You are on page 1of 180

SMART SENSOR

ES UN SENSOR PROVISTO DE UN PROTOCOLO


DE COMUNICACIN DIGITAL

Luis Corrales, PhD EPN-DACI

SMART SENSOR
SENSOR CIRCUIT: PROVEE ACONDICONAMIENTO
DE LA SEAL QUE ENTREGA EL SENSOR. ESTO LE
CONVIERTE A LA TARJETA EN NICA.

Luis Corrales, PhD EPN-DACI

SMART SENSOR
SENSOR CIRCUIT: CONVIERTE LA SEAL
ANALOGA A DIGITAL

Luis Corrales, PhD EPN-DACI

SMART SENSOR
NETWORK CHIP: ES EL QUE PORVEE EL
PROTOCOLO DE COMUNICACIONES, P.E.
ETHERNET.

Luis Corrales, PhD EPN-DACI

SMART SENSOR
NETWORK TRANSCEIVER: ES EL QUE COVIERTE
LA SEAL DIGITAL LGICA EN VALORES REALES
DE VOLTAJE, DEPENDIENDO DEL MEDIO.

Luis Corrales, PhD EPN-DACI

SMART SENSOR
SI EL MEDIO ES COBRE: CONVIERTE A VOLTIOS.
FIBRA PTICA: CONVIERTE A LUZ
INLMBRICA: CONVIERTE A ONDAS
ELECTROMAGNTICAS.

Luis Corrales, PhD EPN-DACI

SMART SENSOR
UN PROBLEMA QUE SE TIENE CON LOS
SENSORES Y ACTUADORES INTELIGENTES ES LA
OBTENCIN DE LA ALIMENTACIN ELCTRICA.

Luis Corrales, PhD EPN-DACI

SMART SENSOR
UN SENSOR O ACTUADOR CARECE DE
ALIMENTACIN ELCTRICA Y TOCA ALIMENTAR AL
CONJUNTO POR EL MISMO CABLE DE DATOS.

Luis Corrales, PhD EPN-DACI

SMART SENSOR
UNA SOLUCIN MUY CONOCIDA EL PoE.
POWER OVER ETHERNET.
HAY SWITCHES ESPECIALES QUE PROPORCIONAN ESTA
ALTERNATIVA.

Luis Corrales, PhD EPN-DACI

What is a wireless LAN?


Wireless LAN (WLAN) - provides all the features
and benefits of traditional LAN technologies such as
Ethernet and Token Ring, but without the
limitations of wires or cables.

Luis Corrales, PhD EPN-DACI

10

What is a wireless LAN?

http://earlyradiohistory.us/1920au.htm

WLAN, like a LAN, requires a physical medium to transmit signals.


Instead of using UTP, WLANs use:
Infrared light (IR)
802.11 does include an IR specification
limitations, easily blocked, no real 802.11 products (IrDA)
Radio frequencies (RFs)
Can penetrate most office obstructions
Luis Corrales, PhD EPN-DACI

11

What is a
wireless LAN?

More later!

WLANs use the 2.4 GHz and 5-GHz frequency bands.


ISM (Industry, Scientific, Medical) license-free (unlicensed) frequency bands.
S-Band ISM
802.11b and 802.11g: 2.4- 2.5 GHz
C-Band ISM
802.11a: 5.725 5.875 GHz

Luis Corrales, PhD EPN-DACI

12

IEEE 802.11 and the Wi-Fi Alliance

IEEE LAN/MAN Standards Committee (LMSC)


First 802.11 standard released in 1997, several since then
Wireless Ethernet Compatibility Alliance (WECA)
Advertises its Wi-Fi (wireless fidelity) program
Any 802.11 vendor can have its products tested for interoperability
Cisco is a founding member
Luis Corrales, PhD EPN-DACI

13

Wi-Fi
Wi-Fi Alliance
WECA changed its name to Wi-Fi
Wireless Fidelity Alliance
170+ members
Over 350 products certified

Wi-Fis Mission
Certify interoperability of WLAN products (802.11)
Wi-Fi is the stamp of approval
Promote Wi-Fi as the global standard

Luis Corrales, PhD EPN-DACI

14

Other Wireless Technologies

Not discussed in this course:


Cellular
Bluetooth or PAN (Personal Area Network)
3G (3rd Generation)
UWB (Ultra Wide Band)
FSO (Free Space Optics)
Radio waves off meteor trails!
Luis Corrales, PhD EPN-DACI

15

Why Wireless?

Luis Corrales, PhD EPN-DACI

16

WLAN Evolution
Warehousing
Retail
Healthcare
Education
Businesses
Home

Speed

860 Kbps

Network
Radio

900 MHz

2.4 GHz

1986

Standards-based

Proprietary

1988

Luis Corrales, PhD EPN-DACI

11 Mbps 54 Mbps

1 and
1 and
2 Mbps
2 Mbps

1990

IEEE 802.11Begins
Drafting

1992

1994

5 GHz

2.4 GHz

1996

802.11
Ratified

802.11a,b 802.11g
Ratified
Drafted

1998

2000

2002
17

Current Standards a, b, g
Speed

860 Kbps

Radio

900 MHz

2.4 GHz

1986

Standards-based

Proprietary

Network

1988

11 Mbps 54 Mbps

1 and
1 and
2 Mbps
2 Mbps

1990

IEEE 802.11Begins
Drafting

1992

1994

5 GHz

2.4 GHz

1996

802.11
Ratified

802.11a,b 802.11g
Ratified
Ratified

1998

2000

802.11a
More later!
Up to 54 Mbps
5 GHz
Not compatible with either 802.11b or 802.11g
802.11b
Up to 11 Mbps
802.11g is backwards compatible
2.4 GHz
with 802.11b, but with a drawback
802.11g
(later)
Up to 54 Mbps
2.4 GHz
Luis Corrales, PhD EPN-DACI

18

2003

Speed

802.11 PHY (Physical Layer)


Technologies
860 Kbps
1 and
1 and
2 Mbps
2 Mbps
11 Mbps 54 Mbps

Radio

900 MHz

2.4 GHz

1986

Standards-based

Proprietary

Network

1988

1990

IEEE 802.11Begins
Drafting

1992

1994

5 GHz

2.4 GHz

1996

802.11
Ratified

802.11a,b 802.11g
Ratified
Ratified

1998

2000

2003

More later!
Infrared light
Three types of radio transmission within the unlicensed 2.4-GHz frequency
bands:
Frequency hopping spread spectrum (FHSS) 802.11b (not used)
Direct sequence spread spectrum (DSSS) 802.11b
Orthogonal frequency-division multiplexing (OFDM) 802.11g
One type of radio transmission within the unlicensed 5-GHz frequency bands:
Orthogonal frequency-division multiplexing (OFDM) 802.11a
Luis Corrales, PhD EPN-DACI

19

Atmosphere: the wireless medium

Wireless signals are electromagnetic waves


No physical medium is necessary
The ability of radio waves to pass through walls and cover great distances
makes wireless a versatile way to build a network.
Luis Corrales, PhD EPN-DACI

20

WLAN Devices
In-building Infrastructure
1200 Series (802.11a and 802.11b)

Bridging
350 Series (802.11b)

1100 Series (802.11b)

BR350

350 Series (802.11b) not shown

WGB350
1400 Series (802.11a)

Luis Corrales, PhD EPN-DACI

21

Antennas
Antenna
2.4GHz Antennas
5 GHz Antennas

Luis Corrales, PhD EPN-DACI

22

1.
2.

3.

4.

Four main requirements for a WLAN


solution

High availability High availability is achieved through system redundancy


and proper coverage-area design.
Scalability Scalability is accomplished by supporting multiple APs per
coverage area, which use multiple frequencies. APs can also perform load
balancing, if desired.
Manageability Diagnostic tools represent a large portion of management
within WLANs. Customers should be able to manage WLAN devices through
industry standard APIs, including SNMP and Web, or through major
enterprise management applications like CiscoWorks 2000, Cisco Stack
Manager, and Cisco Resource Monitor.
Open architecture Openness is achieved through adherence to standards
such as 802.11a and 802.11b, participation in interoperability associations
such as the Wi-Fi Alliance, and certification such as U.S. FCC certification.

Luis Corrales, PhD EPN-DACI

23

Other requirements
Security It is essential to encrypt data packets transmitted through the air.
For larger installations, centralized user authentication and centralized
management of encryption keys are also required.
Cost Customers expect continued reductions in price of 15 to 30 percent
each year, and increases in performance and security. Customers are
concerned not only with purchase price but also with total cost of ownership
(TCO), including costs for installation.

