8 Components of a 802.11 Wireless Service Set

One of the first things any wireless engineer learns is how the network itself is constructed. Like any other subject, it benefits students to learn the different facets of a system before trying to grasp the system itself. That said, in 802.11 (WiFi), particularly the use of acronyms and moreover similar acronyms complicates things a bit. It's key to your understanding of 802.11 that these acronyms and initialisms become second nature to you along with the terms, as they'll be used frequently in literature as well as in your day-to-day work.

802.11 Basic Service Set and its Components

Also known as Infrastructure mode or BBS, the basic service set is the one you'll work with in regard to WiFI. It also has analogues in most other wireless technologies. This is the type you find in most residential and some SMB applications where appropriate areas can be covered by a single access point. The infrastructure basic service set, creates a communications infrastructure. It allows stations (STA) to communicate with a central point (AP) and pass information to the Distribution System. A BSS should be noted to be fundamental, but distinct from the other variations. The individual parts will be explained further, along with the roles of each below.

SSID: Service Set Identifier

Usually viewed as the "name" of the network, the Service Set Identifier (SSID) is the cleartext network identifier broadcast to stations that shows them what to join. While the SSID name is usually written in human-friendly terms, it can contain relatively arbitrary values, and in a frame is 0-32 octets long. The important part of a SSID is that it unifies the network and enables clients to ensure that they are all joining the same network. In a BSS, this is relatively simple as it should refer only to one access point, though the AP itself may have several SSIDs it is also broadcasting.

SSID can also be found in beacon frames sent out by the AP so that clients (aka STA-stations) can begin the process of association. The SSID can also be disabled in some frames. This doesn't mean that the SSID is not serving clients, but rather that it expects clients to know the SSID prior to connecting. This will require clients to manually input the SSID rather than scan for it. This process is sometimes referred to as "hiding" an SSID. Hiding an SSID is NOT a security measure and is NOT a substitute for a proper PSK/802.1X authentication scheme. In enterprise and medium-sized business settings, this should nearly never be done. There are also few proprietary edge cases where a "null" or "hidden" SSID will be toggled to function as a type of Band-Steering.

BSSID: Basic Service Set Identifier

BSSID is a unique identifier to an SSID in a BSS, in the same format as a MAC address. In an ESS, the BSSID is unique to both the AP and the SSID combination. EG SSID "PrettyFlyforAWIfi” is one BSSID, while on the same AP SSID "TheLANBeforeTime" would have a different BSSID. Likewise, the same SSIDs on another AP will have unique BSSIDs. A BSSID is given by the manufacturer, though it can be spoofed or manually set. The BSSID can be useful in not only tagging what AP you're connected to, but in determining some information about it.

The amount of BSSs that you can see in an area, divided by the amount of Unique SSIDs can give you a rough estimate of the APs in your area. Also note that the BSSIDs originating from a single AP will be related values unless manually set, which is uncommon at scale. Keep in mind not all APs must broadcast all SSIDs, so this is only a rough estimate. The first six characters of the BSSID in hex are, unless changed, the "OUI" and can be tied back to the manufacturer of the AP.

This great info if you want to learn about a network, such as during the "Enumeration" phase of a penetration test. The second set of six characters can be thought of somewhat like a serial number for the AP/SSID combo. Be on the lookout for certain AP models and manufacturers that may alter the BSSID.

Station Clients (STA)

Usually abbreviated to STA in the documentation, or referred to clients when speaking most often, stations are the actual user end devices on your network, or rather the ones with Wireless NICs. Most common these days is a phone, but this can be any device. Including, but not limited to: laptops, phones, and scanners, wireless NIC adapters, such as for desktops without built-in wireless chipsets, and even 802.11 IoT devices like sensors or cameras.

Clients, in general, represent the "random-access" nature of 802.11 networks. This means simply, that a well-designed network should be able to handle the expected amount of these clients at any one time, and that can't be planned for. They don't transmit or receive at any set schedule like some IoT devices do, or even like some Point-to-multipoint sites assigning "times" to the clients.

In 802.11 networks, while clients do not make the network, they drive the network. By this I mean your requirements, your performance, and nearly all of your key metrics for your network are focused on the client experience. If clients can't connect, the Wi-Fi is down. If things are slow, then wifi is bad. It is vital that you remember this.

In design, there is a concept of "LCMI" or Least Capable, Most Important (device). This means that your network should have at its baseline, the client that behaves the worst and is used the most, be that phones, scanners or a proprietary solution to something. If your LCMI device works well, the ones above it will too. Not always at the best rate, or most efficiently, but they will perform.

Distribution system / Distribution system media

The data has to go somewhere from the AP, in most cases. What gets it there is the distribution system. This is usually a network that we're all used to, an ethernet network. All of the network equipment on the other side of the AP, or WLC (Wireless Lan Controller) is the DS (Distribution System). Notably, this can take any form factor, and is simply a name for that logical network that the AP serves as a gateway to.

APs translate information from 802.11 to 802.3, or any needed protocol the AP supports to continue to the DS, or to the next hop to the DS in the case of a bridge or mesh system. Distribution System Media (DSM) is the physical counterpart to talking about the DS; it's the actual material that the information is transferred to. Examples of this can include fiber optics, the popular ethernet, coaxial cable, or any other information-carrying media. Theoretically, a pond could be a DSM if you established a protocol of transmission. Again, the DSM is physical while the DS is logical.

Other Types of Service Sets

ESS: Extended Service Set

An ESS is the logical extension of the BSS, and is in actuality, several BSSs working in conjunction as a single network. An ESS may be united by a single SSID, or multiple, but the APs must share at least one SSID, or Theoretically, several interlocking SSIDs that collectively unite the entire grouping of SSID. An ESS is usually managed by a controller, or else is governed somehow by software. It has all the properties of a BSS, but is extended so that the LLC layer sees it all as one network, and is passed into the distribution system as such, though from different points. As it is all one network, it must be on the same subnet, and use the same VLAN.

IBSS: Independent Basic Service Set

An IBSS is usually a temporary network, and has the primary distinction of being a peer-to-peer network without a set hierarchy or AP/client relationship as we typically think about it. Instead, the members of the network (STAs) send transmissions directly to each other, instead of up to the AP and through the DS then back to a STA. Beaconing and some limited coordination functions are generally set up by the first STA to be raised, but this first STA does not relay any information from one STA to another.

Unlike a BSS or ESS, the BSSID for an IBSS does not contain an OUI, but rather a coding nothing. It's an IBSS and then the remainder of the BSSID is randomly generated. These networks exist for pop-up applications only, generally, such as hotspots, and even then most hotspots have begun to take a formal AP role instead of First-Station with the IBSS.

Wrapping Up

There's much more to learn about BSS's, and the formation of a wireless network, but that covers the basics. If you're more interested in a general understanding, the CWNA from CWNP is a great resource, and goes into much further detail about the association process and the interactions within the BSS.