Tags

,

Beacon frames are used by the access points (and stations in an IBSS) to communicate throughout the serviced area the characteristics of the connection offered to the cell members. This information used by clients trying to connect to the network as well as clients already associated to the BSS.

Beacons are sent periodically at a time called Target Beacon Transmission Time (TBTT)
1 TU = 1024 microseconds
Beacon interval =100 TU (100x 1024 microseconds or 102.4 milliseconds)

Here is the frame format of a Beacon frame.

CWAP - Mgmt-Beacon-01Below shows a beacon frame capture. In the frame body section there are few mandatory fields & few optional fields.  Here are the mandatory fields in a Beacon frame.
1. Timestamp (8 byte)
2. Beacon Interval (2 byte)
3. Capability info (2 byte)
4. SSID (variable size)
5. Supported Rates (variable size)

CWAP - Mgmt-Beacon-30Here is a brief description of each field of a Beacon Frame. If size of the IE specified withing bracket, those elements are fixed length. Other elements are variable in size.

1. Timestamp (8 byte):
A value representing the time on the access point, which is  the number of microseconds the AP has been active.When timestamp reach its max (2^64 microsecond or ~580,000 years) it will reset to 0. This field contain in Beacon Frame & Probe Response frame.

2. Beacon Interval (2 byte)
Beacon Interval field represent the number of time units (TU) between  target beacon transmission times (TBTT). Default value is 100TU (102.4 milliseconds)

3. Capability Information (2 byte)
This field contains number of subfields that are used to indicate requested or advertised optional capabilities.
CWAP - Mgmt-Beacon-034. SSID
Present in all Beacons, probe requests, probe responses,association request & re-association requests. Element ID is 0 for the SSID IE. SSID could have maximum of 32 characters.

CWAP - Mgmt-Beacon-195. Supported Rates
This is present in Beacons, Probe Req, Probe Res, Association Req, Association Res, Reassociation Req and  Reassociation Response. It is 8 octet field where each octet describe a single supported rate. Last bit (7th) of each octet indicate whether the data rate is “basic rate or mandatory” or “supported rate”. If 7th bit value is 1 it indicate a basic rate where as if value is 0 indicate a supported rate. The next 7 bit (0-6) specify the data rate value in units of 500kbps.

Eg. 6 Mbps (12 x500kbps units) Basic Rate value represent as 10001100
7th bit =1 (to indicate basic rate)
0-6th = 001100 (value 12 to indicate 6 Mbps)

Here is a expansion of a “Supported Rate” field of a Beacon. It has Element ID, Length & Supported Rates fields. At least one mandatory rate must be set by AP & any station wanting to join the cell must support all basic rates. Given example shows a default setting of 802.11a radio where  6 Mbps, 12Mbps & 24Mbps set as “Basic Rates” to ensure joining station understand all modulation techniques (ie BPSK-6,9 Mbps QPSK-12,18 Mbps QAM-24Mbps & higher)

CWAP - Mgmt-Beacon-056. FH parameter set
Used by legacy Frequency Hopping (FH) stations

7. DS Parameter (2 byte)
Present with beacon frame generated by stations using Clause 15, 18 or 19 PHY or if the beacon sent using one of the rates defined by one of the clause.

8. CF Parameter (8 byte)
Used with PCF, unused in real networks

9. IBSS parameter (4 byte)
Present only within beacon frames generated by stations in IBSS (or Add-Hoc network)

10. TIM (Traffic Indication Map)
Present only within beacon frames generated by APs. TIM element contains information useful for stations in low-power mode. The AP uses Delivery Traffic Indication Map (DTIM) to inform the cell if it has broadcast or multicast frames buffered. DTIM is not present in all beacons and all TIMs.

As you can see below it has following fields
a. Element ID (1 byte)
b. Length (4 byte)
c. DTIM Count (1 byte)- how many beacon frames(including current one) appear before next DTIM. Value 0 indicate current TIM is a DTIM
d. DTIM Period (1 byte) – number of beacon interval between successive DTIMs
e. Bitmap Control (1 byte) – if 1st bit=1, buffered multicast/broadcast data at AP, if 1st bit=0, no multicast/broadcast data at AP.
f. Partial Virtual Bitmap (1-251 byte) – represent stations in low power mode for which AP has traffic buffered.