Luis Corrales, PhD EPN-DACI

24

Challenges and Issues

Luis Corrales, PhD EPN-DACI

25

Radio Signal Interference

Network managers must ensure that different channels are utilized.


Interference cannot always be detected until the link is actually

implemented.
Because the 802.11 standards use unlicensed spectrum, changing
channels is the best way to avoid interference.
If someone installs a link that interferes with a wireless link, the
interference is probably mutual.

Luis Corrales, PhD EPN-DACI

26

Radio Signal Interference

To minimize the possible effects of


electromagnetic interference (EMI), the best
course of action is to isolate the radio
equipment from potential sources of EMI.
Luis Corrales, PhD EPN-DACI

27

Power Consumption

Power consumption is always an issue with laptops, because the

power and the battery have limited lives.


802.11a uses a higher frequency (5 GHz) than 802.11a/g (2.4 GHz)
which requires higher power and more of a drain on batteries.

Luis Corrales, PhD EPN-DACI

28

Interoperability

Non-standard (for now) 802.11 devices include:


Repeater APs
Universal Clients (Workgroup Bridges)
Wireless Bridges
Cisco bridges, like many other vendor bridges, are proprietary
implementations of the 802.11 standard and therefore vendor
interoperability cannot be attained.
Luis Corrales, PhD EPN-DACI

29

Wireless LAN Security: Lessons


War Driving

Hacking into WEP

Lessons:

Security must be turned on (part of the installation process)

Employees will install WLAN equipment on their own


(compromises security of your entire network)

WEP keys can be easily broken (businesses need better security)


Luis Corrales, PhD EPN-DACI

30

Wireless LAN Security

Security in the IEEE 802.11 specificationwhich applies to 802.11b, 802.11a,


and 802.11ghas come under intense scrutiny.
Researchers have exposed several vulnerabilities.
As wireless networks grow, the threat of intruders from the inside and
outside is great.
Attackers called war drivers are continually driving around searching for
insecure WLANs to exploit.
Luis Corrales, PhD EPN-DACI

31

Installation and Site Design IssuesBridging

Luis Corrales, PhD EPN-DACI

32

Installation and Site Design IssuesWLAN

Luis Corrales, PhD EPN-DACI

33

Health Issues

Luis Corrales, PhD EPN-DACI

34

IEEE 802.11 Standards Activities


802.11a:
802.11b:
802.11d:
802.11e:
802.11f:
802.11g:
802.11h:

5GHz, 54Mbps
2.4GHz, 11Mbps
Multiple regulatory domains
Quality of Service (QoS)
Inter-Access Point Protocol (IAPP)
2.4GHz, 54Mbps
Dynamic Frequency Selection (DFS)
and Transmit Power Control (TPC)
802.11i: Security
802.11j: Japan 5GHz Channels (4.9-5.1 GHz)
802.11k: Measurement
Luis Corrales, PhD EPN-DACI

35

802.11 Standards

Luis Corrales, PhD EPN-DACI

36

Overview of
Standardization

Standardization of networking functions has done much to further the


development of affordable, interoperable networking products.
This is true for wireless products as well.
Prior to the development of standards, wireless systems were plagued with
low data rates, incompatibility, and high costs.
Standardization provides all of the following benefits:
Interoperability among the products of multiple vendors
Faster product development
Stability
Ability to upgrade
Cost reductions
Luis Corrales, PhD EPN-DACI

37

IEEE and 802.11

IEEE, founded in 1884, is a nonprofit professional organization


Plays a critical role in developing standards, publishing technical works,
sponsoring conferences, and providing accreditation in the area of electrical
and electronics technology.
In the area of networking, the IEEE has produced many widely used standards
such as the 802.x group of local area network (LAN) and metropolitan area
network (MAN) standards,
Luis Corrales, PhD EPN-DACI
38

IEEE 802 Architecture

Some you may recognize:


802.3 CSMA/CD (Carrier Sense Multiple Access with Collision Detection), often
mistakenly called Ethernet
802.1d Spanning Tree
802.1Q VLANs
802.5 Token Ring
Luis Corrales, PhD EPN-DACI

39

IEEE 802.11 Architecture

802.11 is a family of protocols, including the original specification, 802.11,


802.11b, 802.11a, 802.11g and others.
Officially called the IEEE Standard for WLAN MAC and PHY specifications.
802.11 is just another link layer for 802.2
802.11 is sometimes called wireless Ethernet, because of its shared lineage
with Ethernet, 802.3.
The wired network side of the network could be Ethernet, Token Ring,
etc.(we will always use Ethernet in our examples)
Access Points and Bridges act as translation bridges between 802.11 and
802.3 (or other other protocol)
Luis Corrales, PhD EPN-DACI

40

Overview of WLAN Topologies


IBSS
BSS
ESS
Access Points
Quick Preview: Station/AP Connectivity

Luis Corrales, PhD EPN-DACI

41

Overview of WLAN Topologies

Three types of WLAN Topologies:


Independent Basic Service Sets (IBSS)
Basic Service Set (BSS)
Extended Service Set (ESS)
Service Set A logical grouping of devices.
WLANs provide network access by broadcasting a signal across a wireless radio
frequency.
Transmitter prefaces its transmissions with a Service Set Identifier (SSID)
A station may receive transmissions from transmitters with the same or different
Luis SSIDs.
Corrales, PhD EPN-DACI
42

Independent Basic Service Sets (IBSS)

IBSS consists of a group of 802.11 stations directly communicating with each


other.
No Access Point used
Also known as an ad-hoc network.
Usage: Few stations setup up for a specific purpose for a short period of time.
(ex. file transfers.)
We will have a an IBSS lab, but our main focus will be BSSs and ESSs.
Luis Corrales, PhD EPN-DACI

43

Basic Service Set (BSS)

BSS, also known as an Infrastructure BSS (never called IBSS)


Requires an Access Point (AP)
Converts 802.11 frames to Ethernet and visa versa
Known as a translation bridge
Stations do not communicate directly, but via the AP
APs typically have an uplink port that connects the BSS to a wired network
(usually Ethernet), known as the Distribution System (DS).
Luis Corrales, PhD EPN-DACI

44

Extended Service Set (ESS)

Multiple BSSs can be connected together with a layer 2 backbone network


to form an Extended Service Set (ESS).
802.11 does not specify the backbone network
The backbone network is also known as the Distribution System (DS) and
could be wired or wireless.
Stations are associated with only one AP at a time.
The SSID is the same for all BSS areas in the ESS (unless creating multiple
BSSs, i.e. one for Marketing and another for Sales).
Luis Corrales, PhD EPN-DACI

45

Extended Service Set (ESS)

What if you want to be able to move between access points without the
latency of re-association and re-authentication (these will be explained)?
Roaming gives stations true mobility allowing them to move seamlessly
between BSSs. (More later)
APs need to be able to communicate between themselves since stations can
only associate with one AP at a time.
Currently, inter-access point communication can only be achieved with
proprietary, non-standard technologies.
IEEE 802.11 working group (Task Group F) is working on standardizing IAPP
(Inter-Access
Point Protocol)
Luis
Corrales, PhD EPN-DACI
46

Access Points

Access Point (AP)


Translates (converts) 802.11 frames to Ethernet and visa versa
Known as a translation bridge
Typically provides wireless-to-wired bridging function
All BSS communications must go through the AP, even between two
wireless stations
Luis Corrales, PhD EPN-DACI

47

Quick Preview: Station/AP


Connectivity
SSID (Service Set Identity)
At a minimum a client station and the
access point must be configured to
be using the same SSID.
An SSID is:
Between 2 and 32 alphanumeric
characters
Spaces okay
Must match EXACTLY, including
upper and lower case
Sometimes called the ESSID
Not the same as BSSID (MAC
address of the AP, later)

Luis Corrales, PhD EPN-DACI

48

Quick Preview: Station/AP


Connectivity

SSID

The Cisco APs have the default SSID tsunami.

Luis Corrales, PhD EPN-DACI

49

Quick Preview: Station/AP


Connectivity
Windows Toolbar Icon
Windows
Network
Properties

Aironet Toolbar Icon

Your operating system (Windows) or wireless NIC client (Aironet) will tell you
whether or not you have successfully connected (associated).

Luis Corrales, PhD EPN-DACI

50

Quick Preview: Station/AP


Connectivity

This only associates your client with the AP.


