Below shows a frame format of a Data Frame. (source IEEE 802.11-2012 standard)
The content of the address fields of data frames are dependent upon the values of the To DS and From DS fields in the Frame Control field and whether the Frame Body field contains either an MSDU (or fragment thereof) or an entire A-MSDU, as determined by the A-MSDU Present subfield of the QoS Control field.
The content of the address fields is shown in below table (source IEEE 802-11 2012 Table 8-19). Where the content of a field is shown as not applicable (N/A), the field is omitted. Note that Address 1 always holds the receiver address of the intended receiver, and that Address 2 always holds the address of the STA that is transmitting the frame.
Source Address (SA) : This is the address where the frame is sent from.
Destination Address (DA) : This is the address where the frame is being sent to.
Transmitter Address (TA) : This is the address of the station that is transmitting the RF frame.
Receiver Address (RA) : This is the address of the station that is receiving the RF frame.
Basic Service Set Identifier (BSSID) : This is the basic service set ID of the AP.
Typically all 4 address fields are used only in Wireless Distribution system (WDS) or Mesh AP back-haul scenarios. Below shows a Wireless bridge topology where you can see all the 4 address fields are being used.
Address 1: RA – 64:ae:0c:93:75:90 (AAP2 802.11 BSSID for SSID-MGMT)
Address 2: TA – a4:0c:c3:1a:ee:60 (AAP1 802.11 BSSID for SSID-MGMT)
Address 3: DA – c8:f9:f9:d7:3b:a7 (7965 MAC address)
Address 4: SA – 00:1a:e3:a7:ff:40 (vlan 2 gateway MAC in C3750)
For data frames of subtype Null (no data), CF-Ack (no data), CF-Poll (no data), and CF-Ack+CF-Poll (no data) and for the corresponding QoS data frame subtypes, the Frame Body field is null (i.e., has a length of 0 octets); these subtypes are used for MAC control purposes.
For data frames of subtypes Data, Data+CF-Ack, Data+CF-Poll, and Data+CF-Ack+CF-Poll, the Frame Body field contains all of, or a fragment of, an MSDU after any encapsulation for security.
For data frames of subtypes QoS Data, QoS Data+CF-Ack, QoS Data+CF-Poll, and QoS Data+CF-Ack+CF-Poll, the Frame Body field contains an MSDU (or fragment thereof) or A-MSDU after any encapsulation for security.
The maximum length of the Frame Body field can be determined from the maximum MSDU length plus the length of the Mesh Control field (if present) plus any overhead from encapsulation for encryption (i.e., it is always possible to send a maximum length MSDU, with any encapsulations provided by the MAC layer within a single data MPDU). When the frame body carries an A-MSDU, the size of the frame body field is limited by:
— The PHY’s maximum PLCP service data unit (PSDU) length
— If A-MPDU aggregation is used, a maximum MPDU length of 4095 octets
The duration value calculation for the data frame is based on the rules in 9.7 that determine the data rate at which the control frames in the frame exchange sequence are transmitted. If the calculated duration includes a fractional microsecond, that value is rounded up to the next higher integer. All STAs process Duration/ID field values less than or equal to 32 767 from valid data frames (without regard for the RA, DA, and/or BSSID address values that might be present in these frames) to update their NAV settings as appropriate under the coordination function rules.
1. CWAP Official Study Guide – Chapter 6
2. IEEE 802.11-2102 Standard