In 802.11 standards, the connection procedure includes three major steps that shall be performed to make the device part of the Wi-Fi network and communicate in the network. Those three steps are device discovery (scanning), device authentication (checking compatibility-capability etc. before connection) and then finally establishment of connection (Association). Going forward, this post provides details for each step. The message exchange in connection procedure is shown below.
Figure 1. Connection Process in open system
Figure 2. Messages exchange in Connection Process
Figure 2 shows Wi-Fi sniffer log for messages exchange procedure between Client and AP device at the time of connection, here Client device is Xiaomi and AP is Marvell device.
To join any network first client or station needs to find it the network. In the wired network, just plugging the cable or jack will find the network. In the wireless world, this requires identification of the compatible network before joining process can begin. This identification process of the network is referred as scanning.
Several parameters are needed in the scanning process. These parameters are BSSType, BSSID, channel list, scantype, MinChannelTime and MaxChannelTime. The parameters are set as default depending upon manufacturer Wi-Fi driver, but it can be modified by the user i.e. if the requirement is for hidden network then we can set scantype parameter as passive scan because the active scan is not useful for the hidden network (networks that do not broadcast their SSID).
There are two scanning methods, passive scanning and active scanning.
By default, radios perform both the types of scanning on all the channels allowed by the country of operation. While both the types of scanning are available by default, active scanning is performed only by those channels that are allowed to transmit by regional government regulations. Channels that are not authorized for unlicensed use are excluded from active scanning.
Figure 3. Beacon Frame
Description of mandatory field of a Beacon Frame.
Notice that this information is not only used by potential clients during passive scanning but also by clients that are already associated to the BSS.
A passive scan generally takes more time, since the client must listen and wait for a beacon versus actively probing to find an AP. Another limitation with a passive scan is that if the client does not wait long enough on a channel, then the client may miss an AP beacon.
In the active scanning mode, stations still go through each channel in turn, but instead of passively listening to the signals from AP, stations send a probe request management frame aimed at asking what network is available on this channel. If any AP or active station in an IBSS is presenting that frequency, they should answer with the probe response frame.
Figure 4. Scanning Methods
Once the probe request is sent by the emitting station, it starts a Probe Timer countdown and waits for answers. This Probe Timer value is usually a lot shorter than a beacon interval. Common values are in the 10-millisecond range. At the end of the timer, the station processes the answers it has received. If no answer was received, the station moves to the next channel (on different frequency) and repeats the same discovery process.
The purpose of a probe request is typically to discover APs and their supported networks (SSIDs and/or BSSIDs).
Figure 5. Probe Request/Response Frame
This frame contains mainly two fields, the SSID and the rates supported by the mobile station. Stations that receive Probe Request use the information to determine whether the requesting station can join the network.
The Probe Response frame fields are very similar to Beacon frame fields that enable mobile stations to match parameters and join the network.
After having performed a network discovery through the probe request/probe response exchange or by listening to beacons, a station wanting to join a network goes through an authentication process, exchanging authentication frames with the access point. On reception of the authentication frame, AP sends acknowledgement and then Authentication Response.
The initial purpose of the ‘authentication’ frames to validate the device type, in other words, verify that the requesting station has proper 802.11 capabilities to join the network.
Open system authentication: Information related to capabilities are exchanged between station and AP using Authentication Request. If request is accepted, AP sends “success” in Authentication Response.
Shared key authentication: IEEE 802.11-1997 standard included a WEP shared key exchange authentication mechanism Called “Shared Key”. This shared key exchange adds two more frames to the default Open System authentication, resulting in a four-frame exchange. This latter method is called Shared Key authentication, requires the use of WEP encryption, and is not widely used (and not recommended) today.
First phase of authentication is described above but when WPA or WPA2 is used then second phase of authentication (i.e. 4-way handshaking process) takes place after the device gets associated.
The details regarding Open System authentication and Shared-Key authentication is available in 802.11 security post <Link TBD>.
Figure 6. Authentication frame
As shown above, the Authentication Frame consist of the following fields.
If the 802.11 authentication phase completes with a Success result, the station moves to the Association phase. The purpose of this exchange is for the station to join the network and obtain an Association ID [AID].
Figure 7. Association Request
Figure 8. Association Response
The disassociation frame (DA) can be the unicast MAC address of the station to disassociate or a broadcast address if the AP needs to disassociate all the stations in its network. In case of unicast frame, the frame will get acknowledge by receiving station and the broadcast frames are not acknowledged.
Figure 9. Disassociation Frame
The Disassociation frame is quite small. It contains only one field “Reason code”.
A disassociated station is still authenticated. It can try to re-associate by sending a new Association request frame, keeping its authenticated status. A station roaming to another cell may also choose to use a disassociation frame, to be able to keep its authenticated status and accelerate the process when roaming back to the same cell before its authentication timeout expires.
Figure 10. Disassociation Frame Exchange
This frame is also used when parameters change and the station or the AP needs to renegotiate the communications parameters.
Figure 11. Deauthentication Frame Exchange
Roaming, in the context of an 802.11 wireless network, is the process of a client moving an established Wi-Fi network association from one access point to another access point within the same Extended Service Set (ESS) without losing connection (e.g. within a defined time interval, usually in the range of a few seconds). The roaming time should be smaller for the better performance.
In the roaming process, the mobile device will send the disassociation frame to the previously associated Access Point (AP), and will start re-association process by exchanging 802.11 frames with another access point to which the device wants to connect. The client device scans the another AP then exchange authentication frames after that it will send re-association request, here instead of association re-association request is used and the first 2 steps of connection process remains the same.
Figure 12. Message Exchange in Roaming Process
Figure 13. Roaming representation
Table below shows some of the available APIs in NXP i.MX RT SDK for connection and disconnection process.
Table 1 APIs Available in SDK
|API||Description||Can be called from|
|wifi_send_scan_cmd||Used for scanning the available network. It supports only single SSID based scan. We can extend this to a list of multiple SSIDs.||Station and AP|
|wlan_add_network||Add specific network profile to the list of known networks.||Station and AP|
|wlan_remove_network||Remove specific network profile from the list of known networks.||Station and AP|
|wlan_connect||Connect with specific network (AP).||Station|
|wlan_disconnect||Disconnect the station from network (AP).||Station|
|wlan_start_network||Start specific network.||AP|
|wlan_stop_network||Stop specific network.||AP|
For more details on such APIs refer the document “MCUXpresso_SDK_WLAN_Driver_Reference_Manual.pdf” available at location <SDK Documentation>/docs/wifi.