If you want to communicate with other devices on the network (wireless and
wired), make sure your IP address and subnet mask are correct (or if using
DHCP choose that setting).
This is configured for your wireless NIC, not the wired NIC.
Luis Corrales, PhD EPN-DACI

51

Quick Preview: Station/AP Connectivity

In Windows this is done from the Start -> Control Panel -> Network
Connections (amongst other methods).
Luis Usually,
need to have wired Ethernet
disconnected or disabled.
Corrales, PhD EPN-DACI
52

802.11 Frames This isnt Ethernet!


Distribution System (DS)
IP Packet

General 802.11 Frame


L IP Packet
L
C

802.11 has some similarities with Ethernet but it is a different protocol.


Access Points are translation bridges.
The data/frame body is re-encapsulated with the proper layer 2 frame.
Certain addresses are copied between the two types of frames.
Luis Corrales, PhD EPN-DACI

53

802.11 Frames

802.11 Frames
Data Frames (most are PCF)
Data
Null data
Data+CF+Ack
Data+CF+Poll
Data+CF+Ac+CF+Poll
CF-Ack
CF-Poll
CF-Cak+CF-Poll
Control Frames
RTS
CTS
ACK
CF-End
CF-End+CF-Ack
Luis Corrales, PhD EPN-DACI

54

Management Frames
Beacon
Probe Request
Probe Response
Authentication
Deauthentication
Association Request
Association Response
Reassociation Request
Reassociation Response
Disassociation
Announcement Traffic
Indication

Medium Access CSMA/CA


All stations detect the collision
ACK

CSMA/CD

CSMA/CA

Both CSMA/CD and CSMA/CA are half-duplex architectures


Ethernet uses CSMA/CD Collision Detection
Ethernet devices detect a collision when the data is transmitted
802.11 uses CSMA/CA Collision Avoidance
802.11 devices only detect a collision when the transmitter has not
received an Acknowledgement.
Stations also use CS/CCA.
Stations also use a virtual carrier-sense
function, NAV.
Luis Corrales, PhD EPN-DACI
55

Medium Access CSMA/CA


All stations detect the collision
ACK

CSMA/CD

CSMA/CA

The 802.11 standard makes it mandatory that all stations implement the DCF
(Distributed Coordination Function), a form of carrier sense multiple access with
collision avoidance (CSMA/CA).
CSMA is a contention-based protocol making sure that all stations first sense the
medium before transmitting (physically and virtually).
The main goal of CSMA/CA is to avoid having stations transmit at the same time,
which will then result in collisions and eventual retransmissions.
However, collisions may still occur and when they do stations may or may not be able
detect
them (hidden node problem). 56
Luis to
Corrales,
PhD EPN-DACI

DCF and PCF

IEEE mandated access mechanism for 802.11 is DCF (Distributed


Coordination Function)
Basis for CSMA/CA
There is also the PCF (Point Coordination Function)
Point Coordinators (PC), ie.Access Points, provide point coordination for
contention-free services.
Restricted to Infrastructure BSSs
Stations can only transmit when allowed to do so (AP).
PCF is not widely implemented and will not be discussed
Luis Corrales, PhD EPN-DACI

57

DCF Operation

In DCF operation, a station wanting to transmit :


Checks to see if radio link is clear, CS/CCA Carrier Sense, Clear Channel
Assessment .
Checks its NAV timer to see if someone else is using the medium.
If medium is available DCF uses a random backoff timer to avoid
collisions and sends the frame.
Transmitting station only knows the 802.11 frame got there if it receives an
ACK.
May also use RTS/CTS to reduce collisions.
Luis Corrales, PhD EPN-DACI

58

Duration Field

General 802.11 Frame (more on this later)

Duration/ID field The number of microseconds that the medium is


expected to remain busy for transmission currently in progress.
Transmitting device sets the Duration time in microseconds.
Includes time to:
Transmit this frame to the AP (or to the client)
The returning ACK
The time in-between frames, IFS (Interframe Spacing)
All stations monitor this field!
Luis All
stations
update their NAV (Network
Allocation Vector) timer.
Corrales,
PhD EPN-DACI
59

NAV Timer

All stations have a NAV (Network Allocation Vector) timer.


Virtual carrier-sensing function
Protects the sequence of frames from interruption.
Martha sends a frame to George.
Since wireless medium is a shared medium, all stations including Vivian receive
the frame.
Vivian updates her NAV timer with the duration value.
Vivian will not attempt to transmit until her NAV is decremented to 0.
Stations will only update their NAV when the duration field value received is greater
than their current NAV.
Luis Corrales, PhD EPN-DACI
60

Broadcast-based shared medium


Host A is sending 802.11
frames to another host via
the AP.
All other 802.11 devices in
BSS (on this channel) and
within range of the signal
will see the frame.
802.11 framing provides
addressing, so only the AP
knows it is the next-hop
receiver.
Other 802.11 devices
within this BSS can sense
that the medium is in use
and will update their NAV
values.

Luis Corrales, PhD EPN-DACI

What if a station is in range of the AP but not


the Host A? (Hidden node problem )
61

802.11 Medium Access


Mechanisms
DCF Operations
Hidden Node Problem
RTS/CTS
Frame Fragmentation

Luis Corrales, PhD EPN-DACI

62

Hidden Node Problem

What if a station is in range of the AP but not other hosts, like the
transmitting host?
Wireless networks have fuzzy boundaries, sometimes where may not be able
to communicate/see every other node.
Hidden nodes can be caused by:
Hosts are in range of the AP but not each other.
An obstacle is blocking the signal between the hosts.
Luis Corrales, PhD EPN-DACI

63

Hidden Node Problem

The problem is collisions.


Collisions occur at the AP (or another station in an IBSS).
Both stations assume the medium is clear and transmit near the same
time, resulting in a collision.
The AP cannot properly receive either signal and will not ACK either one.
Both stations restransmit, resulting in more collisions.
Throughput is significantly reduced, up to 40%.

Luis Corrales, PhD EPN-DACI

64

Hidden Node Problem

Solutions:
Move the node
Remove the obstacle
Use RTS/CTS (Request to Send / Clear to Send)

Luis Corrales, PhD EPN-DACI

65

802.11 Medium Access


Mechanisms
DCF Operations
Hidden Node Problem
RTS/CTS
Frame Fragmentation

Luis Corrales, PhD EPN-DACI

66

RTS/CTS Solution

Luis Corrales, PhD EPN-DACI

67

RTS/CTS Solution

Vivian attempts to reserve the medium using

an RTS control frame to the AP.


The RTS frame indicates to the AP and all
stations within range, that Vivian wants to
reserve the medium for a certain duration of
time, message, ACK, and SIFS.
The hidden node stations cannot see the RTS.
The AP replies to Vivian with a CTS, which all nodes, including the hidden
node can see.
Vivian transmits the frame.
The AP returns an ACK to Vivian.
The AP sends the message to George who returns an ACK to the AP.

Luis Corrales, PhD EPN-DACI

68

RTS/CTS Solution
RTS/CTS consumes a fair amount of capacity
and overhead, resulting in additional latency.
Normally used in high capacity environments.
The RTS/CTS procedure can be
enabled/controlled by setting the RTS threshold
on the 802.11 client NIC.
RTS/CTS is also used during frame
fragmentation.
Luis Corrales, PhD EPN-DACI

69

Setting the RTS Threshold on a Cisco


Client
RTS Threshold
Specifies the data packet
size beyond which the lowlevel RF protocol invokes
RTS/CTS flow control.
A small value causes RTS
packets to be sent more
often, which consumes more
of the available bandwidth.
Small values, however help
the system recover from
interference or collisions

Luis Corrales, PhD EPN-DACI

70

RTS/CTS Example
HN-A
RTS/CTS

E
C

AP

HN-B
RTS/CTS

Stations C, D, E, and F can see traffic (signals) from all stations

including HN-A and HN-B (and visa versa).


HN-A and HN-B can not see each other, but can communicate with the
AP.
RTS/CTS is enabled on HN-A and HN-B, so that the AP will respond
with a CTS that the other HN station will see.
If it wasnt for the other HN station, neither HN would need RTS/CTS

Luis Corrales, PhD EPN-DACI

71

802.11 Medium Access


Mechanisms
DCF Operations
Hidden Node Problem
RTS/CTS
Frame Fragmentation

Luis Corrales, PhD EPN-DACI

72

Frame Fragmentation

Since we have already discussed RTS/CTS, lets also discuss frame


fragmentation.
Later, we will see that RTS/CTS and fragmentation are typically combined.
Frame fragmentation is a MAC layer function that is designed to increase the
reliability of transmitting frames across a wireless medium.

