Ten fixed-length fields may appear in management frames. Fixed-length fields are often referred to simply as fields to distinguish them from the variable-length information elements.
4.3.2.1 Authentication Algorithm Number
Two bytes are used for the Authentication Algorithm Number field, shown in Figure 4 21. This field identifies the type of authentication used in the authentication process. (The authentication process is discussed more thoroughly in Chapter 7.) The values permitted for this field are shown in Table 4-3. Only two values are currently defined. Other values are reserved for future standardization work.
Figure 4-21. Authentication Algorithm Number field
Value Meaning
0 Open System authentication
1 Shared Key authentication
Reserved
Table 4-3. Values of the Authentication Algorithm Number field
2-65,535
4.3.2.2 Authentication Transaction Sequence Number
Authentication is a multistep process that consists of a challenge from the access point and a response from the mobile station attempting to associate. The Authentication Transaction Sequence Number, shown in Figure 4-22, is a two-byte field used to track progress through the authentication exchange. It takes values from 1 to 65,535; it is never set to 0. Use of this field is discussed in Chapter 7.
Figure 4-22. Authentication Transaction Sequence Number field
4.3.2.3 Beacon interval
Beacon transmissions announce the existence of an 802.11 network at regular intervals. Beacon frames carry information about the BSS parameters and the frames buffered by access points, so mobile stations must listen to Beacons. The Beacon Interval, shown in
Figure 4-23, is a 16-bit field set to the number of time units between Beacon
transmissions. One time unit, which is often abbreviated TU, is 1,024 microseconds (µs), which is about 1 millisecond. Time units may also be called kilo-microseconds in various
documentation (Kµs or kµs). It is common for the Beacon interval to be set to 100 time units, which corresponds to an interval between Beacon transmissions of approximately 100 milliseconds or 0.1 seconds.
Figure 4-23. Beacon Interval field
4.3.2.4 Capability Information
The 16-bit Capability Information field, shown in Figure 4-24, is used in Beacon transmissions to advertise the network's capabilities. Capability Information is also used in Probe Request and Probe Response frames. In this field, each bit is used as a flag to advertise a particular function of the network. Stations use the capability advertisement to determine whether they can support all the features in the BSS. Stations that do not implement all the features in the capability advertisement are not allowed to join.
Figure 4-24. Capability Information field
ESS/IBSS
These two bits are mutually exclusive. Access points set the ESS field to 1 and the IBSS field to 0 to indicate that the access point is part of an infrastructure
network. Stations in an IBSS set the ESS field to 0 and the IBSS field to 1. Privacy
Setting the Privacy bit to 1 requires the use of WEP for confidentiality. In infrastructure networks, the transmitter is an access point. In IBSSs, Beacon transmission must be handled by a station in the IBSS.
Short Preamble
This field was added to 802.11b to support the high-rate DSSS PHY. Setting it to 1 indicates that the network is using the short preamble as described in Chapter 10. Zero means the option is not in use and is forbidden in the BSS.
PBCC
This field was added to 802.11b to support the high-rate DSSS PHY. When it is set to 1, it indicates that the network is using the packet binary convolution coding
modulation scheme described in Chapter 10. Zero means that the option is not in use and is forbidden in the BSS.
Channel Agility
This field was added to 802.11b to support the high rate DSSS PHY. When it is set to one, it indicates that the network is using the Channel Agility option
described in Chapter 10. Zero means the option is not in use and is forbidden in the BSS.
Contention-free polling bits
Stations and access points use these two bits as a label. The meanings of the labels are shown in Table 4-4.
Table 4-4. Interpretation of polling bits in Capability Information
CF-Pollable CF-Poll
Request Interpretation
Station usage
0 0 Station does not support polling
0 1 Station supports polling but does not request to be put on the polling list
1 0 Station supports polling and requests a position on the polling list
1 1
Station supports polling and requests that it never be polled (results in station treated as if it does not support contention- free operation)
Access point usage
0 0 Access point does not implement the point coordination function
0 1 Access point uses PCF for delivery but does not support polling
1 0 Access point uses PCF for delivery and polling
1 1 Reserved; unused
4.3.2.5 Current AP Address
Mobile stations use the Current AP Address field, shown in Figure 4-25, to indicate the MAC address of the access point with which they are associated. This field is used to ease associations and reassociations. Stations transmit the address of the access point that handled the last association with the network. When an association is established with a
different access point, this field can be used to transfer the association and retrieve any buffered frames.
