabolic dish antenna creates a tighter beam of about 10 degrees. Yagis have a typical gain of 10 to 15 dBi. Parabolic dishes are usually used on dedicated point-to-point wireless links such as those between two buildings or between a building and a tower. Parabolic antennas can have a gain of up to 30 dBi or higher.

Effective Isotropic Radiated Power (EIRP)

Although you typically don't see it, there's usually a cable connecting the transmitter and antenna. In the case of an external antenna, the cable can be quite long. The longer the cable, the more signal loss will occur, and such loss is measured in dB. The EIRP is the power measured in dBm radiated from an antenna after taking into account the transmitter power, cable loss, and antenna gain. For regulatory purposes, EIRP is the gold standard for measuring power output. In the United States, the maximum allowed EIRP for the 2.4 GHz band is 36 dBm, or 4 watts.

Suppose you have a transmitter generating a 12 dBm output. Its antenna cable has a cable loss of 3 dB, and its antenna has a gain of 5 dBi. For our scenario, the EIRP is calculated as follows:

EIRP = 12 dBm - 3 dB + 5 dBi

The EIRP would be 14 dBm.

Free Space Path Loss and Wavelength

As we've established, as a radio wave travels, it experiences a decrease in amplitude proportional to the square of the distance. I briefly mentioned that one reason for this is that the energy density of the wave spreads out thinner and thinner as it radiates outward, much like a puff of smoke becoming thinner as it dissipates. The distance affects what the amplitude of the signal is when it reaches a receiver's antenna.

The decrease with distance happens regardless of frequency. But as you move up into higher frequencies, the rate of amplitude decrease actually grows. This might seem surprising, since there's no intuitive reason a signal would weaken faster just because it's at a higher frequency. In fact, the reason for this latter phenomenon has to do with antenna lengths which are influenced by frequency!

To understand the significance of antenna lengths, you need to understand wavelengths. The wavelength (λ) of a signal is related to its frequency. Recall that frequency measures cycles per second. The formula for wavelength is given as

Wavelength = speed of light / frequency

You may see it written as λ = c/f, where λ is wavelength, c is the speed of light (m/s), and f is frequency (Hz). Wavelength is simply the distance a single radio wave travels during one cycle. For example, if an FM radio station is transmitting at 88.3 MHz, its transmitter is sending out a burst of energy 88,300,000 times every second! To calculate the wavelength, we'd do the following:

λ = (299,792,458 m/s) / 88,300,000 Hz

The wavelength is about 3.4 meters. That means when the transmitter sends a burst of energy, that energy will travel only about 3.4 meters before the next burst comes. Without getting into the physics, if an antenna is too long or too short relative to the wavelength, it won't radiate the signal as well. To maximize radiation, the length of the antenna should be the same as the wavelength. This isn't always practical, so half-wavelength or quarter-length wavelength antennas are often used.

The higher you get up into the frequencies, the shorter the antennas have to be. The wavelength for the 2.4 GHz frequency is about 5 inches. If you've got a 2.4 GHz AP nearby, measure the length of its antenna, and you'll find it to be pretty close to that. The 5 GHz frequency has a wavelength of about 2.36 inches, allowing for some rather short antennas! Higher frequencies mean shorter antennas.

Free space path loss measures the total signal loss as a function of increasing distance and frequency. The formula for calculating it is complex and you don't need to know it, but an example is instructive. Consider an AP and client 100 feet apart, transmitting at 2.4 GHz. The free space path loss between them is about 67 dB.

Now suppose you replace these devices with their 5 GHz counterparts. The free space path loss increases to 74 dB! The reason for the difference is that the increased frequency means decreased wavelength, which necessitates smaller antennas at the sender and receiver. Thankfully, you can easily overcome such losses by increasing the amplitude of the transmitting signal or using a higher gain antenna.