Luis Corrales, PhD EPN-DACI

73

Frame Fragmentation

In a hostile wireless medium (interference, noise) larger frames may have


more of a problem reaching the receiver without any errors.
By decreasing the size of the frame, the probability of interference during
transmission can be reduced.
Breaking up a large frame into smaller frames, allows a larger percentage of
frames to arrive undamaged (without errors).
Easier to poor sand down a hole than boulders.
Luis Corrales, PhD EPN-DACI

74

Frame Fragmentation

Frame fragmentation can increase the reliability of frame transmissions but there is
additional overhead:
Each frame fragment includes the 802.11 MAC protocol header.
Each frame fragment requires a corresponding acknowledgement.
If a frame fragment encounters errors or a collision, only that fragment needs to be
retransmitted, not the entire frame.
The frame control field includes information that this is a fragmented frame.
Luis Corrales, PhD EPN-DACI

75

802.11 Data Frames and


Addressing

Helps to understand this because it is not dependent upon the


802.11 Physical layer.
Luis Corrales, PhD EPN-DACI

76

Ethernet MAC Addressing


X
xxx

Y
Distribution System (DS)
Access Point 1

Access Point 2

xxx

yyy

C
D

yyy

Pseudo MAC address of hosts

xxx

yyy
IP Packet

Luis Corrales, PhD EPN-DACI

77

802.11 MAC Addressing


The LLC encapsulation will be
explained later in this presentation.

General 802.11 Frame

Four address fields


The number and function of the address fields is dependent upon the source
and destination for the 802.11 frame.
Before we look at how these addresses are used, lets look at the different
source and destination options.
Address 4 is optional and not commonly used, except for WDS (wireless
distribution system, bridge to bridge).

Luis Corrales, PhD EPN-DACI

78

802.11 MAC Addressing - DS


X
Y
Distribution System (DS)
Access Point 1

Access Point 2

C
B

Distribution System (DS)


The distribution system is the logical component of 802.11 used to
forward frames to their destination. 802.11 does not specify any
particular technology for the distribution system. Matthew Gast
The DS is the exiting network from the AP. (For purposes of this
discussion.)
It can be a wired network (Ethernet) or a wireless network (wireless
bridge) or something else.
We
assume it is a wired network
for these discussions.
Luis Corrales,
PhDwill
EPN-DACI
79

802.11 MAC Addressing


Frame Control Field
General 802.11 Frame

To DS: indicates if frame is destined for the DS or AP (1 bit).


From DS: indicates if frame is sourced from the DS or AP (1bit).

Luis Corrales, PhD EPN-DACI

80

802.11 MAC Addressing


Frame Control Field
General 802.11 Frame

Function
IBSS (no AP)
To AP
From AP
Luis Corrales, PhD EPN-DACI
Wireless
bridge to bridge

0
1

ToDS
0
1
1
1 81

FromDS
0
0

Note: Some
documentation is
misleading stating that the
ToDS is set to 1 only when
the destination is on the
wired side of the AP.

802.11 MAC Addressing


X
xxx

Y
Distribution System (DS)
Access Point 1

Access Point 2

111

C
D

aaa

bbb
aaa

bbb

111

Pseudo MAC address of hosts and BSSID of


AP1

Options:
Host A to Host B
Host A to Host X
Frames to and from a BSS (Basic Service Set) must go via the access point.
The access point is a layer 2 bridge (translation bridge) between the 802.11
network and the 802.3 network.
Luis Corrales, PhD EPN-DACI

82

802.11 MAC
Addressing
X
The BSSID

xxx

Y
Distribution System (DS)
Access Point 1

Access Point 2

111

B
aaa

bbb

General 802.11 Frame

Each BSS is assigned a BSSID.


Not to be confused with SSID or ESSID.
In a BSS, the BSSID is the MAC address of the wireless interface.
Luis Corrales, PhD EPN-DACI

83

802.11 MAC
Addressing
X
xxx

Y
Distribution System (DS)

The BSSID

Access Point 1

General 802.11 Frame

aaa

Access Point 2

111

B
bbb

Besides the BSSID MAC address, the access point has a MAC address for
other interfaces.
Ethernet (LAN)
Ethernet (WAN)
802.11a for dual mode APs
Luis Corrales, PhD EPN-DACI

84

802.11 MAC
Addressing
Host A to Host B

X
xxx

Y
Distribution System (DS)
Access Point 1

Access Point 2

111

B
General 802.11 Frame

aaa

bbb

Address 1 Receiver address


Address 2 Transmitter address
Address 3 Ethernet/wireless SA, Ethernet/wireless DA, or BSSID
Transmitter: Sends a frame on to the wireless medium, but may not be the
original source (didnt necessarily create the frame), i.e. AP
Receiver: Receives a frame on the wireless medium, but may not be the final
destination, i.e. AP
Luis Corrales, PhD EPN-DACI

85

802.11 MAC
Addressing

X
xxx

Host A to Host B

Y
Distribution System (DS)
Access Point 1

A
aaa
Host A to AP 1

Trans.

111

aaa

Rec.

Trans.

bbb

111

DA

111

B
bbb

bbb

AP1 to Host B

Rec.

Access Point 2

SA

aaa

Address 1 Receiver address


Address 2 Transmitter address
Luis Address
3 Ethernet/wireless SA, Ethernet/wireless
DA, or BSSID
Corrales, PhD EPN-DACI
86

802.11 MAC Addressing


Distribution System (DS)
IP Packet

General 802.11 Frame


L IP Packet
L
C

Access Points are translation bridges.


From 802.11 to Ethernet, and from Ethernet to 802.11
The data/frame body is re-encapsulated with the proper layer 2 frame
(Ethernet or 802.11).
LuisCertain
addresses are copied between 87the two types of frames.
Corrales, PhD EPN-DACI

802.11 MAC
Addressing

X
xxx

Y
Distribution System (DS)

Host A to Host X

Access Point 1

A
aaa
Host A to AP 1
802.11 Frame

Rec.

Trans.

111

aaa

DA

Access Point 2

111

C
D

bbb

xxx

0
copied

Host A to AP 1
xxx

aaa

The Ethernet DA and SA are the source and destination addresses just like on
traditional Ethernet networks.
Destination Address Host X
Luis Corrales,
PhD EPN-DACI
88
Source
Address Host A

LLC Logical Link Control

General 802.11 Frame


L IP Packet
L
C

The IP Packet is in an LLC frame which is encapsulated in a MAC frame.


802.11 does not include a protocol type field.
An 8 byte SNAP field is added to the LLC to indicate the layer 3 data being
carried in the data field.
The rest of the information within the LLC is not really relevant.
Luis Corrales, PhD EPN-DACI

89

LLC Logical Link Control

The only word of caution is that there are two types of LLC encapsulation, RFC
1042 and 802.1h.
On a rare occasion, you might find a problem with a client associating to an AP
when their LLCs do not match.

Luis Corrales, PhD EPN-DACI

90

Station Connectivity
Successful
Authentication

State 1
Unauthenticated
Unassociated

Successful
Association

State 2
Authenticated
Unassociated
Deauthentication

State 3
Authenticated
Associated
Disassociation

Station connectivity is a explanation of how 802.11 stations select and


communicate with APs.
Luis Corrales, PhD EPN-DACI

91

Station Connectivity
Probe
process

Authentication process
Successful
Authentication

State 1
Unauthenticated
Unassociated

Association process
Successful
Association

State 2
Authenticated
Unassociated
Deauthentication

State 3
Authenticated
Associated
Disassociation

Three processes:
Probe Process (or scanning)
The Authentication Process
The Association Process
Only after a station has both authenticated and associated with the access
point can it use the Distribution System (DS) services and communicate with
devices beyond the access point.
Luis Corrales, PhD EPN-DACI

92

Station Connectivity Probe Process


The Probe Process (Scanning) done
by the wireless station
Passive - Beacons
Active Probe Requests
Depends on device drive of wireless
adapter or the software utility you are
using.
Cisco adapters do active scanning
when associating, but use passive
scanning for some tests.
In either case, beacons are still
received and used by the wireless
stations for other things besides
scanning (coming).
Luis Corrales, PhD EPN-DACI

93

Station Connectivity Passive


Scanning
Passive Scanning

Saves battery power


Station moves to each channel and
waits for Beacon frames from the AP.
Records any beacons received.
Beacon frames allow a station to find out
every thing it needs to begin
communications with the AP including:
SSID
Supported Rates
Kismet/KisMAC uses passive scanning

Luis Corrales, PhD EPN-DACI

94

Station Connectivity Passive


Scanning

Luis Corrales, PhD EPN-DACI

95

Station Connectivity Passive


Scanning
Note: Most of these
beacons are received
via normal operations
and not through
passive scanning.

