WiFi 技術

最後更新: 2019-04-14

 

目錄

 


Protected Management Frames(PMF)

 

A security feature which protection against MiTM attacks (introduced in the 802.11w)

Management Frames are the signaling packets used in 802.11 WiFi to allow a device to negotiate with an AP.

The concept of Protected Management Frames was introduced in 2009, but can apply to all flavors of 802.11 (A,B,G, N, etc).

It's support is supposed to be mandated for any WPA2 or TKIP device that wants to use the WiFi Alliance logo.

It works by adding a MIC (Message Integrity Check) to these control packets being sent between your PC and the Access Point (WiFi Router).
If a control packet is being spoofed by a malicious device, then the MIC check will fail and the frame will be discarded.
This helps keep malicious attackers from bumping you off an AP you're already associated with and exchanging encrypted traffic with.

Asus is making this option because older devices, or really limited ones, may not be able to process this more secure type of traffic.

  • If you set to Enabled, then it will support the new frame format, but not require it.
  • If you set it to Enforce, then it will require all devices to use it.

Unicast management actions frames are protected from both eavesdropping (窃听)and forging(锻造),
  and multicast management action frames are protected from forging.
 


Band Steering

 

Forces compatible clients to move to the 5G

 


Group Rekey Interval

 

The time interval between two successive rekeying operations in a WPA2 Wi-Fi network.

 


Client Device Isolation

 

開了它後行唔到 Airplay, Chromecast, wireless printer

 


Wi-Fi BSS (Basic Service Set) transition

 

refers to the process of moving a wireless device from one network to another without disrupting its connectivity.
(seamlessly switch between networks)

Types of BSS transitions

Roaming: When a device moves from one access point to another within the same network

Handover: When a device moves from one network to another

Bridge: a device may need to connect to multiple networks simultaneously

Multi-AP BSS transition: moving a device from one access point to another within the same network
                         but on different channels
                         (improve connectivity # reduce interference between channels)


隨機天線

 

隨機天線: 2dBi~5dBi

高增益天線: 7dBi, 9dBi

主動式: 需要加裝額外的電力來源(內部含有放大電路)

被動式: 垂直方向訊號 --> 水平訊號
 


Analyzer

 

Android : WiFiAnalyzer(open-source)

 


三頻

 

2.4Ghz + 5GHz + 5GHz

ACXXXX

ACXXXX = XMb + XMb + XMb

ie.

AC1900 = 600Mbps + 1300Mbps

AC2200 = 400Mbps + 866Mbps + 866Mbps

 * 三頻 Wifi 的第3頻用作組成 Mesh Wi-Fi 之用 !

 


5G

Setting

"Auto select channel including band1 channels"

When this option is enabled it simply means router auto selection would to take into account channel 36-48,
if not enabled it will select from 149-165

Do note channel 36-48 reduce transmit power in compare to 149-165.

Also none of these channels are DFS, DFS channel are from 52-140.

DFS = Dynamic Frequency Selection;

5GHz 頻段間不同頻率區域

  • 5.17GHz~5.33GHz
  • 5.49GHz~5.71GHz
  • 5.735GHz~5.835GHz

 


WMM Mode

 

*  Power Save Certification
* Quality of service (QoS)

Quality of service (QoS)

It provides basic Quality of service (QoS) features to IEEE 802.11 networks. WMM prioritizes traffic according to four Access Categories (AC) - voice, video, best effort, and background.

However, it does not provide guaranteed throughput. It is suitable for well defined applications that require QoS, such as Voice over IP (VoIP) on Wi-Fi phones (VoWLAN).

Power Save Certification

The underlying concept of WMM PowerSave is that the station (STA) triggers the release of buffered data from the access point (AP) by sending an uplink data frame.

Upon receipt of such a data (trigger) frame the AP releases previously buffered data stored in each of its queues. Queues may be configured to be trigger enabled, (i.e. a receipt of a data frame corresponding to the queue acts as trigger), and delivery enabled, (i.e. data stored at those queues will be released upon receipt of a frame). Queues refer to the four ACs defined for WMM.
 


Captive portal

 

This is done by intercepting most packets, regardless of address or port, until the user opens a browser and tries to access the web. At that time the browser is redirected to a web page which may require authentication and/or payment, or simply display an acceptable use policy and require the user to agree.

Implementation

 - ICMP redirect
 - Redirection by DNS

 


Roaming

 

Roaming is purely a client decision.

Precondition:

You need to configure the root wireless router and range extender or AP with the same wireless name (SSID) and

same wireless password & authorization method.

Device

Intel

it is known as roaming aggressiveness and this setting allows you to define how aggressively your Wi-Fi client roams to improve wireless connection.

Lowest: Only significant link quality degradation causes it to roam to another access point.

Medium-Low/Medium-High: Allow Roaming.

Highest: Your Wi-Fi client continuously tracks the link quality.
              If any degradation occurs, it tries to find and roam to a better access point.

