Service set (802.11 network)

From Wikipedia, the free encyclopedia
  (Redirected from Service set identifier)
Jump to: navigation, search

In computer networking, a service set (SS) is a set consisting of all the devices associated with a consumer or enterprise IEEE 802.11 wireless local area network (WLAN). The service set can be local, independent, extended or mesh.

Service sets have an associated identifier, the service set identifier (SSID), which consists of 32 octets (bytes) that frequently contains a human readable identifier of the network.

Basic service set (BSS)[edit]

The basic service set (BSS) provides the basic building-block of an 802.11 wireless LAN. In infrastructure mode, a single access point (AP) together with all associated stations (STAs) is called a BSS;[1] not to be confused with the coverage of an access point, known as the basic service area (BSA).[2] The access point acts as a master to control the stations within that BSS; the simplest BSS consists of one access point and one station.

The IEEE 802.11s amendment defined an additional protocol for wireless mesh networks. Only mesh STAs participate in mesh functionalities such as formation of the mesh BSS, path selection, and forwarding. Accordingly, a mesh STA is not a member of an independent BSS (IBSS) or of an infrastructure BSS. Consequently, mesh STAs do not communicate with non-mesh STAs. However, instead of existing independently, an MBSS can interconnect with other BSSs through the distribution system (DS). Mesh STAs can communicate with non-mesh STAs through a logical architectural component called a Mesh Gate.

With 802.11, one can alternatively set up an ad hoc network of client devices without a controlling access point; the result is called an independent BSS (IBSS).[3]

Basic service set identifier (BSSID)[edit]

Each BSS is uniquely identified by a basic service set identifier (BSSID).[4]

For a BSS operating in infrastructure mode, the BSSID is the MAC address of the wireless access point (WAP) generated by combining the 24 bit Organization Unique Identifier (OUI, the manufacturer's identity) and the manufacturer's assigned 24-bit identifier for the radio chipset in the WAP. The BSSID is the formal name of the BSS and is always associated with only one BSS. Note, the MAC address concept is not limited to radio communication; wired networks use the very same 24+24 bit MAC address concept to uniquely identify the hosts.

The SSID is the informal (human) name of the BSS (just like a Windows Workgroup name). A BSS is functionally a contention domain as a local or workgroup network is functionally a broadcast domain.

A BSSID with a value of all 1s is used to indicate the wildcard BSSID, usable only during probe requests or for communications that take place outside the context of a BSS.[5]

Extended service set (ESS)[edit]

An extended service set (ESS) is a set of two or more interconnected wireless BSSs that share the same SSID (network name), security credentials and integrated (that is, providing translation between 802.3 and 802.11 frames) wired local area networks that appear as a single BSS to the logical link control layer at any station associated with one of those BSSs. This facilitates mobile IP and fast secure roaming applications. Furthermore, the BSSs may work on the same channel, or work on different channels to boost aggregate throughput.

Extended service set identifier (ESSID)[edit]

In an extended service set (ESS) each BSS still has its BSSID, however, the entire ESS uses only one SSID called an ESSID (to facilitate laptop and mobile internet device, MID, mobility; and voice over wifi, VoWiFi, roaming). For an IBSS, the BSSID is a locally administered MAC address generated from a 48-bit random number. The individual/group bit of the address is set to 0 (individual). The universal/local bit of the address is set to 1 (local).

Service set identifier (SSID)[edit]

Each BSS or ESS is identified by a service set identifier (SSID); a sequence of 0–32 octets. It is used as an identifier for a wireless LAN, and is intended to be unique for a particular area. Since this identifier must often be entered into devices manually by a human user, it is often a human-readable string and thus commonly called the "network name".[6]

A common, albeit incorrect assumption, is that an SSID is a string of human-readable characters (such as ASCII), terminated by a NUL character (as in a C-string). SSIDs must be treated and handled as what they are, a sequence of 0–32 octets, some of which may not be human-readable. Note that the 2012 version of the 802.11 standard defines a primitive SSID encoding, an enumeration of UNSPECIFIED and UTF-8, indicating how the array of octets can be interpreted.

In an IBSS, the SSID is chosen by the client device that starts the network, and broadcasting of the SSID is performed in a pseudo-random order by all devices that are members of the network

No security of SSID hiding[edit]

As a purported security enhancement, some access points allow a user to inhibit the broadcasting of their SSIDs, a tactic known as network cloaking; a station may then only join a BSS after the associated SSID has been specified explicitly. This tactic acts as a deterrent to the extent that it impedes casual wireless snooping, but is useless against widely available network scanners. Network cloaking is a form of security through obscurity and offers no protection against even the most basic attacks against a wireless network. Furthermore, the technique of SSID hiding forces wireless clients to probe for SSIDs everywhere they go, which makes them vulnerable to attackers who may set up a rogue access point emulating the probed network. As a consequence, hidden SSID probing at the client side involves greater security weaknesses than base station side beaconing.[7]


  1. ^ IEEE Std 802.11-2007, p. 6, section 3.16.
  2. ^ IEEE Std 802.11-2007, p. 5, section 3.15.
  3. ^ IEEE Std 802.11-2007, p. 25, section 5.21.
  4. ^ IEEE Std 802.11-2007, p. 6, section
  5. ^ IEEE Std 802.11p-2010, p. 3, section 5.2.10.
  6. ^ Vasseur & Dunkels 2010, p. 432.
  7. ^ "Why Non-Broadcast Networks are not a Security Feature". Microsoft Technet. Retrieved 2016-02-17.