Luis Corrales, PhD EPN-DACI

96

Station Connectivity Passive


Scanning

AP features (options)
The SSID can be hidden or cloaked in the beacon frame (can be done
on Cisco APs)
Do not send AP broadcast beacons (not an option with Cisco APs)
From some mailing lists:
SSID cloaking and beacon hiding isn't necessarily a bad thing, but too many
places use it as the only protection because it leads to a false sense of security.
Obscurity != security. Too many companies blindly trust that no beaconing or
hiding their SSID means they're automatically safe.
Luis Corrales, PhD EPN-DACI

97

Station Connectivity Active Scanning

Active Scanning: Probe Request


This process is not mandatory on with
802.11.
A Probe Request frame is sent out on every
channel (1 11) by the client.
APs that receive Probe Requests must reply
with a Probe Response frame if:
SSID matches or
Probe Request had a broadcast SSID (0
byte SSID)
NetStumber uses active scanning

From the client

Luis Corrales, PhD EPN-DACI

98

Station Connectivity Active Scanning

Active Scanning: Probe Response


On BSSs the AP is responsible for replying to
Probe Requests with Probe Responses.
Probe Responses are unicast frames.
Probe Responses must be ACKnowledged by
the receiver (client).
Like a beacon, Probe Response frames allow a
station to find out every thing it needs to begin
communications with the AP including:
SSID
Supported Rates

From the AP

Luis Corrales, PhD EPN-DACI

99

1
3

Station Connectivity Multiple APs

Most likely Vivian will


communicate with AP 2,
which matches her SSID
and has the stronger signal
strength.

How a station chooses an AP is not specified in 802.11.


It is left up to the vendor.
It could be, Matching SSIDs, Signal Strength, Supported data rates.
Luis Corrales, PhD EPN-DACI

100

Station Connectivity
Hey, I didnt
do anything
and I am on
the Internet!

No SSID
Probe Request
Broadcast (no) SSID
ACK

Probe Response
SSID = tsunami

Access Points can be configured whether or not to allow clients with broadcast SSIDs
to continue the connectivity process.
If there is no authentication on the AP, then the client will most likely associate
and be on their network!
Cisco APs use a default SSID of tsunami known as the guest mode SSID. (coming)
Unless this feature is disabled or authentication is enabled, anyone can easily
associate with your AP and access your network (or the Internet).

Luis Corrales, PhD EPN-DACI

101

Station Connectivity
Probe
process

Authentication process
Successful
Authentication

State 1
Unauthenticated
Unassociated

Association process
Successful
Association

State 2
Authenticated
Unassociated
Deauthentication

State 3
Authenticated
Associated
Disassociation

Station connectivity processes:


Probe Process (or scanning)
The Authentication Process
The Association Process
Only after a station has both authenticated and associated with the access
point can it use the Distribution System (DS) services and communicate with
devices beyond the access point.
Luis Corrales, PhD EPN-DACI

102

Authentication Process

On a wired network, authentication is implicitly provided by the physical


cable from the PC to the switch.
Authentication is the process to ensure that stations attempting to associate
with the network (AP) are allowed to do so.
802.11 specifies two types of authentication:
Open-system
Shared-key (makes use of WEP)
Luis Corrales, PhD EPN-DACI

103

Authentication Process Open-System

Open-system authentication really no authentication.


Open-system authentication is the only method required by 802.11
You could buy an AP that doesnt support Shared-key
The client and the station exchange authentication frames.
Luis Corrales, PhD EPN-DACI

104

Authentication Process Shared-Key

Shared-key authentication uses WEP (Wired Equivalent Privacy) and can only be used
on products that support WEP.
WEP is a Layer 2 encryption algorithm based on the RC4 algorithm.
802.11 requires any stations that support WEP to also support shared-key
authentication.
WEP and WPA will be examined more closely when we discuss security.
For now both the client and the AP must have a shared-key, password.

Luis Corrales, PhD EPN-DACI

105

Authentication Process

Well look at the configuration of the client and AP later!


Example of open-system authentication.
Note: On some systems you can configure authentication (WEP) and WEP
encryption separately. On the ACU you can have open-system authentication
and also have WEP encryption. However, if you have Shared-key (WEP)
Luisauthentication,
Corrales, PhD EPN-DACI you must use WEP encryption.
106

Authentication Process
Authentication
Open-System
Shared-Key (WEP)

or

Encryptiononly
None
WEP

Luis Corrales, PhD EPN-DACI

107

Station Connectivity
Probe
process

Authentication process
Successful
Authentication

State 1
Unauthenticated
Unassociated

Association process
Successful
Association

State 2
Authenticated
Unassociated
Deauthentication

State 3
Authenticated
Associated
Disassociation

Station connectivity processes:


Probe Process (or scanning)
The Authentication Process
The Association Process
Only after a station has both authenticated and associated with the access
point can it use the Distribution System (DS) services and communicate with
devices beyond the access point.
Luis Corrales, PhD EPN-DACI

108

Association Process
1. Association Request
2. Association Response

The association process is logically equivalent to plugging into a wired


network.
Once this process is completed, the wireless station can use the DS and
connect to the network and beyond.
A wireless station can only associate with one AP (802.11 restriction)
During the 802.11 association process the AP maps a logical port known as
the Association Identifier (AID) to the wireless station.
The AID is equivalent to a port on a switch and is used later in Power Save
Options.
The association process allows the DS to keep track of frames destined for
the wireless station, so they can be forwarded.
Luis Corrales, PhD EPN-DACI

109

Association Process

Association Request Frame (From client)


Listen Interval This value is used by the Power Save Operation (later).
Informs AP how often it will wake-up to receive buffered frames.
Supported Rates What data rates the client station supports.
Association Response Frame (From AP)
Status Code Indicates success or reason for failure.
AID A value assigned to this station for the Power Save Operation (later).
Supported Rates - What data rates the AP supports.

Luis Corrales, PhD EPN-DACI

110

Station Connectivity
Probe
process

Authentication process
Successful
Authentication

State 1
Unauthenticated
Unassociated

Association process
Successful
Association

State 2
Authenticated
Unassociated
Deauthentication

State 3
Authenticated
Associated
Disassociation

Traffic can now flow between the client and the AP.
Disassociation and deauthentication can be due to:
Inactivity
The AP cannot handle all currently associated stations
Station has left BSS
etc.
Luis Corrales, PhD EPN-DACI

111

Roaming
Not yet covered under
802.11.

A WLAN designer must determine whether clients will require seamless


roaming from access point to access point.
Not yet standardized by IEEE 802.11 (working on it), most vendors use IAPP
(Inter-Access Point Protocol).
Task Group F: A Standard IAPP

Luis Corrales, PhD EPN-DACI

112

Roaming

Initial Association:
Probing (Probe Request, Probe Response)
Note: 802.11 does not specify how the client determines which AP to
associate with , so it depends on vendor implementation.
Authentication (Authentication Request, Authentication Response)
Association (Association Request, Association Response)
802.11 does not allow associating with more than one AP.
Luis Corrales, PhD EPN-DACI

113

Roaming

Several factors need to be considered when designing a WLAN with seamless


roaming capabilities:
Coverage must be sufficient for the entire path.
A consistent IP address should be available throughout the entire path.
Until standardized by IEEE 802.11, access points will most likely need to
be from the same vendor.
Luis Corrales, PhD EPN-DACI

114

IAPP: Please
send buffered
frames for

Roaming
IAPP: Ok!

* Packet - Source
MAC of client

The client initiates the roaming (re-association)


process.
As the client is moving out of range of its
associated AP, the signal strength will start to
drop off.
At the same time, the strength of another AP
will begin to increase.
The re-association process then occurs,
Luis Corrales,
PhD EPN-DACI
115
including
authentication.

* AP(B) must update MAC


address tables on
infrastructure switches to
prevent to loss of data.
AP(B) sends an Ethernet
frame to AP(A) with the
source MAC address of the
client so all the switches
can update their SAT/MAC
tables.

Roaming

Scans for a better access point if


the signal strength falls below a
threshold value.
The following options define signal
strength and wait thresholds that
trigger a new scan.