Ralink

roaming aggressiveness

Andriod

APPS: wifi roaming fix

If you set good signal level too big, your mobile phone may roam frequently.

Seamless roaming

 * 即使 Seamless, Client 也會與原來基站 De-associate, 再與新基站 Associate

For some devices, if RSSI levels fall below -70 dBm,
it triggers the wireless client to search for another node that is closer.  
If the RSSI levels don’t fall below -70 dBm,
the wireless client will not connect to another node even if that other node is closer.

Seamless = 802.11k + 802.11r + 802.11v

802.11k - Radio Resource Measurement of Wireless LANs

helps devices search quickly for nearby APs that are available as roaming targets by creating an optimized list of channels
When the signal strength of the current AP weakens, your device will scan for target APs from this list.

802.11r - Fast Basic Service Set (BSS) Transition

uses a feature called Fast Basic Service Set Transition (FT) to authenticate more quickly.
FT works with both preshared key (PSK) and 802.1X authentication methods.

802.11v - Wireless Network Management

 


Preamble: short /long

 - Sync

 - Start of Frame Delimiter (SFD)[2 byte]

Technically speaking, it is the first portion of the Physical Layer Convergence Procedure (PLCP) Protocol Data Unit (PDU).

The preamble allows the receiver to acquire the wireless signal and synchronize itself with the transmitter.

A header is the remaining portion and contains additional information identifying the modulation scheme, transmission rate and length of time to transmit an entire data frame.

Long Preamble:

Total Long Preamble transfer time is a constant at 192 usec

Size: 16 Byte

Long Preamble Type can improve the transmission if the wireless signals are weak.(CRC)

Short Preamble:

Total Short Preamble transfer time is a constant at 96 usec

Size: 7 Byte

 


Beacon Interval

 

A beacon is a packet broadcast by the router to synchronize the wireless network.

Default value is 100ms

Please note decreasing beacon interval will improve wireless network roaming process and retain wireless connection better but slow down network throughput.

 


RTS Threshold

 

Default value is 2347

The wireless router sends Request to Send (RTS) frames to a particular receiving computer and negotiates the sending of a data frame.

After receiving an RTS, the computer responds with a Clear to Send (CTS) frame to acknowledge the right to begin transmission.

The CTS features a time value that will alert other stations to hold access to the medium while the station that initiates the RTS transmits the data.

CSMA/CD (Carrier Sense Multiple Access with Collision Detection)

the transmission station will send out the actual packet after waiting for the silence period

CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)

the transmission station sends out an RTS packet to the receiving station

hidden station problem:

In several instances, enabling RTS/CTS in the access point is of no use if the hidden station issue doesn’t exist from the access point perspective.

 


Fragmentation Threshold

 

Default setting is 2346 bytes

It specifies the maximum size for a packet before data is fragmented into multiple packets. Same as how RTS threshold works, if you notice frequent collisions on wireless network, then can consider to lower the threshold value.
 

 


WMM-Capable

 

WMM (Wi-Fi Multimedia)

It is a standard created to define quality of service (QoS)

improve audio, video and voice applications transmitted over Wi-Fi. ( latency and throughput )
 


Beamforming Technology

 

波束成型集中能量傳輸

used in sensor arrays for directional signal transmission or reception.

achieved by combining elements in an antenna array

used at both the transmitting and receiving ends in order to achieve spatial selectivity.

分類

explicit (802.11ac)

發送者會向接收者傳輸一組專門用來矯正波束成型的資料,

接收者再依據此資料運算一回饋資料傳送回去給發送者

implicit

 


速度

 

802.11

  • ax: WiFi 6
  • ac: WiFi 5
     - Frequency bands: 5G
     - 87.6Mbit@20MHz (1 antennas, 400ns GI)
     - Channels: 20, 40, 80, 160(80+80) MHz
     - 8 個 MIMO (max)
     - Downlink Multi-user MIMO (MU-MIMO)
     - 256-QAM
     - 802.11ac falls back to 802.11n to serve devices which don’t support it.
  • 11n: WiFi 4
     - Frequency bands: 2.4 GHz / 5 GHz (optional)
     - 72.2Mbit@20Hz (1 antennas, 400ns GI)
     - 150Mbit@40Hz
     - 4 個 MIMO (max)
     - Introduced MIMO
  • 11g: 最高54Mbps(浮動)
  • 11b: 最高11Mbps(浮動)

 


WiFi信號

 

WiFi信號大小表示為與1mw的強度比, 用dbm表示。

0dbm = 1mW

30dbm = 1000mW

公式: dbm = 10×log(P/1mW)

信跑質量

-30 dBm     Maximum signal strength
-50 dBm     Excellent signal strength.     
-60 dBm     Good, reliable signal strength.
-67 dBm     Reliable signal strength.
-70 dBm     Not a strong signal.

