Wi-Fi (802.11) Basics — Computer Networks

What it is#

Wi-Fi is the family of IEEE 802.11 wireless local-area network standards. It defines a set of physical layers (2.4 GHz, 5 GHz, 6 GHz radios with various modulation schemes), a MAC layer (CSMA/CA plus management frames for association and roaming), a frame format that nests an 802.3-compatible payload inside a Wi-Fi-specific header, and a security stack (WEP, WPA, WPA2, WPA3) for authentication and encryption over the air.

From a Layer 3 perspective, Wi-Fi looks like Ethernet. An IP packet is wrapped in an 802.11 frame, transmitted over radio, received at an access point, and re-wrapped in an 802.3 Ethernet frame before continuing to the wired network. From a Layer 2 perspective, Wi-Fi is fundamentally harder than Ethernet: the medium is shared and half-duplex per channel, signal quality varies wildly with distance and obstacles, stations cannot detect collisions while transmitting, and rogue or malicious devices can join the air without permission.

When to use it#

Wi-Fi is the default for client devices. Specific generation choices matter for capacity and density:

802.11ac (Wi-Fi 5, 2014) — 5 GHz, up to 6.9 Gbps theoretical with 8 spatial streams. The baseline for office Wi-Fi.
802.11ax (Wi-Fi 6 / 6E, 2019/2021) — adds 6 GHz band, OFDMA, MU-MIMO uplink. Designed for high-density environments (offices, stadiums). The current deployment target.
802.11be (Wi-Fi 7, 2024) — 320 MHz channels, 4K-QAM, Multi-Link Operation. Up to 46 Gbps theoretical. Early deployments.
Mesh Wi-Fi — multiple access points using either dedicated backhaul radios or 802.11s. Solves coverage in large homes and offices.
Enterprise Wi-Fi (802.1X + RADIUS) — per-user authentication, dynamic VLAN assignment, captive portals. The right answer for any deployment with more than a handful of users.

Use wired Ethernet when latency or jitter matters more than convenience (workstations, IP phones, gaming consoles), when you need >1 Gbps reliably, or when the radio environment is hostile.

How it works#

A Wi-Fi connection has four phases: scan, authenticate, associate, transfer. The radio layer underneath uses CSMA/CA (covered in detail in the MAC building block); the steps above are management.

Association#

Scan. Client probes channels for beacons (broadcast every 102.4 ms by default) and learns nearby SSIDs.
Authenticate. Open-system authentication (a formality in modern Wi-Fi), or a pre-shared-key exchange (WPA2-PSK), or an EAP exchange to a RADIUS server (WPA-Enterprise).
Associate. Client sends an Association Request; AP responds with success and assigns an Association ID.
4-way handshake (WPA2/WPA3). Derives a session key (PTK) from the master key.
Data. Frames flow.

802.11 frame format#

A simplified data frame on the air:

+----------+------+--------+--------+--------+------+--------+---------+-----+
|FrameCtrl |DurID | Addr1  | Addr2  | Addr3  |SeqCtl| Addr4* | Payload | FCS |
|  2 B     | 2 B  |  6 B   |  6 B   |  6 B   | 2 B  |  6 B   |0-2304 B | 4 B |
+----------+------+--------+--------+--------+------+--------+---------+-----+
                                              (*) only present in WDS frames

The four-address scheme is one of Wi-Fi’s quirks. Addr1 is the immediate receiver, Addr2 the immediate transmitter, Addr3 the original source or final destination depending on direction, Addr4 only appears in wireless-distribution-system (mesh / repeater) frames. The Frame Control field’s To-DS and From-DS bits tell the receiver how to interpret the addresses.

CSMA/CA on the air#

Wi-Fi stations cannot listen while transmitting (the transmit signal is millions of times stronger than any incoming signal at the same antenna), so they avoid collisions instead of detecting them. Every transmission is preceded by a random backoff inside a contention window; every data frame must be ACKed by the receiver; absence of ACK is the only collision signal. See the MAC building block for the full machinery.

Hidden terminals and RTS/CTS#

Two stations A and C may both be in range of the access point B but not in range of each other. A’s carrier sense will not detect C’s transmission to B, so A may transmit and collide at B. RTS/CTS is an optional handshake:

A → B:   RTS  (Request to Send, with duration)
B → all: CTS  (Clear to Send, with duration)
A → B:   DATA
B → A:   ACK

Every station that hears the CTS (including C, which is in range of B even though not of A) sees the duration and defers transmission for that long. RTS/CTS has overhead — typically only enabled for frames above a threshold (e.g. 2000 bytes).

Roaming#

When a client moves between access points sharing an SSID, it must scan, deauthenticate from the old AP, authenticate to the new one, associate, and redo the 4-way handshake. Naive roaming takes 200-500 ms — long enough to break a VoIP call. 802.11r (Fast BSS Transition) caches the session key and cuts roaming to ~50 ms; 802.11k (Neighbor Reports) and 802.11v (Network-Assisted Roaming) help the client pick the right next AP.