When Adapter Has Been Associated for at LeastThe number of seconds the client
adapter waits after connecting before searching for a better access point. This threshold
keeps the client adapter from jumping from one access point to another too quickly
after the initial connection.
Signal Strength is Less ThanThe signal strength threshold below which the client
adapter should search for a better access point. This threshold keeps the client adapter
from jumping from one access point to another when both have strong signals.
Example: When using the default values of 20 seconds and 50%, the client adapter
monitors the signal level 20 seconds after connecting and every second thereafter. If the
client detects that the signal strength is below 50%, it scans for a better access point.
After the access point connects to a better access point, this scanning process repeats.

Luis Corrales, PhD EPN-DACI

116

Scalability
APs are on
different channels

Scalability is the ability to locate more than one access point in the same
area.
This will increase the available bandwidth of that area for all users local to
that access point.
The current Cisco Aironet products are frequency agile.
This means that they can look for and use the best channel.
Three non-overlapping and non-interfering channels, up to a theoretical 33
Mbps per cell.
Users still only operate at a maximum theoretical value of 11 Mbps
Luis Corrales, PhD EPN-DACI

117

Scalability
APs are on
different channels

In the case of 802.11a, there are eight non-overlapping channels, each up to


a theoretical bandwidth of 54 Mbps.
This means that a maximum of eight discrete systems can reside in the same
area, with no interference.
Therefore, the highest aggregate total data rate for an 802.11a system is a
theoretical 432 Mbps, for a given cell area.
Remember that any connected user will still only receive up to 54 Mbps.
Luis Corrales, PhD EPN-DACI

118

Scalability

Specifies the channel number and frequency that the client adapter uses for
communications. The channels conform to the IEEE 802.11 Standard for your
regulatory domain.
In infrastructure mode, this option is set automatically and cannot be
changed. The client adapter listens to the entire spectrum, selects the best
access point, and then uses the same channel as that access point.
In ad hoc mode, the channel of the client adapter must match the channel
used by the other clients in the wireless network. If the client adapter does
not find any other ad hoc client adapters, this option specifies the channel on
which the client adapter broadcasts beacons.
Luis Corrales, PhD EPN-DACI

119

Access point coverage and comparison

As a client roams away from the access point, the transmission signals
between the two attenuate (weaken).
Rather than decreasing reliability, the AP shifts to a slower data rate, which
gives more accurate data transfer.
This is called data rate or multi-rate shifting.
As a client moves away from an 802.11b access point, the data rate will go
from 11 Mbps, to 5.5Mbps, to 2 Mbps, and, finally, to 1 Mbps.
This happens without losing the connection, and without any interaction from
the
user.
Luis
Corrales,
PhD EPN-DACI
120

Access point coverage and comparison

The Cisco Aironet 2.4 GHz radio delivers 100 mW of output and offers a high
degree of receiver sensitivity.
The 5 GHz client radio has a 20 mW transmit power and the 5 GHz access
point has a 40 mW transmit power.
It is possible to adjust the power level down, to create pico-cells, or smaller
coverage cells.
This would be done, for example, to prevent the coverage area of one AP
from extending too far into the coverage area of another AP.
Luis Corrales, PhD EPN-DACI

121

Sets the transmit power level of the radio. Select a value for Transmit Power
that is no greater than the maximum allowed by the regulatory body in your
country (FCC in the United States, ETSI in Europe, and MKK in Japan).
Reducing the transmit power conserves battery power, but it reduces the
range of the radio. The default power level is the maximum power allowed by
the regulatory agency in your country.
Note: If World Mode is enabled, the transmit power is limited to the
maximum level allowed by the regulatory agency of the country where the
adapter is used.
Luis Corrales, PhD EPN-DACI

122

Multirate implementation

Provides for seamless roaming, but not at a constant speed.


This example takes advantage of multi-rate technology, to step down in
bandwidth and gain greater coverage distances, with a single access point.
If 11 Mbps is required everywhere, the access points would need to be
relocated, so that only the 11-Mbps circles are touching each other, with
some overlap.
This would require a greater number of APs, but consistent bandwidth would
be achieved.
Luis Corrales, PhD EPN-DACI

123

Channel usage and interference

Remember that the 802.11 standard uses the unlicensed spectrum and,
therefore, anyone can use these frequencies.
Luis Corrales, PhD EPN-DACI

124

Bridge Topologies
More on Bridges Later

Luis Corrales, PhD EPN-DACI

125

Distance limitations

The 802.11 standard sets a time limit for the acknowledgement of packets.
Remember that 802.11 also defines a Local Area Network, which means a typical
wireless range of up to 305 m (1000 ft), not several kilometers or miles.
The bridge products have a parameter that increases this timing, whereas the
workgroup bridge and AP does not.
The timing is increased, by violating the 802.11 standard.
This allows the Cisco devices to operate at greater distances.
Any wireless bridge that supports distances over one mile must violate 802.11.
This means that radios of other 802.11 vendors may not work with the Cisco bridges
when the distances are greater than 1.6 km (1 mile).

Luis Corrales, PhD EPN-DACI

126

Root modes

Cisco Aironet access points and bridges have two different root modes, in
which to operate the following:
Root = ON
The bridge or AP is a root.
If it is a bridge, then it is called the master bridge.
Root = OFF
The bridge or AP is not a root, non-root.
Luis Corrales, PhD EPN-DACI

127

Root modes

Luis Corrales, PhD EPN-DACI

128

Root modes
on

on
off
off

off

off

Luis Corrales, PhD EPN-DACI

129

Point-to-point configuration

When using point-to-point wireless bridges, two LANs can be located up to


40 km (25 miles) apart.
The antennas must have line-of-site with each other.
Obstacles such as buildings, trees, and hills will cause communication
problems.
In this configuration, the Ethernet segments in both buildings act as if they
are a single segment.
The bridge does not add to the Ethernet repeater count because this
segment is viewed by the network as a cable.
Luis Corrales, PhD EPN-DACI

130

Point-to-point configuration

Many corporations would like to have more bandwidth between two


locations, than the 11 Mbps provided by the 802.11b standard.
Currently, with Cisco IOS, it is possible to use Fast Etherchannel or multi-link
trunking, to bond or aggregate up to three bridges together.
This gives the customer the potential for 33 Mbps.
Luis Corrales, PhD EPN-DACI

131

Point-to-multipoint configuration
root

Non-root

Non-root

For multipoint bridging, an omni directional antenna is typically used at the


main site.
Directional antennas are used at the remote sites.
In this configuration, again, all the LANs appear as a single segment.
Traffic from one remote site to another will be sent to the main site and then
forwarded to the other remote site.
Remote sites cannot communicate directly with one another.
Line of sight must be maintained between each remote site and the main
site.
Luis Corrales, PhD EPN-DACI

132

Basic Topologies

Peer-to-Peer (Ad Hoc)


Topology (IBSS)

Basic Infrastructure
Topology (BSS)

Extended
Infrastructure
Topology (ESS)

Luis Corrales, PhD EPN-DACI

133

BLUETOOTH
Es una tecnologa desarrollada por Ericsson en 1994,
que hace factible la conectividad inalmbrica entre
dispositivos a corta distancia, stos pueden llegar a
formar redes con diversos equipos de comunicacin:
computadoras mviles, radiolocalizadores, telfonos
celulares, PDAs, e, inclusive, electrodomsticos.

Originally defined so as to replace wire/cable


technology for cellular telephony. In fact, Bluetooth is
far more than a communications protocol; it is a full
communications application stack.

Luis Corrales, PhD EPN-DACI

134

BLUETOOTH: protocol stack

Luis Corrales, PhD EPN-DACI

135

BLUETOOTH
The lower communications layers of Bluetooth
have been published as IEEE standard 802.15.1.
For the original task of device connection, Bluetooth
offers a rich suite of functionalities, including enabling
walk-up linking without user interaction and
establishing voice connection.

Luis Corrales, PhD EPN-DACI

136

BLUETOOTH
La tecnologa CMOS utilizada en el chip permite
reducir tanto los costos como el consumo de energa;
de esta forma se reduce a aproximadamente del 97%
el uso de energa, comparado con un telfono mvil.

Luis Corrales, PhD EPN-DACI

137

BLUETOOTH
Bluetooth networking is intentionally limited to a
maximum of eight Bluetooth nodes, which together
form a piconet (Figura abajo).

