1

To moderators: I'm not sure if this is the right site to ask this kind of technical question, feel free to move this elsewhere.

I'm debugging a problem where an ESP8266-based device fails to include one wifi AP in its wifi scan results. The same device can connect to the AP if the SSID is specified manually. The same AP shows up on scans made by an Android phone.

I've narrowed the problem down to this: it looks like the AP, running on channel 6 is sending beacon frames (and probe response frames) which specify "current channel: 1". The ESP8266's software ignores such responses.

My question is: is the Access Point allowed to specify a different channel in the beacon/probe response frames? Or, is there any reason for the clients to accept such frames?

The AP is branded by SFR, a french telecom company. I don't know what kind of hardware/software it's running.

Beacon frame as parsed by wireshark:

Frame 1: 188 bytes on wire (1504 bits), 188 bytes captured (1504 bits)
IEEE 802.11 Beacon frame, Flags: ........
IEEE 802.11 wireless LAN management frame
    Fixed parameters (12 bytes)
        Timestamp: 0x0000011a327c9186
        Beacon Interval: 0,102400 [Seconds]
        Capabilities Information: 0x0011
    Tagged parameters (152 bytes)
        Tag: SSID parameter set: SFR_####
        Tag: Supported Rates 1(B), 2(B), 5.5(B), 11(B), 18, 24, 36, 54, [Mbit/sec]
        Tag: DS Parameter set: Current Channel: 1
        Tag: Traffic Indication Map (TIM): DTIM 0 of 1 bitmap
        Tag: ERP Information
        Tag: ERP Information
        Tag: RSN Information
        Tag: Extended Supported Rates 6, 9, 12, 48, [Mbit/sec]
        Tag: HT Capabilities (802.11n D1.10)
        Tag: HT Information (802.11n D1.10)
        Tag: Vendor Specific: Broadcom
        Tag: Vendor Specific: Microsof: WMM/WME: Parameter Element

Hex dump:

0000   80 00 00 00 ff ff ff ff ff ff 24 95 04 ########  ..........$..###
0010   24 95 04 ######## 00 a7 86 91 7c 32 1a 01 00 00  $..###....|2....
0020   64 00 11 00 00 08 53 46 52 5f ########### 01 08  d.....SFR_####..
0030   82 84 8b 96 24 30 48 6c 03 01 01 05 04 00 03 01  ....$0Hl........
0040   00 2a 01 04 2f 01 04 30 14 01 00 00 0f ac 04 01  .*../..0........
0050   00 00 0f ac 04 01 00 00 0f ac 02 0c 00 32 04 0c  .............2..
0060   12 18 60 2d 1a ec 18 1b ff ff 00 00 00 00 00 00  ..`-............
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d  ...............=
0080   16 01 00 04 00 00 00 00 00 00 00 00 00 00 00 00  ................
0090   00 00 00 00 00 00 00 dd 09 00 10 18 02 0d f0 2c  ...............,
00a0   00 00 dd 18 00 50 f2 02 01 01 80 00 03 a4 00 00  .....P..........
00b0   27 a4 00 00 42 43 5e 00 62 32 2f 00              '...BC^.b2/.
Andrzej Szombierski
  • 11
  • 3
  • You might get some insights here on SF but if nobody answers, flag your question and it can be transferred to https://networkengineering.stackexchange.com/ – HBruijn Dec 07 '17 at 13:55
  • 1
    Just in case anyone stumbles upon this question some day - it appears that my analysis was wrong, and the AP does indeed operate on CH1, that is, its beacon frames are perfectly valid. – Andrzej Szombierski Dec 13 '17 at 10:39

1 Answers1

1

"Wi-Fi", as we know it, is codified by IEEE Std 802.11-2016.

As per section 9.3.3.3 Beacon frame format (page 694 of the PDF):

Order: 6

DSSS Parameter Set

The element is optionally present. The DSSS Parameter Set element is present within Beacon frames generated by STAs using Clause 15, Clause 16, and Clause 18 PHYs. The element is present within Beacon frames generated by STAs using a Clause 19 PHY in the 2.4 GHz band.

Okay, let's go deeper:

9.4.2.4 DSSS Parameter Set element (page 792 of the PDF) says:

The DSSS Parameter Set element contains information to allow channel number identification for STAs. The Element ID and Length fields are defined in 9.4.2.1.

The Current Channel field is set to dot11CurrentChannel (see 15.4.4.3, 16.3.6.3, 17.3.8.4.2 and 19.3.15 for values).

Elsewhere in the standard (dot11PhyDSSSEntry TABLE, pages 3136-3137) I found:

dot11CurrentChannel OBJECT-TYPE
SYNTAX Unsigned32 (1..14)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This is a status variable. It is written by the PHY. The current operating frequency channel of the DSSS PHY. Valid channel numbers are as defined in 15.4.4.3"
::= { dot11PhyDSSSEntry 1 }

tl;dr: The AP is operating out of specification, and should probably be sent to your local electronics recycling center and replaced with something standards-compliant; my personal suggestion at a similar price point would be basically anything made by Mikrotik.

Alex
  • 523
  • 1
  • 4
  • 14