CWAP - Mgmt-Beacon-0611. Country
Each country has regulatory bodies that limit the channels or power levels allowed in their regulatory domain. It defines the country of operation along with the allowed channels & maximum transmit power. This is not a mandatory field in a beacon.
CWAP - Mgmt-Beacon-0712-13. FH Parameters & FH Pattern table (used by Legacy FH stations)

14. Power Constraint (3 byte)
This element is related to 802.11h. This is for UNII2 & UNII-2 extended (CH52,56,60,64 & CH100-139) where spectrum is used for other purposes like civilian airport radar, weather radar. So to avoid interference with those systems AP should operate  max power specified by these constraint fields.

CWAP - Mgmt-Beacon-1815. Channel Switch (6 byte)
This is also related to 802.11h. When a radar blast is detected, all stations must leave the affected channel. The AP can set to announce to the cell which is the next channel.

16. Quite (8 byte)
Another element related to 802.11h where an AP can request a quiet time during which no station should transmit in order to test the channel for the presence of radars.

17. IBSS DFS – used with 802.11h in IBSS

18. TPC Report (4 byte)
This element  is also related to 802.11h. TPC Report element contain Transmit Power & Link Margin information, usually sent in response to a TPC Request element. Below shows the “TPC Report” element of a beacon frame.
CWAP - Mgmt-Beacon-0919. ERP Information ( 3 byte)
ERP element is present only on 2.4GHz network supporting 802.11g & it is present in beacon & probe responses. The non-ERP_Present bit set to 1 in following conditions
a. A nonERP station (legacy 802.11 or 802.11b) associate to the cell
b. A neighboring cell is detected, allowing only nonERP data rates
c. Any other management frame (except probe request) is received from neighboring cell supporting only nonERP data rates.

20. Extended Supported Rates
Extended Support Rates element specifies the supported rates not carried in the Supported Rates Element. It is only required if there are more than 8 supported rates.

21. RSNRobust Secure Network
RSN information element used to indicate Authentication Cipher, Encryption Cipher & other RSN capability of stations. In the below RSN IE, it shows AP support 802.1X & 802.11r FT as Authentication Suites. Also it use AES as pairwise cipher (for unicast traffic) & group cipher (for broadcast/multicast)

CWAP - Mgmt-Beacon-1022. BSS Load
This element is used only when QoS is supported & often called QBSS load element. It provides information on the cell load, from the AP point of view. It has following subfields
a. Station Count – How many stations are currently associated
b. Channel Utilization – % of time that AP sensed medium was busy (normalized 0-255)
c. Available Admission Capacity

CWAP - Mgmt-Beacon-1723. EDCA Parameter Set
This element also used in when QoS is supported. In most QoS enabled network this field is not used, instead same information provided via WMM or WME vendor specific elements.

24. QoS capability
This element is used only when QoS is supported. It is used as a replacement to the EDCA parameter element when EDCA parameter is not present.

25-32,34-36. Vendor Specific

33. Mobility Domain
If AP supporting 802.11r (Fast Transition BSS), it will use Mobility Domain IE to indicate that. Below shown a MDIE of a beacon which supports FT-over-the-DS.
CWAP - Mgmt-Beacon-1137. HT Capability
Used in 802.11n.

CWAP - Mgmt-Beacon-1238. HT Operation
Used with 802.11n

CWAP - Mgmt-Beacon-1339. 20/40 BSS Coexistence

40. Overlapping BSS Scan Parameters.

41. Extended capabilities

42. VHT Capabillity
Used with 802.11ac

CWAP - Mgmt-Beacon-1443. VHT Operation
Used with 802.11ac

CWAP - Mgmt-Beacon-1544. VHT Transmit Power Envelop
Used with 802.11ac

CWAP - Mgmt-Beacon-16

References
1. CWAP Official Study Guide – Chapter 4

Related Posts

1. 802.11 Management Frame Types