Luis Corrales, PhD EPN-DACI

138

BLUETOOTH
Se puede formar una Scatter net a travs de la tcnica
de multiplexacin de divisin de tiempo dplex (TimeDivision Duplex TDD). Esta tcnica de multiplexacin
emplea intervalos de tiempo de 625s, para lograr
una transmisin bidireccional (full-dplex) entre los
dispositivos conectados.

Luis Corrales, PhD EPN-DACI

139

BLUETOOTH
When a node is included in more than one piconet,
that node then assumes the task of forwarding
messages to/from the other piconet, adding
to the complexity of Bluetooth networking.

Luis Corrales, PhD EPN-DACI

140

BLUETOOTH

Canales mximos de datos: 7 por piconet


Rango esperado del sistema: hasta 721 kbit/s por piconet
Nmero de dispositivos: 8 por piconet y hasta 10 piconets
Alimentacin: 2,7 voltios
Consumo de potencia: desde 30 uA a 30 mA transmitiendo
Tamao del Mdulo: 0.5 pulgadas cuadradas (9x9 mm)
Interferencia: Bluetooth minimiza la interferencia potencial al emplear saltos
rpidos en frecuencia1600 veces por segundo.
Luis Corrales, PhD EPN-DACI

141

BLUETOOTH
The most attractive feature of Bluetooth for industrial
automation purposes is its use of forward error
correction (FEC) for delivering messages without error
and without requiring retransmission.
The drawback of FEC is loss of efficiency: a 1 Mbps
communications channel can deliver only 721 Kbps.

Luis Corrales, PhD EPN-DACI

142

BLUETOOTH
A multivendor consortium defined Bluetooth, not a
standards organization. Just like 802.11b and 802.11g,
it operates in the unlicensed 2.4 GHz frequency band,
but uses frequency-hopping spread-spectrum
technology that hops faster than the original FHSS of
802.11.
As a result, the presence of Bluetooth in close
proximity to Wi-Fi nodes causes the signal for the
WLAN to degrade, spelling disaster for Wi-Fi
transmissions.
Luis Corrales, PhD EPN-DACI

143

BLUETOOTH
La distancia nominal de un enlace puede variar desde
10 centmetros a 10 metros, pero se puede aumentar
a ms de 100 m elevando la potencia de transmisin.

Luis Corrales, PhD EPN-DACI

144

BLUETOOTH
While there is no protocol yet to help such nodes
avoid signal degradation, many early suppliers of
nodes with both Bluetooth and Wi-Fi have been able
to synchronize transmissions to avoid degradation.
Suppliers of 802.11a, which operates in the 5 GHz
unlicensed band, are quick to point out that they
avoid signal degradation from Bluetooth completely.
Nevertheless, 802.11g suffers the same problems as
802.11b in the presence of Bluetooth.
Luis Corrales, PhD EPN-DACI

145

Proprietary or Non-Standard Wireless


Networks
Standards take a long time to be developed, much
slower than the pace of technology. Commercial
suppliers often cannot wait for the approval of a
standard, or may have a product concept that
adequately fulfills the network requirements more
than any proposed standard.
These companies will often introduce their network
products hoping to establish a market in the absence
of standardized networks.

Luis Corrales, PhD EPN-DACI

146

Proprietary or Non-Standard Wireless


Networks
Currently, two suppliers, Honeywell and Adaptive
Instruments, both offer their own wireless networks
for process control field instrumentation. Both
networks use frequency hopping spread spectrum
operating in the 915 MHz ISM(Industrial, Scientific,
and Medical) band.
These networks are capable of passing data at rates
that vary from 4.8 to 76.8 Kbps over distances that
vary from 780m to 175m, respectively.

Luis Corrales, PhD EPN-DACI

147

Proprietary or Non-Standard Wireless


Networks
Their devices are battery powered and have battery
life estimated to be several years. Both of these
networks are configured with a wired base-station
located close to the field instruments, and form direct
links to each instrument from the base station.
Additionally, Dust Networks is another supplier using
frequency hopping in the 915 MHz ISM band, but with
integral mesh networking technology. Dust sells OEM
modules to be used by other manufacturers to build
wireless transmitters.

Luis Corrales, PhD EPN-DACI

148

Wireless versus Wired Networks


Wired networks, such as Ethernet, are designed for
communications between fixed locations. Wireless
networks, such as Wi-Fi, are designed for
communications between devices.
The distinction is lost for fixed-location devices, but
device mobility is a primary benefit of wireless.
However, the primary applications for wireless in
industrial automation is expected to be between fixed
locations.

Luis Corrales, PhD EPN-DACI

149

Wireless versus Wired Networks


Wireless networks will often need a wired connection
to a computer or to the wired network, a source of
power, and radios. Estimating the cost of a wired
network is easy. It is the sum of the cost of the
network cable, junctions, and connecting wires; the
cable and junction installation; the network
interfaces; and the long-term maintenance of the
installed wiring plant.
Wireless networks are more difficult to estimate. They
include the cost of wiring to access points, access
point equipment, wireless interfaces, and long-term
wireless troubleshooting and maintenance.
Luis Corrales, PhD EPN-DACI

150

Wireless versus Wired Networks


The other notable problem of wireless devices is that
they still need a power source. Wired network nodes
can draw power from the local AC receptacle, but
mobile wireless devices depend on batteries or some
alternative power source.
Of course, you can always plug the wireless device
into a local power source, but then you lose the
mobility advantage and incur the cost of installing
power connections at the device.

Luis Corrales, PhD EPN-DACI

151

Wireless versus Wired Networks


The recent PoE (Power over Ethernet) standard, IEEE
802.3af was created to help resolve this problem by
transporting electrical power on the wired Ethernet
network so it can be used by wireless access points.
Nowadays, there is much acceptance for this
standard, and it will become well accepted once
products are sold for it.
However, PoE still does not address the issue of
powering the wireless device itself.

Luis Corrales, PhD EPN-DACI

152

Wireless Network Topologies


Wired networks have a layout or topology that is
determined by the location of the nodes and network
components.
Wireless networks are not so easily described. The
topology of a wireless network is determined by the
logical capabilities of the network components.
Often the user must determine how the
wireless networks topology is to be configured after
installation, or perhaps after some usage
determinations.
Luis Corrales, PhD EPN-DACI

153

Star
The most typical or default arrangement for a wireless
network is a star cluster in which the wireless access
point is at the center, as illustrated in the nest Figure.
Each wireless device then communicates only with the
common access point, which is usually connected via
wires to a network switch. This arrangement then
places all of the wireless devices into the same
collision domain, presuming that this is an Ethernetbased network. Usually, this arrangement presents no
problem since the access point itself will be unable to
receive more than one message at a time and will
ignore whichever began second.
Luis Corrales, PhD EPN-DACI

154

Star

Luis Corrales, PhD EPN-DACI

155

Tree
As in wired networks, wireless networks can be
organized into a tree topology.
Each field unit is configured to a network that
is connected to a specific switch/access point. That
access pointis then hierarchically connected to
another access point closer to the wired network.

The topology appears as illustrated in the following


Figure.

Luis Corrales, PhD EPN-DACI

156

Tree

Luis Corrales, PhD EPN-DACI

157

Mesh
The newest and most revolutionary form of network is
called a mesh. In a mesh network each station is both
an end device and a network forwarding element.
Mesh networks are naturally self-healing and
redundant exactly the property needed for
industrial automation networks.
In a mesh network, each station is responsible for
forwarding a network transmission not intended for
itself to other stations within its radio range.

Luis Corrales, PhD EPN-DACI

158

Mesh
Those stations, in turn, send the transmission
to at least one other station within its radio range, as
illustrated in the next Figure.
Therefore, the network becomes very redundant,
fault-tolerant, and extended in range. The drawback
is that each station must remove redundant
messages.