Received Signal Strength

The power of a particular signal received by a station, after making deductions for cable loss and antenna gain, is given by the received signal strength indicator (RSSI), which is measured in dBm. The RSSI ranges from –100 dBm to 0 dBm. A receiver can detect a signal down to its sensitivity level, which varies according to the way the radio is designed. Generally it's going to be closer to the –100 dBm end of the range.

All radio frequencies interfere with one another constantly. Ever present in any environment is a collection of random intertwined signals called noise. Noise consists of radio frequency (RF) energy from other stations, electrical wires, lightning, and even the sun. The sum of all these signals is called the noise floor. In order for a receiver to make out a signal, the RSSI must be greater than the noise floor. Both the signal amplitude and the noise floor can shift. For instance, if the noise floor is –80 dBm and the RSSI of a signal is –50 dBm, then the receiver can make out the signal just fine. A moment later, however, the signal may drop to –75 dBm, and the noise floor may increase to –70 dBm. Now the receiver can no longer pick out the signal among all the noise, even though it has actually received it.

Signal-to-Noise Ratio (SNR)

The difference between the RSSI and the noise floor is called the signal-to-noise ratio (SNR). Supposing the noise floor is –85 dBm and the RSSI is –50 dBm, the SNR would be

-50dBm - -85 dBm = 35 dBm

In order for the signal to be intelligible, the SNR must be greater than 0. A higher SNR is better. Another way of looking at it is that the greater the SNR, the more variation in signal loss and noise floor increase the receiver can tolerate and still be able to use the signal.

To hearken back to the beacon analogy one last time, imagine that you're looking at a flashing beacon in the dark of night. The SNR is extremely high since no other light is competing with the light from the beacon. Later, the sun rises just behind the beacon, overpowering its flashing strobe. The SNR in that situation is exceptionally low, possibly even zero, because the beacon is competing with the noise of too much ambient light.

Channels

A channel is a range of consecutive frequencies. The frequency range of each channel is its channel bandwidth (or just channel width). Bandwidth directly affects attainable data throughput because 802.11 simultaneously transmits on multiple frequencies at once. This approach is called spread spectrum because it multiplexes a single data stream over multiple frequencies. The more bandwidth is allocated to a channel, the more parallel data streams you can send. (Incidentally, this is precisely why the terms bandwidth and throughput are often used interchangeably.)

Different layer 1 802.11 standards allocate channels from different RF bands. The 802.11b/g/n standards all operate in the 2.4 GHz frequency band, whereas 802.11ac uses the 5 GHz band. These bands differ not only in their frequencies, but also in the way they allocate channel bandwidth.

The 2.4 GHz Band

The 2.4 GHz band is divided into 14 channels, each with a 20 MHz bandwidth, as listed in Table 4.1. If you look at the frequency ranges, you'll see that each channel has 22 MHz allocated but that only 20 MHz is actually used for each channel.

Notice that the frequencies of the channels overlap considerably. Each frequency represents a separate collision domain, so only one station at a time can talk on a given frequency. For example, channel 1 shares frequencies with channels 2, 3, 4, and 5. This means that adjacent channels can easily bleed into one another, defeating the whole purpose of channels to begin with. So why design it this way? The reasons were purely practical. When wireless networks were being dreamed up, there were other devices in the 2.4 GHz spectrum, and they didn't require more than 5 MHz of bandwidth. There's an old saying (usually falsely attributed to Bill Gates) that goes something like “640 KB of memory ought to be enough for anyone.” Well, the folks who came up with the 2.4 GHz band plan figured 5 MHz of bandwidth ought to be good enough for anyone. It was a reasonable assumption at the time.

Even in its early days, there wasn't a lot of room to work with. Today, not much has changed. Radio frequencies near the 2.4 GHz spectrum are used for mobile phones and industrial and scientific equipment. The 2.4 GHz band is crowded, and that's not going to change any time soon. The good news is that you can carefully select channels that don't have overlap. For example, if you're setting up three WLAN APs in an office, you can assign channels 1, 6, and 11 to avoid overlap. Of course, this works only if there aren't already any other wireless networks in the vicinity using nearby channels. The 2.4 GHz band is generally not a great place to be unless you're in a rural area.

