Do You See What I See?

Do You See What I See?

I want to write about line of sight (LOS) propagation in the context of wireless LANs.  LOS propagation refers to the path that the photons must travel between the transmitting Wi-Fi antenna and the receiving station (STA).  The wave of electromagnetic energy, radiating from the transmitter, interacts with the environment.  As the wave travels through open air, it is subject to free-space path loss.  That is to say that the further the receiver is from the transmitter, the lower the received signal will become.  When the path is blocked by physical objects, other phenomena are observed.  For example, the signal will reflect off of some objects more readily than others.  A flat metal object will reflect the signal well.  Other objects, like concrete or brick walls, will absorb the signal.  A chain-link fence is mostly empty space.  But with a spacing of 1” to 1 ½”, a chain-link fence affects the signal as if it were a standing wave and blocks transmissions in the 2.4 GHz band.  The list of observable phenomena that affect a Wi-Fi signal includes, reflection, refraction, diffraction, scattering, and absorption.  

With all of these environmental impacts on the Wi-Fi signal, it is easy to understand the desire for direct LOS between the access points and their associated client stations.  Most Wi-Fi networks are indoors.  And most interior walls are only constructed of drywall.  A typical drywall has an attenuation value of 3 dB.  This means that a normal interior wall will only degrade a signal by ½.  Suppose a wireless client were in the same room as its AP and received a signal at -65 dBm.  That same client could move to the room next door and still have a very good signal at -68 dBm.

When we do not have a clear line of sight between wireless devices, an initialism, NLOS, is often used to describe this situation.  NLOS is used to mean two related but different situations, near line of sight and non-line of sight.  The two situations, near LOS and non-LOS, are handled in two radically different ways.  Near LOS describes a situation where the signal still follows an essentially straight path from the transmitter to the receiver by passing through any obstructions, like the aforementioned drywall.  In some cases, the solution is to increase the transmit power on the stations to overcome obstructions.  This can have a derogatory effect on the WLAN and should normally be avoided.  The solution for the non-LOS problem is a bit more elegant but does present some challenges.  In a plan for non-LOS, the engineer relies primarily upon the reflection of the signal.  Suppose that a large metal object stands between an access point and a location that must receive Wi-Fi coverage.  Although we cannot push the signal through the obstruction, we can bounce the signal around it.  The signals traveling from the AP may, for example, travel over the obstruction, hit a far wall and reflect back into the space that would otherwise be in the RF shadow of the large metal object.  Similarly, the signal could reflect off of walls on either side of the obstruction and still reach the client device.

In an earlier discussion, I was writing about using the RSSI values to locate client devices in a WLAN.  We know and can predict how a signal will attenuate over a given distance of open space.  But we now must consider that to rely upon the inverse square law as the only factor in how a signal degrades is folly.  Suppose that a client is 20 meters away from an AP and is receiving the signal from the AP in a direct LOS.  The client then moves into the RF shadow of delivery van.  It is possible that the client could still remain connected if, for example, the signal bounces off of the exterior wall of a neighboring building creating a non-LOS connection.  If we were to rely solely upon the inverse square law to determine the distance between the client and the AP we would calculate a distance that would be no less than the sum of the distance from the AP to the neighboring building added to the distance from the neighboring building to the client.  And that calculation would assume a near perfect reflection from the exterior wall of that building.  For near line of sight, we must understand the attenuation value of the interposing walls.  Consider that two clients can both be 10 meters from an AP with one having direct LOS and the other having near LOS with an interposing drywall.  The RSSI for the client behind the wall would be attenuated by 3 dB and would appear to be further away if the wall were not factored into our math.

If we are using triangulation of the RSSI values observed by three access points to locate a client, we must consider that as the client moves throughout the environment, the client will experience some combination of direct LOS, near LOS, and non-LOS with the monitoring APs.  It is critical, therefore, that an engineer working on a real-time location tracking solution incorporate specific environmental details into the design.


Spherical Cows of Uniform Density

Spherical Cows of Uniform Density

Remember those problems in Physics that ask questions like, “How much energy is transferred to the ground if a 400-kilogram cow jumps out of a truck from a distance of 1 meter above the ground?”  The answers would begin something like, “assuming a perfectly elastic, spherical cow of uniform density were falling in a vacuum…”  Well the difference between engineering and theoretical science is that there are no spherical cows of uniform density and cows do not jump in vacuums.

If we turn our minds to the task of locating WLAN devices, we will find that they too are not operating in vacuums and they also do not produce elegant spherical wave propagation patterns, regardless of what was depicted in our high school Physics books.