Luis Corrales, PhD EPN-DACI

159

Mesh

Luis Corrales, PhD EPN-DACI

160

Mesh
Since mesh networks that are intended for industrial
automation tend to have 256 or fewer nodes, routing
tables can be small and the routing simple. Routing
tables need to be updated when new nodes appear in
the mesh or for any reason fail to respond to
forwarded messages.
Mesh networks are not new. The Internet itself is a
very large wired mesh network with very complex
routing algorithms.
Since IP addresses do not imply anything about
location, messages routed on the Internet hop from
one node to another that is (hopefully) closer to the
desired destination. Luis Corrales, PhD EPN-DACI

161

El protocolo de comunicacin ZigBee


ZigBee (802.15.4) es un protocolo de comunicacin
inalmbrica desarrollado sin fines de lucro por una
alianza de 100 fabricantes de semiconductores para
tener una tecnologa inalmbrica de bajo costo.
Entre las 100 empresas se encuentran algunas muy
exitosas como: Mitsubishi, Philips, Motorola,
Honeywell, Samsung que trabajan en un sistema
estndar de comunicaciones.
Este protocolo es muy similar al Bluetooh aunque con
marcadas diferencias que destacan:
Luis Corrales, PhD EPN-DACI

162

El protocolo de comunicacin ZigBee


Una red ZigBee puede constar de un mximo de 255
nodos, frente a los 8 mximos de una red Bluetooth.
Menor consumo elctrico que el, ya de por s bajo, del
Bluetooth. En trminos exactos, ZigBee tiene un
consumo de 30ma transmitiendo y de 3ma en reposo,
frente a los 40ma transmitiendo y 20 ma en reposo
que tiene el Bluetooth.
Este menor consumo se debe a que el sistema ZigBee
se queda la mayor parte del tiempo dormido,
mientras que en una comunicacin Bluetooth esto no
se puede dar, y siempre se est transmitiendo y/o
recibiendo.
Luis Corrales, PhD EPN-DACI

163

El protocolo de comunicacin ZigBee


Tiene un ancho de banda de 250 kbps, mientras que el
bluetooth tiene 1 Mbps.
Debido al ancho de banda diferente, uno es ms
apropiado que el otro para ciertas cosas. Por ejemplo,
mientras que el Bluetooth se usa para aplicaciones
como el Wireless USB, los telfonos mviles y la
informtica casera, el ancho de banda del ZigBee se
hace insuficiente para estas tareas, desvindolo a usos
tales como controles remotos, productos dependientes
de la batera, sensores mdicos, y en artculos de
juguetera, en los cuales la transferencia de datos es
menor.
Luis Corrales, PhD EPN-DACI

164

El protocolo de comunicacin ZigBee


ZigBee es un sistema ideal para redes domticas,
especficamente diseado para reemplazar la
proliferacin de sensores/actuadores individuales.
ZigBee fue creado para tener un estndar para redes
Wireless de:
pequeos paquetes de informacin,
bajo consumo,
seguro y
fiable.

Luis Corrales, PhD EPN-DACI

165

El protocolo de comunicacin ZigBee


ZigBee: Stack de comunicaciones

Luis Corrales, PhD EPN-DACI

166

El protocolo de comunicacin ZigBee


ZigBee: Stack de comunicaciones

Luis Corrales, PhD EPN-DACI

167

El protocolo de comunicacin ZigBee


ZigBee: Tramas

Luis Corrales, PhD EPN-DACI

168

El protocolo de comunicacin ZigBee


La seguridad de las transmisiones y de los datos son
puntos clave en la tecnologa ZigBee que utiliza el
modelo de seguridad de la subcapa MAC IEEE 802.15.4,
la cual especifica 4 servicios de seguridad:
Control de accesos: el dispositivo mantiene una lista de
los dispositivos comprobados en la red.
Datos Encriptados, se usa una encriptacin con un
cdigo de 128 bits.

Luis Corrales, PhD EPN-DACI

169

El protocolo de comunicacin ZigBee


Integracin de tramas para proteger que los datos no
sean modificados por otros.
Secuencias de refresco, para comprobar que las tramas
no han sido reemplazadas por otras. El controlador de
red comprueba estas tramas de refresco y su valor, para
ver si son las esperadas.
Depende del dispositivo final para tomar la decisin de
dotarlo de ms o menos seguridad.

Luis Corrales, PhD EPN-DACI

170

El protocolo de comunicacin ZigBee


Un dispositivo ZigBee tpico incluye un circuito
integrado de radio frecuencia (RF IC), una pequea capa
fsica (PHY) que se conecta a un microcontrolador de 8bits de bajo consumo/pequeo voltaje, y perifricos
que pueden estar conectados a un sensor o actuador.
La pila (stack) de protocolos y aplicaciones est
implementada en un chip de memoria tipo flash.
Segn empresas analistas, existen ms de 300 millones
de nodos o dispositivos equipados con la tecnologa
ZigBee, slo en el sector de la domtica.

Luis Corrales, PhD EPN-DACI

171

El protocolo de comunicacin ZigBee


Tipos de dispositivos:
Coordinador de red: es el encargado de mantener en todo
momento el control del sistema. Es el ms complejo de
todos los dispositivos, y necesita memoria y capacidad de
computacin.
Dispositivo de funcin completa (FFD): es capaz de recibir
mensajes del estndar 802.15.4. Puede funcionar como un
coordinador de red. Gracias a su memoria adicional y a su
capacidad de computar, es ideal para funcionar como Router
o para ser usado en dispositivos de red que acten de
interface con los usuarios.
Luis Corrales, PhD EPN-DACI

172

El protocolo de comunicacin ZigBee


Tipos de dispositivos:
Dispositivo de funcin reducida (RFD): tiene capacidad y
funcionalidad limitadas (especificada en el estndar) con el
objetivo de conseguir un bajo costo y una gran simplicidad.
Bsicamente son los sensores/actuadores de la red.
Bandas en las que opera: 2.4 Ghz (mundial), 915 MHz
(EEUU) y 868 MHz (Europa).
Mtodos de transmisin: DSSS, se focaliza en las capas
inferiores de red (Fsica y MAC).
Velocidad de transmisin: 20 kbit/s por canal.
Rango: 10 y 75 metros.
Luis Corrales, PhD EPN-DACI

173

El protocolo de comunicacin ZigBee


Tipos de dispositivos:
Dispositivo de funcin reducida (RFD): tiene capacidad y
funcionalidad limitadas (especificada en el estndar) con el
objetivo de conseguir un bajo costo y una gran simplicidad.
Bsicamente son los sensores/actuadores de la red.
La capa de red soporta mltiples configuraciones de red
incluyendo estrella, rbol, y rejilla, como se muestra en la
figura:

Luis Corrales, PhD EPN-DACI

174

El protocolo de comunicacin ZigBee

Modelo de red ZigBee


Luis Corrales, PhD EPN-DACI

175

El protocolo de comunicacin ZigBee


Las redes ZigBee se han diseado para conservar la potencia
en los nodos esclavos. De esta forma se consigue el bajo
consumo de potencia.
La estrategia consiste en que, durante mucho tiempo, un
dispositivo "esclavo" est en modo "dormido", y solo se
"despierta" por una fraccin de segundo para confirmar que
est "vivo" en la red de dispositivos de la que forma parte.
Esta transicin del modo "dormido" al modo "despierto"
(modo en el que realmente transmite), dura unos 15ms, y la
enumeracin de "esclavos" dura alrededor de 30ms.

Luis Corrales, PhD EPN-DACI

176

El protocolo de comunicacin ZigBee


En la configuracin en estrella, uno de los dispositivos tipo
FFD asume el rol de coordinador de red y es responsable de
inicializar y mantener los dispositivos en la red. Todos los
dems dispositivos zigbee, conocidos con el nombre de
dispositivos finales, hablan directamente con el
coordinador.
En la configuracin de rejilla (mesh), el coordinador ZigBee
es responsable de inicializar la red y de elegir los parmetros
de la red, pero la red puede ser ampliada a travs del uso de
routers ZigBee.

Luis Corrales, PhD EPN-DACI

177

El protocolo de comunicacin ZigBee


Un algoritmo de enrutamiento utiliza una protocolo de
pregunta-respuesta (request-response) para eliminar las
rutas que no sean ptimas.
La red final puede tener hasta 254 nodos (probablemente
nunca se necesite tantos).
Utilizando el direccionamiento local, t puedes configurar
una red de ms de 65000 nodos (216).

Luis Corrales, PhD EPN-DACI

178

El protocolo de comunicacin ZigBee


La trama general de operaciones (GOF) es una capa que
existe entre la de aplicaciones y el resto de capas.
La GOF suele cubrir varios elementos que son comunes a
todos los dispositivos, como el subdireccionamiento y los
modos de direccionamientos y la descripcin de dispositivos,
como el tipo de dispositivo, potencia, modos de dormir y
coordinadores de cada uno.
Utilizando un modelo, la GOF especifica mtodos, eventos, y
formatos de datos que son utilizados para constituir
comandos y las respuestas a los mismos.

Luis Corrales, PhD EPN-DACI

179

El protocolo de comunicacin ZigBee

Esquema tpico de un dispositivo ZigBee

Luis Corrales, PhD EPN-DACI

180