The 5 GHz Band

IEEE 802.11n/ac makes use of the less crowded 5 GHz band. The exact frequencies of the 5 GHz band vary by country but range from 4910 to 5875 MHz. Unlike the straightforward numbering of the 2.4 GHz channels, the 5 GHz band is pretty convoluted. IEEE 802.11ac supports bandwidths of 20 MHz, 40 MHz, 80 MHz, and 160 MHz. But there are some strict limits for channel/bandwidth combinations, as shown in Table 4.2.

For bandwidths above 20 MHz, each channel consumes channels above and below it. For example, if you use channel 46 with a 40 MHz bandwidth, you'll be borrowing bandwidth from channels 44 and 48. To avoid using overlapping frequencies, your best bet is to use the same bandwidth for all your APs. That means if you want to make use of an 80 MHz bandwidth per channel, you have only six channels to choose from. Hence, if you need 25 APs at a site, you should stick with a 20 MHz bandwidth so as not to have any two APs competing on the same frequencies.

Dealing with Signal Degradation

If the signal degrades due to distance or interference, it's naturally going to introduce errors that will affect throughput and reliability. When an AP and client have a good connection, they'll use QAM to achieve high throughput. As the client moves away and the signal degrades, QAM doesn't work as well, and some packets may get dropped and have to be retransmitted, resulting in lower throughput. To compensate for this, they'll switch over to QPSK, which offers lower throughput but greater reliability.

Comparing 802.11 Physical Standards

You don't need to know the details of every 802.11 standard ever made, but you do need to understand the capabilities of the more modern standards. It goes without saying that an AP and client must use the same standard in order to interoperate. For example, a client that supports only 802.11g can't connect to an AP that supports only 802.11ac. Table 4.3 highlights key capabilities of each standard.

Media Access

In a WLAN, accessing the medium really just means transmitting a radio signal. The distributed coordination function (DCF) is similar to Ethernet's CSMA/CD, except instead of sensing collisions, DCF attempts to avoid them. Thus, it takes what's called a CSMA/collision avoidance (CA) approach. DCF requires a station to wait for radio silence before transmitting. If the airwaves are busy, the station waits a random amount of time before trying again. There are other MAC methods, but DCF is the one that all 802.11 networks must support.

Authentication

Authentication mechanisms control which stations may establish an association with an AP, whereas encryption prevents data from being sniffed or modified in transit. Technically authentication and encryption are separate processes, but authentication and encryption often are used together. We'll cover encryption in a moment. The 802.11 family of standards offers the following authentication mechanisms:

Open System or Open Authentication  This is practically the same as no authentication, and any station that requests it will be authenticated. Open systems don't provide any in-transit encryption. Public Wi-Fi hotspots almost always use this.

WebAuth  WebAuth is a variant of open authentication that redirects users to a captive portal to complete some action before they're allowed to access network resources. See if this scenario sounds familiar: You go to a public hotspot and connect. You open your web browser and get redirected to a captive portal page that requires some action. It may prompt you to agree to some terms or it may ask you for a password or other credentials. After you enter the requested information and are authenticated, the system lets you browse the Internet. Since it's really just an open system, WebAuth doesn't include in-transit encryption.

Shared Key or Preshared Key  A station must provide a password to associate with the AP. Shared-key authentication is almost exclusively used in conjunction with WPA personal mode encryption, which we'll cover in a moment.

802.1X  This requires the connecting station (called the supplicant) to authenticate to an authentication server before it can join the WLAN. The authentication server can be the same one you use for other IT resources, such as a Kerberos or RADIUS server. IEEE 802.1X uses the Extensible Authentication Protocol (EAP) to integrate with a variety of authentication providers.

