A look Into 802.11k

3 min readFebruary 3, 20203 comments

Play episode

News

Next Generation CBRS Standard: https://www.businesswire.com/news/home/20200123005555/en/Wireless-Innovation-Forum-Issues-Next-Generation-CBRS-Standard
Client Distribution at CLEUR: https://twitter.com/SNMPguy/status/1222794787398602752?s=20
Ekahau about to launch a new tool: https://twitter.com/ekahau/status/1223368179000455168?s=20
- Register for the product launch: https://wifi.ekahau.com/new-tool-to-win-the-war-against-bad-wifi-networks?utm_campaign=2020%20TOF%20Webinars&utm_content=114769185&utm_medium=social&utm_source=twitter&hss_channel=tw-26760583
Eight Wi-Fi Trend expected in 2020 by the WFA: https://www.wi-fi.org/beacon/the-beacon/eight-wi-fi-trends-expected-in-2020
Conference on Port Wireless Solutions: http://www.portcomms2020.com/
CWNP JTA

802.11k (Radio Resource Measurement)

802.11k was published in 2008 and added to the IEEE 802.11-2012 standards.

Various types of measurements are defined that enable 802.11 stations to request measurements from other stations. Information that needs to be measured to optimize the radio network. For example, with 802.11k, stations are able to assess how occupied or idle a frequency channel is.

The corresponding request and report mechanisms, and the formats of the frames through which the measurement requests and results are communicated among stations, are defined by the 802.11k amendment.

Clause 11.11 in the latest 802.11-2016 standards (p. 1709).

Why did we want to talk about 802.11k

It can help client devices to better roam
It has not always been supported on client devices
Clients might lie when they advertise their 802.11k capabilities…

What is really happening with 802.11k

Most of the time APs (or WLC) gather client radio information via specific mechanisms
The client devices can also request some information from the infrastructure (APs & WLC)

What type of information are we talking about?

Neighbor Reports: clients can request a neighbor report and learn valuable information from the infrastructure. The clients will use this information to take better roaming decisions.
Client Statistics: SNR, RSSI, Data rates, frame transmission, retries and errors can be communicated back to the AP & controller.
Channel Statistics: clients might gather noise-floor and channel-load information and send it to the infrastructure.
Transmit Power Control: this can be used to reduced interferences in both frequency bands

Validate that an SSID supports 802.11k

Capture the Beacon Frame
Look for the RM Enabled Capabilities IE
- Look for the Neighbor Report Enable bit in the first RM Capabilities section

Validate that a client supports 802.11k & Neighbor Reports

Capture the Association Request (look at the profiler tool from WLAN Pi)
Look for the RM Enabled Capabilities IE
- RM Capabilities
  - Neighbor Report Enable Bit should be set to 1

802.11k Neighbor Report Operations

The client device sends a Neighbor Report Request specifying the SSID it is currently associated with.

Here is the Neighbor Report Request Frame field format (it is an action frame):

The access point replies with a neighbor report. We have a couple of examples here:

The first one is empty since there is only 1 AP in the network
The second one shows one candidate

A Few Wireshark Filters

Validate if device of AP supports neighbor reports: wlan.rmcap.b1 == 1
Search for all the RM Enabled Information Element: wlan.tag.number == 70
Filter for the Neighbor Report Requests: wlan.rm.action_code == 4
Filter for the Neighbor Report Responses: wlan.rm.action_code == 5
Filter for any Resource Measurement Frames: wlan.fixed.category_code == 5

Resources

CTS 198: Fast BSS Transition – 802.11r: https://www.cleartosend.net/fast-bss-transition-802-11r/
CTS 125: 802.11 Frame Captures on Windows: https://www.cleartosend.net/wireless-frame-captures-windows/
CTS 121: Capturing Wireless Frames with a Mac: https://www.cleartosend.net/capturing-wireless-frames-mac/
CTS 102: Capturing Wireless Frames: https://www.cleartosend.net/cts-102-capturing-wireless-frames/
Deeper look into the 802.11k Neighbor Reports by Mark Williams: https://www.youtube.com/watch?v=XY3BentJmCA
WLAN Pi Website: https://www.wlanpi.com/
Profiler for WLAN Pi: https://github.com/WLAN-Pi/profiler

Tagged as:802.11k management frames

Hosted by

François Vergès

Wireless Network Engineer and Owner at SemFio Networks. CWNE #180. Living in London ON Canada, born and raised in Dijon, France.

Join the discussion Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

3 comments

Bruno Dinis says:
February 3, 2020 at 8:24 am
Hi Francois.
I believe its Radio Resource Management, and not Measurement.
Great Podacast, as usual
Reply
- François Vergès says:
  February 3, 2020 at 8:50 am
  Hi Bruno,
  Thank you! You find both terminologies in the standards… I may have mixed them up 😉
  Reply
Prasanna says:
April 19, 2020 at 12:02 am
Hello François Vergès I appreciate your blog and great work buddy. I am looking for all the 802.11k packet captures which you are mentioned above for educational purpose, if it is available please share.
Email – prasanna4800@gmail.com
Thank you.
Reply