802.11 Association process explained

Access points are bridges that bridge traffic between mobile stations and other devices on the network. Before a mobile station can send traffic through an AP, it must be in the appropriate connection state.

The three 802.11 connection states are:

• 802.11 probing 
• 802.11 authentication 
• 802.11 association 

802.11 probing

• A mobile station sends probe requests to discover 802.11 networks within its proximity. Probe requests advertise the mobile stations supported data rates and 802.11 capabilities such as 802.11n. Because the probe request is sent from the mobile station to ff:ff:ff:ff:ff:ff all AP's that receive it will respond.
• APs receiving the probe request check to see if the mobile station has at least one common supported data rate. If they have compatible data rates, a probe response is sent advertising the SSID (wireless network name), supported data rates, encryption types if required, and other 802.11 capabilities of the AP. 
• A mobile station chooses compatible networks from the probe responses it receives.

802.11 authentication

• 802.11 was originally developed with two authentication mechanisms. The first one, called “open authentication”, is fundamentally a NULL authentication where the client says “authenticate me” and the AP responds with “yes”. 
• The second type of authentication, namely the WEP/WPA/WPA2, is a shared key mechanism that is widely used in home networks or small Wi-Fi deployments.

802.11 association

• This stage finalizes the security and bit rate options and establishes the data link between the WLAN client and the AP.

What is Reassociation

• If a client has joined a network and roams from one AP to another within the network, the association is called a re-association. 
• The primary difference between an association and a re-association event is that a re-association frame sends the MAC address (BSSID) of the previous AP in its re-association request to provide roaming information to the extended WLAN network.

LWAPP and CAPWAP

LWAPP: (Lightweight Access Point Protocol):

• For communication between AP and Controller (WLC), we need this Protocol.
• Fragmentation/Re-assembly: Relies on IpV4
• Path-MTU Discovery: Not supported
• Control Channel Encryption between AP and WLC: Yes (using AES)
• Data Channel Encryption between AP and WLC: No
• UDP Ports: 12222, 12223

CAPWAP:( Control and Provision of Wireless AP):

• Build on top of LWAAP with some improvement.
• The state machine of CAPWAP is similar to LWAPP's, but with the addition of a full Datagram Transport Layer Security (DTLS) tunnel establishment. 
• Fragmentation/Re-assembly: CAPWAP itself does both
• Path-MTU Discovery: Has a robust P-MTU discovery mechanism, can also detect dynamic MTU changes.
• Control Channel Encryption between AP and WLC: Yes (Using DTLS)
• Data Channel Encryption between AP and WLC: Yes (using DTLS)
• UDP Ports: 5246 (ctrl) 5247 (data)

*A maximum transmission unit (MTU)

Passive Scan and Active scan by client

Clients gather information about the APs by scanning the channels one by one either through passive scanning or active scanning.

Passive Scanning:

• In passive scanning mode, the client station moves the radio into each channel and waits to listen for beacons frame on the channel. 
• The client station listens for beacons containing SSID that it may have already connected to before.
• If the client receives beacons from multiple APs for the same SSID, it attempts to connect to the AP with the best RSSI (receiver signal strength indicator). 
• This passive scanning will save battery power as it does not need to transmit.

Active Scanning:

• Client stations send out probe request frames on each channel. 
• These probe requests may contain SSID of a specific WLAN that the client is looking for or the probe requests can also look for “any” SSID to find out all the SSIDs in the proximity of the client. 
• These are requests for APs to send out information about themselves. 
• APs respond to Probe Requests with probe response frames, the contents of which are similar to Beacon frames.
• The APs operating on a particular channel responds back to probe request with a probe response with its SSID, supported rates, and security rates. 
• If a client station receives probe responses from multiple APs (and/or multiple SSIDs), the client station uses RSSI of the AP as a judge to connect to an AP with best signal strength.

What is Beacon and who send it

Beacons :

• Used by the WLAN network to advertise its presence. 

• beacons are regularly broadcast by an AP 
• AP sends the probe, authentication, and association frames only during the association and re-association process. 
• Beacon Frame Contains
• SSID 
• BSSID
• Channel Supported 
• Security Type supported
• Typically, APs transmit beacon frames every 100ms.

Data Encapsulation & Decapsulation in the OSI Model :

Remember :

Encapsulation starts from the Uppermost Layer  à Lowest Layer

Decapsulation starts from Lowest Layer  à Uppermost Layer.

Data in Different Layer :

1.     Transport Layer: Segment is the PDU

2.     Network Layer: Packet is the PDU

3.     Data Link Layer: Frame is the PDU

4.     Physical Layer: Bit is the PDU

** PDU: Protocol Data Unit

Data Encapsulation:

• Application layer is the GUI interface for user. So, data starts from Application layer.
• Data Application - > Data Presentation Layer - >Data Session Layer.
• As we are sending larger amount of data so in Transport Layer Data need to be segmented with proper sequence.
• Transport layer we have 2 protocol UDP / TCP. Here we will discuss about TCP.
• The data in the transport layer is called as segment. 
• Each sequenced segment can be assembled together on the receiver side. Then each segment are handled in network layer for network addressing or logical addressing and routing through internet. The data is named here as a packet. 
• The network layer adds its IP header to send it to the data link layer. Here, the data is named as frame. 
• The data link layer receives packet from network layer and place them into network medium. Data link layer encapsulates each packet in a frame consisted of hardware (MAC) address of the source and destination computer and the LLC information to identify the previous layer protocol, and FCS (Frame Check Sequence for Error detection ) it is needed for the packet to pass it when it will arrive the destination. 
• A frame is a logical group of 1’s and 0’s, the physical layer is responsible to digitalize the signal which is used by devices on the same local network.

Data Decapsulation:

• The receiving computer first will synchronize with the digital signal by reading a few extra 1’s and 0’s. Then it will receive the whole frame to pass it to the above data link layer. 
• The Datalink layer will do a Cyclic Redundancy Check (CRC) on the frame. This is a computation which the computer does and if the result it gets matches the value in the FCS field, then it assumes that the frame has been received without any errors. Once that's out of the way, the Datalink layer will strip off any information or header which was put on by the remote system's Datalink layer and pass the rest (now we are moving from the Datalink layer to the Network layer, 
• Network layer will check and match the IP address, if it matches then it will remove the IP header from the packet and rest is sent to above layer i.e. transport layer. 
• The data, named as segment in transport layer, is processed to rebuild the data tream and acknowledges to the transmitting computer that it has received the data. 
• Then it hands over the data to application layer.

For Better Visualisation :