Wi-Fi Probing Behavior and Configured Data Rates

Today, I'd like to highlight what happens under-the-covers when a client tries to connect to an AP after data rates have been manipulated. Specifically, I'm talking about the probing behavior of both the client and the AP. If you've ever wondered how this works, I'm here to tell you about it today!

A standard WLAN best practice to improve performance is to disable low data rates on the APs in an enterprise network. This helps to increase overall network capacity by eliminating overhead caused from management frames sent out at the lowest configured Basic data rate, and to ensure data frames aren't sent at the low data rates which consume large amounts of airtime for application traffic.

First, let's briefly describe how probing works in a legacy WLAN deployment, when the AP supports all 802.11b data rates (1, 2, 5.5, 11 Mbps). In this scenario, the client sends out a Probe Request at the lowest data rate it supports, typically 1 Mbps. The AP will issue a Probe Response back to the client, again at 1 Mbps. They both understand each other, life is happy!

Now let's examine what happens when data rates have been manipulated on an AP, for instance all 802.11b data rates have been disabled and 6 Mbps is now the lowest Basic data rate.

Probe Request and Response Behavior
After Data Rate Manipulation

The client probes at 1 Mbps (as usual) since it doesn't know "what's out there" yet. It's trying to discover all the nearby APs that it could connect to and what their capabilities are. So, it sends out the Probe Request at the lowest data rate it supports to achieve the maximum visibility and trigger all nearby APs to respond.

Probe Request at 1 Mbps

Now, what our AP with manipulated data rates does is the interesting part. Even though it can properly receive and decode the client's Probe Request at 1 Mbps, it is only configured to support 802.11g/n data rates (6 Mbps and higher). So what does it do? It issues a Probe Response at it's configured lowest data rate. After all, the configuration policy now states that all 802.11b data rates are disabled, so let's respond to the client at our lowest Basic data rate of 6 Mbps. If the client is 802.11g capable it will still be able to decode the frame and process the response. We also inform the client in the Probe Response of the supported rates and which ones are mandatory (the meaning of 'Basic' rate).

Probe Response at 6 Mbps

Therefore, the probe response behavior of APs is directly tied to the configured Basic data rates; APs always respond at the lowest Basic data rate, NEVER a disabled data rate. Think about the implications this has on WLAN network operation:

• Clients that don't support the lowest Basic data rate can't connect to the WLAN. In this example, 802.11b-only clients that don't support 802.11g/n would not be able to connect.
  
• Clients that have too low an SNR to decode the lowest Basic data rate won't be able to connect to the WLAN; they won't be able to decode the response frame from the AP. Data rate manipulation can effectively be used to limit the size and "association range" of a Wi-Fi access point (but not the "coverage range" since the signal still travels just as far and can cause interference even though it can't be decoded). Now think about the implications on association range if we made 18 Mbps the lowest Basic data rate.

It's worth noting that 802.11n requires at-least one legacy 802.11a/b/g data rate configured as a Basic data rate. Therefore, WLAN vendors that have the ability to allow only 802.11n clients and reject legacy 802.11a/b/g clients do so through other methods unrelated to data rate manipulation, typically by rejecting association requests by clients that don't advertise support for 802.11n MCS rates.

Cheers,
Andrew