Access points, for example, typically have 3 omni-directional antennae per radio.  Even if the propagation were perfectly spherical, there would be three spheres with off-set centers.  The actual propagation pattern can be found in the technical data sheet on the vendor’s website.  The image below is from an Aerohive AP 230 datasheet and depicts the vertical and horizontal propagation pattern of an AP with internal antennae.

230 propagation
AP 230 5 GHz

Enter the Received Signal Strength Indicator (RSSI).  If we have a single access point and know the RSSI of a signal coming from a wireless client and we know the original strength of that signal, then we should be able to calculate the probable distance from the AP of the client.  That distance then becomes the radius of a sphere around the AP.

Imagine then a perfect emitter of radiation such that photons leave a single point and radiate out equally in all directions.  This type of radiation source is called an isotropic emitter and if you can see it in your imagination that’s great because isotropic emitters do not exist in the physical world.  One more thing to remember, from high school Physics, is the inverse square law.  This law says that the intensity of radiation varies inversely with the square of the radius.  We can express this relationship, I ∝ 1/r2, as an equation, I1/I2 = r22/r12.

Inverse Square Law

What this means, in practice, is that the photons leaving the antenna of an AP will strike the receiving antenna of a wireless client at an average intensity or RSSI at one distance and at a lower intensity the further we move the receiving antenna away from the AP.  As an example, if we measured the intensity of a wireless signal at one meter from the source and called it X then moved out to two meters and measured again we would not get half of the original signal.  We would expect to measure 1/4 X, the inverse of the square of the radius.  If we move out to a distance of three meters, then we would expect the intensity to only be 1/9 X (32  = 9 and the inverse is 1/9th).

Suppose then that you have an AP transmitting at 500 mW.  The only place we could measure 500 mW (27 dBm) would be directly at the antenna of the AP.  If we consider a typical Wi-Fi client device and look at the RSSI of the AP at 6 meters distance it may measure something really strong like -50 dBm (0.00001 mW).  As I move further away from the AP the RSSI continues to drop.  When I reach 12 meters, I would expect to only see 1/4 of the radiation that I saw at 6 meters, -56 dBm (0.0000025 mW).  If I travel out to a distance of 18 meters, I am three times my initial radius and I expect to see only -59.5 dBm (0.0000011 mW) RSSI.  That is about 1/9th of the intensity measured at 6 meters.

If we focus on the signal strength in terms of milliwatts, it soon becomes far too tedious to keep track of all of those leading zeros.  That is why, in Wi-Fi, we focus instead on the values in the logarithmically-derived dBm values.  This change to dBm allows the human mind to represent a logarithmical relationship linearly.  And our minds can easily comprehend linear terms.

Since we know and can measure the attenuation of a Wi-Fi signal over a distance (also known as free-space path loss), we can draw a sphere around an AP based upon the RSSI of a client’s signal.  The sphere would describe the likely position of the wireless client.

Now suppose that we have a second access point that also “hears” the signal from the client.  That gives us a second sphere.  Where those two spheres intersect, a circle is formed.  And this circle becomes the likely position of the client device.  When three or more APs can here the signal, we can perform triangulation calculations and narrow that circle down to a point of highest probability of the client’s location.

It sounds so very simple, to locate a client device all we need are three or more APs within range and we know where the client is located!  In theory yes we do.  But remember there are no perfectly elastic, spherical cows of uniform density existing in a vacuum.  The APs and their associated wireless clients are not operating in a vacuum either.  The line of sight between multiple APs and a Wi-Fi client is almost never unobstructed by walls, furniture, and the user him/her self.  The wireless signal can pass through walls and people too but it attenuates much faster when passing through solid objects than it does in air or in our hypothetical vacuum.

Considering line of sight and near line of sight will be the topic of a future blog post.  So stay tuned!


Key Terms A-C

Access Category (AC)

Definition: ACs are priority buckets for QoS.  Similar to 802.1D User Priority.



Definition: Rijndael, Advanced Encryption Standard NIST 2001



Definition: Arbitration inter-frame spacing, supplements DCF to eDCA or HCF.  Used to support QoS so that higher priority traffic waits for less time to be transmitted than lower priority traffic.



Definition: Can mean Wi-Fi in terms of frames or RF in terms of spectrum.



Definition: Access point, in infrastructure mode, an AP is a portal to a DS.



Definition: 802.11e Automatic power save delivery.  Un-scheduled or scheduled delivery of one or more frames to a power saving device.



Definition: After authentication, a STA will associate with an AP.  The AP will generate an AID for the client STA.  When an AP grants association, it responds with a status code of 0 (successful) and the Association ID (AID). The AID is used to identify the station for delivery of buffered frames when power-saving is enabled.