 


RSSI 與 SNR

 

RSSI (Received Signal Strength Indicator)

 

SNR (signal-to-noise ratio)

SNR = P(signal) / P(noise)

SNR(db) = P(signal)db - P(noise)noise

BER(Bit Error Rate > 10%)如果太高,表示傳輸的錯誤率太高,

設備也會主動降低一層MCS index,以提高傳輸的效率,避免資料重傳造成傳輸媒介的浪費。

Example

receives a signal of -75 dBm and the noise floor is measured at -90 dBm, the SNR is 15 dB.

 


BSS 與 ESS

 

ESS (extendedservice set) [幫助記憶]

ESSID =  SSID

同一個區域網路可能同時安裝多個訪問點(multi ap)

* 多個AP可以擁有同一個ESSID以對客戶提供漫遊能力, 但是BSSID必須唯一,因為數據鏈路層的MAC地址是唯一的。

 * 在同一個ESS中的不同BSS之間切換的過程稱為漫遊

 * 提供漫遊能力的 AP 要用不同的 Channel (1, 6 , 11)

 * 使用相同的安全機制

 * 各客戶端之間不直接相互通信

 * 操作系統會自動判斷信號強弱並切換關聯的訪問點
       - wireless client driver
       - different clients use different thresholds
       - The client can passively
          (scan by tuning its radio to another channel and listening for beacons transmitted from other APs.)
       - roaming algorithms are vendor specific

 * Cisco recommends 15 percent to 20 percent overlap for AP

IBSS (Ad-Hoc)

 


CCMP

 

Counter Cipher Mode with Block Chaining Message Authentication Code Protocol

 


MIMO

 

All the antennas transmit at the same frequencies (no extra per-user bandwidth is required)

(用了 Spatial Multiplexing 技術去實現)

Spatial Multiplexing

a high-rate signal is split into multiple lower-rate streams and

each stream is transmitted from a different transmit antenna in the same frequency channel.

When signal strength or quality is low, it's difficult for the modem to distinguish between the two data streams,

so when signal levels drop below a certain threshold level, MIMO is switched off and the modem operates with only one antenna

Number of antennas

The "a x b : c" notation helps identify what a given radio is capable of.

(a) is the maximum number of transmit antennas or TX RF chains
(b) is the maximum number of receive antennas or RX RF chains
(c) is the maximum number of data spatial streams the radio can use

For example:

a radio that can transmit on two antennas and receive on three, but can only send or receive two data streams

2 x 3 : 2

Legacy wireless devices

use Single-Input Single-Output (SISO) technology. They can only send or receive one spatial stream at a time.

In radio it is the use of only one antenna both in the transmitter and receiver.

SISO systems are vulnerable to problems caused by multipath effects.

 


Multi-user MIMO (MU-MIMO)

 

原理

A single multi-antenna transmitter communicating with a single multi-antenna receiver. (point-to-point)

Multi-user MIMO can be generalized into two categories:

  • MIMO broadcast channels (MIMO BC) and
  • MIMO multiple access channels (MIMO MAC) for downlink and uplink situations

MIMO BC

a single sender to multiple receiver wireless network

MIMO MAC

the multiple sender to single receiver wireless network.

 * 連線雙方均支援才可以使用

 


Guard Interval

 

ensure that distinct transmissions do not interfere with one another

The standard symbol guard interval used in 802.11 OFDM is 0.8 μs.

To increase data rate, 802.11n added optional support for a 0.4 μs guard interval.

 


Hotspot2.0

 

Hotspot2.0定義了保證用戶終端的安全措施, 禁止用戶終端間的直接訪問,

減少用戶終端受到惡意攻擊的可能性.

在Beacon中攜帶P2P管理信息, 管理信息設置為禁止用戶終端通過和其他用戶建立P2P連接.

Setting

  • Point to Point
  • P2P Cross Connect

Wi-Fi Direct

also known as peer-to-peer or P2P

Wi-Fi Direct devices connect to one another without joining a traditional home, office, or public network.

P2P Cross Connect

The "P2P Cross Connect" is disabled by default.

The Wi-Fi Direct network and the infrastructure network can be bridged by the client.

 


Hardware

 

AC1900(RT-AC68U) HK$880@20190402

  • 600     (3 streams @ MCS 9)
  • 1300   (3 streams @ MCS 9)

AC1750(RT-AC66U) HK$800@20190402

  • 450     (3 streams @ MCS 7)
  • 1300   (3 streams @ MCS 9)

AC1200    

  • 300     (2 streams @ MCS 7) [Band: 2.4GHz, Channel: 40MHz]    
  • 867     (2 streams @ MCS 9)[Band: 5GHz, Channel: 80MHz]

 


Mesh Wi-Fi

 

實踐方式

  • 802.11s based wireless mesh network
  • B.A.T.M.A.N. / batman-adv
  • OLSR Mesh

OpenWrt with 802.11s

works reliably with OpenWrt 19.07 and later

assuming that there is hardware/driver support and that wpad-mesh-openssl (or equivalent) has been installed.

# to obtain a list of available mesh parameters

iw dev <devname> get mesh_param

 

 

Creative Commons license icon Creative Commons license icon