Version 4.1 - 1.8 Wireless Part 2
In this section, we move up the OSI model to the Data Link Layer. There are three types of frames: Control Frames, Management Frames and Data Frames. If you are curious about these frames, set up Wireshark and capture your traffic. Oh yeah - guess what? If you are on a Windows device, you will only see Data Frames. The Management and Control frames will be missing. The Wireshark Wiki Page for WLAN capture setup explains this in detail. You may want to understand the difference between promiscuous mode and monitor mode.
Control Frames facilitate the data frames during exchanges. There are six unique control frames:
*PS-Poll (Power save poll)
*RTS (Ready to Send)
*CTS (Clear to Send)
*ACK
*CF-End (Contention-free End)
*CF-End+CF-ACK (Contention-free End + CF-End ACK)
The last two are not widely deployed, so mainly the first four should be familiar to you.
Management Frames use information elements (IE) and fixed fields to provide services that enable stations to establish and maintain communications. Management packets support authentication, association and synchronization.
Main Management Frame Types
* Beacon Frame
* Probe Request Frame
* Probe Response Frame
* Authentication Frame
* Association Request
* (Re)Association Response
I really don't think you need to know the parts of these frames, but have an idea that they exist and know what they do on the WLAN. If you look at the two lists - all the Control frames deal with physical things / signaling and the Management frames deal with data link things (basically everything else that's not data). Just in case you have a frame (or frame type) and they ask you if it's a control or management frame. That would be fair game, wouldn't it?
At this point I should really talk about the BSSID. I don't think you need to know the difference between BSS and ESS, but know that the BSSID is the Basic Service Set ID. This is the MAC Address of the WLAN Access Point. The SSID is the human-readable name of the BSSID. This would be "Linksys" or "PFRND" or something like that. It's what users know to connect to in an area. Here's the Cisco Doc for Configuring Multiple SSIDs on Aironet Access Points. You can assign ONE SSID to a VLAN. However, you can configure multiple SSIDs (up to 16) and even multiple BSSIDs (up to 8) on Cisco Access Points.
There is a doc on the Meraki site that covers the 802.11 Association Process. The basic process is shown below:
Do you see what I did there? Granted, I could have copied the diagram and put it in this post. But to reinforce the idea, I created a very simple diagram. Doing this reinforces your learning. You could just draw this with colored pencils in your notebook and achieve the same effect. Although simplified, this drawing points your attention to the station AUTHENTICATING first and then ASSOCIATING.
The actual authentication method is a lot more complicated. APs don't just exist on their own in an enterprise network. In reality, the host connects to an Access Point that is connected to a Wireless LAN Controller (WLC). The WLC is configured with Radius Servers. Those Radius Servers [or the Identity Services Engine (ISE)] may further reach out to Active Directory or LDAP for validation of credentials.
Here's a Cisco document on Central Web Authentication with FlexConnect APs on a WLC with ISE Configuration Example. If you understand everything in that document, you're good on this section.
I think there's just two more things to discuss on this section. Most of everything else will be covered later. The next section will discuss Rogue APs and CAPWAP.