Adjacent Node
Networking, explained. No BS.

IEEE 802.11 WLAN

Printer friendly

What It Is

IEEE 802.11 is the WLAN MAC and PHY family behind Wi-Fi. A modern wireless sheet needs to cover more than speed labels: bands, channel width, RF behavior, roaming, authentication, encryption, client capability, and how SSIDs map into wired VLANs and policy.

Standards And Generations

Wi-Fi Name IEEE Basis Bands Practical Notes
Wi-Fi 4 802.11n 2.4 and 5 GHz Still seen in legacy clients
Wi-Fi 5 802.11ac 5 GHz Common enterprise baseline
Wi-Fi 6 802.11ax 2.4 and 5 GHz OFDMA, better efficiency, WPA3 ecosystem
Wi-Fi 6E 802.11ax 6 GHz added More spectrum, WPA3/PMF expectations, regulatory constraints
Wi-Fi 7 802.11be 2.4, 5, and 6 GHz MLO, 320 MHz channels where allowed, 4096-QAM

Modern note: Wi-Fi generation labels are marketing shortcuts. Design around client mix, band support, channel plan, power, roaming behavior, and application requirements.

WLAN Components

Term Meaning Operational Use
STA Wireless station/client Laptop, phone, scanner, IoT device
AP Access point Bridges wireless clients into network policy
BSS Basic service set One AP radio/cell serving clients
BSSID MAC address identifying a BSS Useful in roaming and packet analysis
SSID Network name Human-facing WLAN name, not a security boundary
ESS Multiple BSSs presenting one SSID Normal enterprise WLAN
DS Distribution system Wired or controller fabric behind APs
IBSS Independent BSS Ad hoc network, rare in enterprise

Watch out: SSID and VLAN are not the same thing. One SSID can map to different VLANs by policy, and multiple SSIDs can terminate into the same VLAN.

Bands And Channels

Band Strengths Weaknesses Design Notes
2.4 GHz Better range, legacy support Crowded, only a few clean channels Use for compatibility and IoT, not capacity
5 GHz Good enterprise capacity DFS events, shorter range than 2.4 Main production band for many sites
6 GHz More clean spectrum Shorter range, client support required, regulations vary Best for modern clients and capacity
Channel Width Where It Fits Watch Out
20 MHz High-density enterprise Best reuse and predictability
40 MHz Moderate density Can hurt reuse if overused
80 MHz Low density or high throughput areas Fewer channels, more contention
160 MHz Special cases Often too wide for enterprise reuse
320 MHz Wi-Fi 7 in 6 GHz where allowed Very environment and regulation dependent

Design note: Wider channels increase peak rate but reduce channel reuse. In busy enterprise WLANs, stable airtime often beats headline throughput.

RF Measurements

Term Meaning Notes
dBm Power relative to 1 milliwatt Common received signal unit
dB Ratio between two values Used for loss, gain, SNR
dBi Antenna gain relative to isotropic antenna Used in EIRP math
RSSI Received signal strength Vendor presentation varies
SNR Signal-to-noise ratio Often more useful than signal alone
Noise floor Background RF noise Higher noise reduces usable signal
EIRP Transmit power plus antenna gain minus losses Must follow regulatory limits

Rule-of-thumb targets vary by design, but voice and real-time apps usually need stronger signal and cleaner SNR than best-effort data.

Frame Types

Type Examples Purpose
Management Beacon, probe, authentication, association, deauthentication Discovery, joining, roaming, control
Control ACK, RTS, CTS, Block ACK Medium access and reliability
Data QoS data, null data Client payload and power-save signaling

Client join flow:

  • Probe or passive beacon discovery.
  • Authentication.
  • Association.
  • 802.1X or PSK authentication where used.
  • 4-way handshake.
  • DHCP or IPv6 address assignment.
  • Data flow.

Watch out: "Authentication" in 802.11 management frames is not the same thing as WPA2/WPA3 or 802.1X user authentication.