Association

The association process is how a station and AP negotiate the rules for communicating with one another. Association establishes layer 2 connectivity with the WLAN, and it can occur only after authentication is successful. When a station wants to associate with an access point, it sends an association request with the service set identifier (SSID) of the WLAN it wants to connect to as well as its supported data rates. The AP sends an association response with its own supported data rates. The station and AP can use the association frames to negotiate other options such as those related to flow control and encryption. Other options include performance and compatibility enhancements for the older 802.11 physical standards.

Encryption

In theory, radio signals can be picked up by anyone, so encrypting data sent over the air is the most significant thing you can do to secure a WLAN. Many open systems rely on encryption as a substitute for authentication. IEEE 802.11 offers three encryption mechanisms:

Wired Equivalent Privacy (WEP)  Part of the original 802.11 specification, WEP was intended to mimic the privacy characteristics of a wired LAN. WEP uses the insecure RC4 cipher to encrypt data, but because it was incorrectly implemented, it's vulnerable to reverse-engineering the encryption key. It's been easily crackable for well over a decade. Never use it!

Wi-Fi Protected Access (WPA) with Temporal Key Integrity Protocol (TKIP)  WPA-TKIP, also known as WPA1, was the answer to WEP's weaknesses. It also uses RC4 but implements it in a slightly more secure way than WEP. However, because it uses RC4, it's still vulnerable to exploits, so I recommend you don't use it. One reason WPA uses the computationally light RC4 cipher is so that older devices that support only WEP can be given WPA capability with a simple firmware upgrade.

WPA2 with CCMP  WPA2 uses the AES cipher implemented using an encryption mechanism called CCMP (an acronym that has four different meanings depending on who you ask). The AES cipher is much more secure than RC4, and the CCMP implementation of cryptography is superior to TKIP. WPA2 much more computationally intensive than WEP and WPA1, but modern hardware is more than capable of handling it.

WPA3 with CCMP  This is the latest iteration of WPA, and like WPA2, it uses AES and CCMP. But it adds some additional security for personal (preshared key) implementations. It also implements forward secrecy, which prevents an attacker from decrypting captured traffic even if they know the shared key.

Encryption isn't the same as authentication, but it does provide a way to control access to the WLAN. For example, if you enable WPA2 with a preshared key, users must type the key into their device to be able to connect. WPA used with a preshared key is called WPA personal mode. But this isn't the only option. Encryption can be used in conjunction with 802.1X authentication. When 802.1X and EAP are used in conjunction with WPA, it's called WPA enterprise mode. Once the user authenticates using whatever method you've allowed (user credentials, smartcard, certificate, one-time-password, etc.), their client and the AP will automatically negotiate WPA2 encryption without any further action on the user's part. This makes for a robust and seamless solution that provides authentication and encryption.

Error Control and Flow Control

The contention-based nature of wireless requires some coordination among transmitting stations. Unlike in a full-duplex Ethernet, Wi-Fi stations just blindly transmitting whenever they have data to send would result in radio interference and data errors. However, since there are few physical restrictions to the airwaves, radio interference is unavoidable. IEEE 802.11 provides flow control mechanisms to coordinate transmission and avoid errors, as well as error control features to detect and recover from data errors caused by interference.

Acknowledgments

In a way similar to TCP, 802.11 uses acknowledgments to indicate when a unicast frame is received. The sender marks each frame with a sequence number, and the receiving station responds with an ACK. If the sender doesn't receive an ACK to a frame, it will retransmit it. Retransmissions are usually the result of interference, obstacles, or insufficient signal strength. With the exception of a software bug or hardware error, retransmissions occur in only two cases:

• The intended recipient never receives the frame, resulting in the sender retransmitting it.
• The recipient receives the frame and sends an ACK, but the ACK doesn't make it back to the sender intact.

As you might expect, waiting for an ACK to a frame before transmitting the next frame slows things down quite a bit. To improve throughput, 802.11 offers the option of using block acknowledgments. Rather than waiting for an ACK to each frame, the sender sends a block of frames, and then waits for a single acknowledgment frame that indicates all the frames were received. You can think of this process as a two-way handshake. Unlike TCP's three-way handshake, there's no acknowledgment of the ACK itself.