Definition: 802.11 authentication is the first step in network attachment. 802.11 authentication requires a mobile device (station) to establish its identity with an Access Point.



Definition: Beacon frames are transmitted periodically to announce the presence of a wireless LAN. Beacon frames are transmitted by the Access Point (AP) in an infrastructure Basic service set (BSS) and by (potentially) any STA in an IBSS.


Definition: Clear Channel Assessment.  STAs must sense the channel is unused prior to transmitting anything except an ACK.  This can be virtual (NAV) or physical (CCA-CS no discernable 802.11 traffic or CCA-ED radiation 20 dB above the noise floor.)



Definition: Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard



Definition: ISM bands divided into channels defined by their center channel frequency and width.



Definition: modulation and demodulation of a digital signal over an analogue medium. 


Contention Window

Definition: Contention Window adds a bit of randomness into the CSMA/CA 1/2 duplex Wi-Fi.

Control Frame

Definition: One of the three types of 802.11 frames. Control Frames are used to affect the behavior of STAs in a BSS.



Definition: An outmoded method of centrally controlling the APs in an EBSS.  Also a great way for Big Wi-Fi to extort large amounts of license fees from hapless customers.



Definition: 802.3 Class of Service.  Priority marking and queuing of traffic based on the traffic class.



Definition: Carrier Sense Multiple Access with Collision Avoidance


I need a Montage

I need a montage.  Even Rocky had a montage.  Specifically, I need to learn a lot of the minutiae that I have previously taken for granted.  For example, the most significant bits of the duration ID field, a two-byte field in the MAC header, have always been there but I never bothered to learn what they are used for and what they mean.  The STAs in my WLANs have happily transmitted bit 15 clear (0) to indicate a duration in microseconds or 15 and 14 set (11) to indicated that an AID follows for PS-Poll.  Furthermore, I never knew the standard specified bit 15 set (1) and 14-0 clear (0s) to mean that a contention free period has started.   Back to my montage, I need it to start with me cracking the CWAP study guide and taking a few notes, scratching out my notes and balling up the paper and throwing it at growing pile of notes on the floor.  As I progress through the book, the pile stops growing and my looks of exhaustion and frustration are replaced with a knowing nod and contemplative stare off into the distance.  Finally, the montage can end with me closing the book and scheduling the test.

But life, of course, is not made up of clever, time-saving montages.  Instead I will be attempting to get through one chapter every day or day and a half.  And I don’t mean simply reading the pages.  I mean reading and understanding them, making notes, and checking other reference materials for concepts that I have never bothered with before or that confuse me.

I think I have a system worked out for learning the various wave-forms commonly seen on spectrum analyzers.  I’ll post more about those later on.

CWAP Key Terms

CWNP are kind enough to tell us what is on the exam in the objectives link.  They also provide a list of key terms.  I will add those terms here with a quick one-line definition and a link to a more authoritative source for a more complete definition.

2.4 GHz

Definition: Band used by legacy, b, g, and n devices.

4-way Handshake

Definition: creation and distribution of temporal keys for unicast PTK and multicast GTK

5 GHz

Definition: Band used by a, n, and ac devices


Definition: 1999 Amendment specifies OFDM on 5 GHz band



Definition: 2014 Amendment.  n on steroids wider bandwidth, more spatial streams and support for MU-MIMO



Definition: 1999 DSSS 2.4 GHz band



Definition: Enhances DCF introducing new HCF for QoS.  Queues for background, best effort, video, and voice.



Definition: 2003 OFDM Extended Rate PHY 2.4 GHz band. Data rates up to 54 Mb/s

Ref: IEEE Clause 19


Definition: 2004 Security enhancements. WPA2 RSN. Deprecates WEP. Implemented via 4-way handshake.



Definition: 2009 2.4 and 5 GHz bands, 20 or 40 MHz wide channels, up to 600 Mb/s MIMO OFDM 1-4 spatial streams



Definition: Protected management frames protects against a few DoS attacks.



Definition: Early QoS standard.  3-bit field Priority Code Point used to tag traffic 0-7 by priority. Rolled up into 802.1D 1998 and then into 802.1Q 2014



Definition: Port based NAC encapsulation of EAP.



CWAP Useful Links

CWNP home > CWAP Exam Objectives

IEEE 802.11 – 2012 Standard

CWAP Study Guide PW0 – 270 (previous version of the exam)


CWNA, CWSP, CWAP video channel

Net Scout Air Magnet

Metageek spectrum analysis captures of various RF sources