Security

Method Status Notes
Open Use only with captive/guest controls or OWE No encryption unless OWE is used
WEP Deprecated Broken, do not use
WPA/TKIP Deprecated Legacy only
WPA2-Personal Common PSK risk depends on sharing and rotation
WPA2-Enterprise Common 802.1X/RADIUS, certificate choices matter
WPA3-Personal Modern SAE, better password-based security
WPA3-Enterprise Modern Stronger enterprise options
OWE Modern open encryption Encryption without authentication
PMF Protected Management Frames Mandatory in some modern modes

Modern note: 6 GHz Wi-Fi generally raises the security floor. Expect WPA3 and Protected Management Frames requirements in modern 6 GHz deployments.

Roaming And Client Behavior

Feature What It Does Notes
802.11k Neighbor reports Helps clients choose roam targets
802.11v BSS transition management AP can suggest better APs
802.11r Fast transition Faster roaming, test client support
Band steering Encourages band choice Client still decides
Minimum RSSI Kicks sticky clients Can create churn if too aggressive
Load balancing Spreads clients Can hurt if clients resist

Watch out: The client decides when to roam. Infrastructure can influence roaming, but it does not fully control it.

QoS And Airtime

Access Category Typical Traffic Relative Priority
Voice RTP, real-time voice Highest
Video Interactive video High
Best effort Normal apps Default
Background Bulk or low priority Lowest

Wi-Fi Multimedia maps traffic into wireless access categories. Wired DSCP and 802.1p markings may not survive correctly unless the WLAN, controller, switch, and QoS policy agree.

Design note: Airtime is the scarce resource. A slow client can consume more airtime than a fast client sending the same amount of data.

Cisco Catalyst 9800 Examples

Basic WLAN profile:

wlan CORP-WIFI 20 CORP-WIFI
 no shutdown

Policy profile with VLAN:

wireless profile policy CORP-WIFI-POLICY
 vlan 30
 no shutdown

Map WLAN to policy tag:

wireless tag policy SITE-ACCESS
 wlan CORP-WIFI policy CORP-WIFI-POLICY

Assign policy tag to an AP:

ap aaaa.bbbb.cccc
 policy-tag SITE-ACCESS

Notes:

  • Catalyst 9800 separates WLAN profile, policy profile, and tags.
  • Changing AP tags can cause APs to drop and rejoin.
  • RF tags and site tags also matter in real deployments.
  • Validate security settings, AAA, VLAN, and switching mode before enabling a production SSID.

Troubleshooting

Symptom Check Likely Cause
Client cannot see SSID Band support, SSID enabled, AP tag, channel SSID not broadcast on client-supported band
Client sees SSID but cannot join Security mode, PMF, PSK, 802.1X logs Authentication mismatch
Joins but no IP VLAN, DHCP scope, relay, policy profile Client placed in wrong network
Poor performance Channel utilization, retries, SNR, client rate Airtime contention or RF issue
Sticky client RSSI thresholds, 802.11k/v/r, client driver Client roaming behavior
Voice drops while roaming Fast roaming, QoS, coverage overlap Roaming or airtime problem
6 GHz not used Client support, country code, power, security 6 GHz regulatory or client limitation

Commands

show wlan summary
show wireless client summary
show wireless client mac-address <mac> detail
show ap summary
show ap name <ap-name> config general
show wireless profile policy summary
show wireless tag policy summary

Expected clues:

  • WLAN is enabled and mapped to the expected policy profile.
  • AP has the expected policy, site, and RF tags.
  • Client joins the expected BSSID, SSID, VLAN, and policy.
  • Security negotiation matches the WLAN design.
  • RF channel, power, retries, and SNR fit the expected design.

Watch Out

  • Do not design only from AP count. Design from coverage, capacity, clients, and applications.
  • Do not use 80, 160, or 320 MHz channels just because the hardware supports them.
  • Do not leave legacy data rates enabled without a reason.
  • Do not treat hidden SSIDs as security.
  • Do not assume 6 GHz coverage equals 5 GHz coverage at the same power.
  • Do not enable WPA2/WPA3 transition modes without testing client behavior.
  • Do not forget wired dependencies: VLANs, DHCP, DNS, RADIUS, QoS, and firewall policy.

References