Frame Check Sequence (FCS)

Radio interference has the propensity to corrupt data in transit, so all frames include a 32-bit checksum to aid in detecting corrupted frames. If a frame doesn't pass the FCS, it's silently discarded. If a sender receives a corrupted frame, it will not send an ACK in response. Likewise, if the sender receives a corrupted ACK frame, it will ignore it. Interference can cause data throughput to drop like a lead balloon!

Request-to-Send/Clear-to-Send (RTS/CTS)

RTS/CTS is an optional feature of 802.11 that helps avoid interference in cases where stations can't hear one another but can hear the AP. Therefore, these stations are more likely to transmit simultaneously, causing interference. Enabling RTS/CTS on these stations will cause them to defer to the AP before transmitting. When a station wants to transmit, it sends an RTS frame to the AP. The AP responds with a CTS that grants the station the privilege of transmitting for a short period of time. All other stations also receive the CTS and take note of the duration, so they know not to transmit during this window. This process dramatically reduces the potential for interference, although it's still possible for two stations to send RTS frames simultaneously. Note that enabling RTS/CTS in an environment where all stations can hear one another is unnecessary and will decrease throughput.

802.2 Logical Link Control (LLC)

In WLANs, layer 2 is actually divided into two sublayers: 802.11 MAC and 802.2 logical link control (LLC). This division is arbitrary and trivial but highlights another difference between 802.11 and Ethernet. The Type field of the 802.2 LLC frame serves the same function as the EtherType field in an Ethernet frame. The reason for using a separate LLC frame for this instead of just placing a Type field in the 802.11 frame is simply that IEEE has dictated that all 802 networks except Ethernet must use LLC.

Achieving High Throughput with Multiple-Input and Multiple-Output

Increasing transmit power and using complex modulation schemes can take us only so far when it comes to increasing data throughput rates. To get much over 100 Mbps, it's necessary to use multiple radios to create multiple simultaneous data streams. This method is called multiple-input and multiple-output (MIMO). There are two forms of MIMO:

Spatial Multiplexing  The theory behind spatial multiplexing is simple: if you can push 50 Mbps using a single radio, you can push 100 Mbps by transmitting simultaneously using two radios on different frequencies. Spatial multiplexing takes the data to be sent, splits it up, and simultaneously transmits it using multiple radios. The receiver, of course, has to have multiple receiving radios and the capability to reassemble the separate signals into a single data stream. If a device has four radios for transmitting and two for receiving, then it's a 4×2 MIMO device. If a device has two radios for transmitting and two for receiving, it's a 2×2 MIMO device. 802.11n/ac/ax uses spatial multiplexing to achieve hundreds-of-megabits-per-second throughput.

Diversity  The theory behind diversity is similar to that of spatial multiplexing, but with one small difference. One of the enemies of throughput is signal degradation. Diversity works by sending the same data simultaneously on different frequencies using antennas positioned differently. Because the signals are on different frequencies and take slightly different paths, there's a chance that one of them will encounter less interference or arrive at the receiver with greater strength. The receiver selects the best signal at any given moment, resulting in more consistent throughput.

WLC Discovery

Because APs in lightweight mode require a WLC to function, they have to pull out all the stops to make sure they're able to join a WLC. There are several methods they can use to locate a WLC.

To speed the discovery process, you can preconfigure an AP with the IP addresses of up to three controllers in order of priority—primary, secondary, and tertiary. You can alternatively configure DHCP option 43 on a DHCP server, populating the value with candidate WLC IP addresses.

Barring these two approaches, if the AP has never connected to a WLC before, it will broadcast a CAPWAP discovery request on UDP port 5246. Any WLCs that receive the broadcast will respond with a CAPWAP discovery response. On the other hand, if the AP has previously connected to one or more WLCs, it will have stored their IP addresses, and it will send the discovery request as a unicast to all of them.