Figure 4-25. Current AP Address field
4.3.2.6 Listen interval
To save battery power, stations may shut off the antenna units in 802.11 network interfaces. While stations are sleeping, access points must buffer frames for them. Dozing stations periodically wake up to listen to traffic announcements to determine whether the access point has any buffered frames. When stations associate with an access point, part of the saved data is the Listen Interval, which is the number of Beacon intervals that stations wait between listening for Beacon frames. The Listen Interval, shown in Figure 4-26, allows mobile stations to indicate how long the access point must retain buffered frames. Higher listen intervals require more access point memory for frame buffering. Access points may use this feature to estimate the resources that will be required and may refuse resource-intensive associations. The Listen Interval is described in Chapter 7.
Figure 4-26. Listen Interval field
4.3.2.7 Association ID
The Association ID, shown in Figure 4-27, is a 16-bit field. When stations associate with an access point, they are assigned an Association ID to assist with control and
management functions. Even though 14 bits are available for use in creating Association IDs, they range only from 1-2,007. To maintain compatibility with the Duration/ID field in the MAC header, the two most significant bits are set to 1.
Figure 4-27. Association ID field
The Timestamp field, shown in Figure 4-28, allows synchronization between the stations in a BSS. The master timekeeper for a BSS periodically transmits the number of
microseconds it has been active. When the counter reaches its maximum value, it wraps around. (Counter wraps are unlikely given the length of time it takes to wrap a 64-bit counter. At over 580,000 years, I would bet on a required patch or two before the counter wrap.)
Figure 4-28. Timestamp field
4.3.2.9 Reason Code
Stations may send Disassociation or Deauthentication frames in response to traffic when the sender has not properly joined the network. Part of the frame is a 16-bit Reason Code field, shown in Figure 4-29, to indicate what the sender has done incorrectly. Table 4-5
shows why certain reason codes are generated. Fully understanding the use of reason codes requires an understanding of the different classes of frames and states of the 802.11 station, which is discussed in Section 4.4.
Figure 4-29. Reason Code field
Code Explanation
0 Reserved; unused 1 Unspecified
2 Prior authentication is not valid 3
deauthenticated
4 Inactivity timer expired and station was disassociated
5 Disassociated due to insufficient resources at the access point
6 Incorrect frame type or subtype received from unauthenticated station 7
8 Station has left the basic service area or extended service area and is disassociated
9 Association or reassociation requested before authentication is complete 10 Reserved; unused
Table 4-5. Reason codes
Station has left the basic service area or extended service area and is
Code Explanation
65,535
Table 4-5. Reason codes
4.3.2.10 Status Code
Status codes indicate the success or failure of an operation. The Status Code field, shown in Figure 4-30, is 0 when an operation succeeds and nonzero on failure. Table 4-6 shows the status codes that have been standardized.
Figure 4-30. Status Code field
Code Explanation
0
1 Unspecified failure Reserved; unused
10 Requested capability set is too broad and cannot be supported
11 Reassociation denied; prior association cannot be identified and transferred 12
13 Requested authentication algorithm not supported 14 Unexpected authentication sequence number
15 Authentication rejected; the response to the challenge failed 16
expected window 17
18 Association denied; the mobile station does not support all of the data rates required by the BSS
19
(802.11b) option 20
(802.11b)
Association denied; the mobile station does not support the PBCC modulation option
21
(802.11b)
Association denied; the mobile station does not support the Channel Agility option
Table 4-6. Status codes
Operation completed successfully 2-9
Association denied for a reason not specified in the 802.11 standard
Authentication rejected; the next frame in the sequence did not arrive in the Association denied; the access point is resource-constrained
Association denied; the mobile station does not support the Short Preamble
22-65,535 Reserved for future standardization work