Wireless LAN Configurations
Each computer in a wireless LAN is referred to as a station (STA). A wireless LAN can be set up as a peer−to−peer network (called an ad−hoc network) where two or more stations directly talk to each other, or in the infrastructure mode where a central AP is involved and all communication between the stations is routed through the central AP.
Ad−Hoc Mode
When two or more stations come together to communicate with each other, they form a basic service set (BSS). The minimum BSS consists of two stations. A BSS that stands alone and is not connected to an AP is called an independent basic service set (IBSS) or an ad−hoc network (see Figure 1).
An extended service set (ESS) is formed when two or more BSSs operate within the same network. An ad−hoc network is a network in which stations communicate only peer−to−peer. There are no APs, and no one gives permission to talk.
Mostly these networks are spontaneous and can be set up rapidly. Ad−hoc mode is rarely used, and, when set up, it is only used for temporary purposes.
Infrastructure Mode
A wireless LAN is said to be operating in infrastructure mode (see Figure 2) when two or more BSSs are interconnected using an AP.
APs act like hubs for wireless stations. An AP routes the traffic between the two BSSs. An AP is sometimes connected to a wired network to provide wired network resources to the wireless stations.
Each BSS becomes a component of an extended, larger network. An AP is a station, thus addressable as a router or gateway and routes the network traffic that is intended for the wired network and vice versa. So data moves between the BSS and the wired network with the help of these APs.
Most wireless LANs are constructed to operate in the infrastructure mode configuration. In bigger networks, an infrastructure mode can be further extended to form distributions systems.
Distribution Service Systems (DSSs)
Distribution systems let wireless LANs be connected to the wired world. A distribution system allows the APs to engage in a hierarchical network configuration, which makes those computers in wireless LANs part of the total network.
A distribution system may be created from existing or new technologies. A point−to−point bridge—a network device that interconnects LANs of various types—connecting LANs in two separate buildings could become a DS.
In order for distribution systems to work, they must provide services to the lower−level wireless networks. These services are divided into two sections: distribution system services (DSSs) and station services (SSs).
DSSs provide five basic services: association, reassociation, disassociation, distribution, and integration. The first three services deal with station mobility. If a station is moving within its own BSS or is not moving, the station's mobility is termed no−transition.
If a station moves between BSSs within the same ESS, its mobility is termed BSS−transition. If the station moves between BSSs of differing ESSs, it is ESS−transition. A station must affiliate itself with the BSS infrastructure if it wants to use the LAN.
The station can do this by associating itself with an AP. Associations are dynamic in nature because stations move, turn on, or turn off. A station can only be associated with one AP. This ensures that the DS always knows where the station is.
Association supports no−transition mobility but is not enough to support BSS−transition. The enter reassociation service allows the station to switch its association from one AP to another.
Both association and reassociation are initiated by the station, which wants to join the network. Disassociation is when the association between the station and the AP is terminated. Either party can initiate disassociation.
A disassociated station cannot send or receive data. That is because it is not supported. A station can move to a new ESS, but it will have to reinitiate connections. Distribution and integration are the remaining DSSs.
Distribution is simply getting the data from the sender to the intended receiver. The message is sent to the local AP (input AP) and then distributed through the DS to the AP (output AP) that the recipient is associated with.
If the sender and receiver are in the same BSS, the input and output APs are the same. So the distribution service is logically invoked, whether the data is going through the DS or not. Integration is when the output AP is a portal.
Station services are authentication, deauthentication, privacy, and MAC service data unit (MSDU) delivery. With a wireless system, the medium is not exactly bounded as with a wired system.
In order to control access to the network, stations must first establish their identity. This is much like trying to enter into a secured facility where you must identify yourself before you are allowed to get inside.
In computer networks, before you are allowed a connection, you must first pass a series of tests to ensure that you are who you say you are. In wireless LANs, once a station has been authenticated, it may then associate itself.
The authentication relationship may be between two stations inside an IBSS in an ad−hoc network, or to the AP of the BSS in an infrastructure network. All stations start with unauthorized status until they are authenticated.
Deauthentication is when either the station or AP wishes to terminate a station's authentication. When this happens, the station is automatically disassociated and the connection−related information on the AP is discarded.
Privacy in wireless LANs is achieved through the use of encryption technology. Without encryption, the data is transmitted in the cleartext or plaintext. Data transmitted in cleartext is vulnerable to eavesdropping and tampering by adversaries.
In most wireless LANs, privacy is an optional feature and can be enabled, if higher security is desired. To use a wireless LAN in privacy−enabled mode, the stations and AP must be configured to use the same encryption parameters (technology, encryption keys, and so on); otherwise they will not be able to interpret the received data.
MSDU delivery ensures that the information in the MAC service data unit is delivered between the media access control service APs. The bottom line is that this authentication is basically a network−wide password. Privacy is ensured if encryption is used.