Variants#

Standard	Name	Band	Max link rate	Released
802.11b	Wi-Fi 1 (retroactive)	2.4 GHz	11 Mbps	1999
802.11a	Wi-Fi 2	5 GHz	54 Mbps	1999
802.11g	Wi-Fi 3	2.4 GHz	54 Mbps	2003
802.11n	Wi-Fi 4	2.4 / 5 GHz	600 Mbps	2009
802.11ac	Wi-Fi 5	5 GHz	6.9 Gbps	2014
802.11ax	Wi-Fi 6 / 6E	2.4 / 5 / 6 GHz	9.6 Gbps	2019 / 2021
802.11be	Wi-Fi 7	2.4 / 5 / 6 GHz	~46 Gbps	2024

Real-world throughput is typically 30–50% of the advertised link rate after MAC overhead, retransmissions, and contention. A “1.2 Gbps Wi-Fi 6” link rarely sustains more than 500-700 Mbps of TCP throughput in practice.

Security generations#

WEP (1997) — RC4 stream cipher, 40- or 104-bit static key, 24-bit IV. The IV reuses within hours of normal traffic. Cracked in minutes by 2007. Do not use, ever.

WPA (2003, interim) — TKIP. Per-packet key derivation on top of RC4. Bought time while WPA2 was finished. Also broken; do not use.

WPA2 (2004) — AES-CCMP. Properly cryptographic. The “KRACK” attack (2017) showed weakness in the 4-way handshake state machine; patched by every major vendor.

WPA3 (2018) — Simultaneous Authentication of Equals (SAE) instead of PSK exchange. Forward secrecy. Protects against offline dictionary attacks even when the password is weak. The current recommendation.

WPA3 also defines OWE (Opportunistic Wireless Encryption) for open networks — clients and APs negotiate an ephemeral key over an otherwise-unauthenticated channel, so coffee-shop Wi-Fi gets traffic encryption without a password.

Trade-offs#

2.4 GHz vs 5 GHz vs 6 GHz. 2.4 GHz penetrates walls better but has only 3 non-overlapping channels and shares spectrum with microwaves, Bluetooth, and baby monitors. 5 GHz has 25+ non-overlapping channels but shorter range. 6 GHz (Wi-Fi 6E) is clean but only available to Wi-Fi 6E / 7 devices and has the shortest range.
Channel width. 20 MHz channels are crowded but reliable; 80 or 160 MHz channels deliver multi-gigabit rates but step on every other AP in the area. Dense deployments use narrow channels.
Density vs range. High AP density gives every client a strong signal but creates co-channel interference. Lowering AP transmit power (20–50 mW instead of 100 mW) forces clients to pick the nearest AP and reduces inter-AP contention.
MU-MIMO and OFDMA. Wi-Fi 5 added downlink MU-MIMO (AP transmits to multiple clients simultaneously). Wi-Fi 6 added uplink OFDMA (multiple clients transmit in different sub-channels simultaneously). Both depend on capable clients — a single legacy client can drag a whole BSS back to single-user behaviour.
TCP over Wi-Fi. Hidden Layer-2 retransmissions confuse TCP’s loss-based congestion control. A retried frame at Layer 2 looks to TCP like high latency instead of loss; congestion control reacts wrong. BBR-style congestion control (model-based, not loss-based) handles Wi-Fi paths much better than CUBIC.

Common pitfalls#

Conflating signal strength with throughput. “Five bars” means the radio link is healthy; it says nothing about the channel being saturated by neighbours. A weak signal with no contention often outperforms a strong signal in a crowded channel.
Co-channel deployment in 2.4 GHz. Only channels 1, 6, and 11 are non-overlapping in the 2.4 GHz band. Using channel 3 or 8 interferes with both adjacent channels — worse than picking one of the canonical three.
WPA2-PSK with a weak password. A 4-way handshake captured from the air can be brute-forced offline. WPA3 (SAE) fixes this; WPA2 with a 20-char random password mitigates it.
Trusting “Open” networks. No authentication and no encryption. Captive-portal Wi-Fi is Open + a redirect — your traffic is in the clear until HTTPS kicks in. Use OWE-enabled networks when available.
Disabling lower-rate support to “speed up the network”. Disabling 1, 2, 5.5, 11 Mbps rates is common advice — but the beacon frames also drop to higher rates, shrinking coverage. Test the trade-off.
Ignoring the airtime of management frames. A network with a dozen SSIDs broadcast on every AP spends a measurable fraction of its airtime on beacons. Each SSID broadcast every 102.4 ms eats ~1% of airtime. Cap SSID count.
Bridging Wi-Fi and Ethernet on the same broadcast domain at scale. ARP storms, mDNS chatter, and broadcast traffic that’s fine on a wired LAN become serious airtime overhead on the wireless side. Segment.

Why does Wi-Fi throughput collapse when one slow client is on the network?

The slowest client dictates how much airtime is consumed per byte. A client at 6 Mbps takes ~10x longer to transmit a frame than a client at 60 Mbps. Because the medium is shared, every other client waits during that long transmission. Modern access points implement airtime fairness — giving each client equal time on the air instead of equal frames — which limits the damage but doesn’t eliminate it. The honest answer in capacity planning is to design for the slowest client you expect to serve.