Finally, just before giving up and starting over, the AP will try to resolve the domain name CISCO-CAPWAP-CONTROLLER. domain.local, where domain.local is the domain suffix learned from DHCP option 15. If it resolves to an IP address, the AP will assume it's for a WLC and will proceed to the selection stage.

The WLCs that respond with a discovery response compose the WLC candidate list that the AP will choose from in the selection process. When a WLC responds with a discovery response, it includes a metric indicating its current load. The load is a metric indicating the number of APs connected to it and how many total APs it can support. The AP will use the load information to determine which WLC to join.

Selection and Join

The AP sends a CAPWAP join request to the candidate WLC with the lowest load. This helps to ensure an even load distribution in environments with multiple WLCs. Once the WLC returns a join response, both the AP and WLC build an encrypted CAPWAP tunnel that they'll use for control and data traffic.

After joining, if the AP is running a software release that is different than the WLC, it will download the appropriate image from the WLC and reboot. After that, the AP will rejoin the WLC and download its configuration, which includes channel and authenticating settings and SSIDs.

If a WLC becomes unavailable or unresponsive after the AP joins, the AP can fall back to another one of the controllers in its candidate list. To improve availability, you can configure WLCs in a high-availability (HA) active-standby pair. If the active controller fails, by using stateful switchover (SSO) the standby controller can instantly take over.

Roaming between Autonomous APs

When using autonomous APs, you'll likely have them connected to a dedicated wireless VLAN. Using the power of transparent bridging, extending a subnet across all APs facilitates almost seamless roaming. When a client connected to one AP roams to another, it simply has to associate with the closer AP. It maintains its IP address, and as soon as it sends a frame, the switches update their MAC address tables accordingly to reflect the client's new location. Roaming just works, and it works even if there are several APs.

Roaming between Lightweight APs

In a lightweight topology, the functionality of each AP is shared between the AP and its connected WLC. As long as both APs are connected to the same controller, the roaming process works smoothly. This is called an intracontroller roam.

When a client roams between APs that are connected to different WLCs, it's called an intercontroller roam. This may occur when a client moves between buildings and associates with an AP on another controller. How clients roam between WLCs boils down to whether the WLCs share the same VLAN.

Layer 2 roaming—WLCs share a VLAN  In layer 2 roaming, if both WLCs are connected to the same VLAN, the roam occurs similarly to how it does with autonomous APs. The client roams to a different AP, maintains its IP address, and the wired switching infrastructure updates its MAC address tables.

You'll notice that this scenario is not ideal from a design perspective. A single WLC can handle hundreds of APs, so you wouldn't likely have multiple WLCs except in a large environment. Extending a VLAN across such a huge network just isn't a good idea. Layer 2 roaming—like autonomous roaming—depends on the magic of transparent bridging. It works flawlessly until it doesn't.

Layer 3 roaming—WLCs don't share a VLAN  The term “layer-3 roaming” is a bit misleading. It more accurately could be called “layer-2-over-layer-3 roaming.” If the WLCs are in different VLANs, they have to do a little behind-the-scenes magic. First, some terminology: The controller the client is roaming from is called the anchor controller. The one it's roaming to is the foreign controller. During a roam the foreign controller forms a CAPWAP tunnel with the anchor controller. All client traffic passes over the tunnel to the anchor controller, and the client keeps its original IP address. All that's really happening is that the foreign and anchor controllers are forwarding layer 2 traffic over layer 3. Using this process, the client can roam from controller to controller while maintaining layer 2 connectivity to its anchor controller.

Auto-Anchor Mobility

You may want to force certain clients to always go through a particular WLC regardless of the AP they're connected to. To use a common scenario, you may have an SSID for guest Internet access. You want this to be available everywhere, but you want all traffic to get routed through a firewall at your data center. You can achieve this by using auto-anchor mobility to force all guest clients to go through a WLC at your data center. Whenever a client connects to the guest SSID, regardless of what AP they hit, they will be automatically anchored to the WLC at the data center. This is also called guest tunneling.