MAC sublayer functions in Wi-Fi network architecture

Wireless networks have become an integral part of modern digital infrastructure, providing mobility and flexibility for device connectivity. IEEE 802.11 standards are based on a complex multilayer architecture, with each layer performing strictly defined tasks to ensure guaranteed data delivery. Particular attention should be paid to the OSI model's data link layer, which, in the context of Wi-Fi, is divided into two logical sublayers: LLC and MAC.

Exactly Media Access Control The MAC (Media Access Control) sublayer handles the bulk of the work of organizing the interaction of multiple devices in a shared radio environment. Unlike wired networks, where collisions are rare, wireless data transmission requires complex collision avoidance algorithms. Understanding the functions implemented by this sublayer is essential for properly configuring security and optimizing local network performance.

In this article, we'll take a detailed look at the MAC protocol, its role in addressing nodes and managing data flows. You'll learn how frames are assembled, why unique physical addresses are important, and how a network protects itself from unauthorized access at the hardware level. This knowledge will help you better diagnose connection issues and understand your router's operating logic.

Architecture of the data link layer and the place of the MAC protocol

The OSI model's data link layer in the 802.11 family of standards is heterogeneous and is divided into two functional parts to improve efficiency. The upper part, known as Logical Link Control (LLC), is responsible for interaction with the network layer and protocol multiplexing. The lower part, or Media Access Control, directly interacts with the physical layer (PHY), controlling the transmission of bits over the radio channel.

The main reason for this separation lies in the specifics of the wireless environment. While Ethernet uses a collision detection method (CSMA/CD), a Wi-Fi device cannot simultaneously transmit and listen on the same frequency with sufficient efficiency. MAC sublayer implements the CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) mechanism, which prevents packet collisions before their transmission begins.

The functionality of the MAC protocol is strictly regulated by IEEE specifications, which ensures compatibility between equipment from different manufacturers. Whether it is Ubiquiti, MikroTik or consumer routers TP-Link, all of them share the same rules for framing and accessing the medium. This allows devices from different vendors to seamlessly exchange data within a single network.

  • 📡 Provides access to a shared wireless data transmission medium.
  • 🛡️ Implements collision prevention and frame retransmission mechanisms.
  • 🔗 Manages the logical connection between the access point and the client device.
⚠️ Attention: Don't confuse the functions of a MAC address (physical identifier) ​​and an IP address. MAC addressing only works within a single network segment (up to the router), while IP is used for routing between different networks.

Interaction between LLC and MAC occurs through special primitives that enable the transfer of data and control commands. This modularity allows for wireless standards to be upgraded (for example, from Wi-Fi 5 to Wi-Fi 6) by changing the physical layer and modulation methods, while leaving the upper layers of the protocol stack unchanged.

Node addressing and media access control

One of the fundamental tasks of the MAC sublayer is to uniquely identify each device on the network. To achieve this, each network interface is assigned a unique identifier during production. MAC address — a 48-bit identifier stored in the device's ROM. This address is used to deliver frames between nodes within the local network segment.

Medium Access Control (MAC) is critical to Wi-Fi stability. The protocol uses a listen-before-transmit algorithm. If the channel is busy, the device waits a random amount of time before retrying, minimizing the likelihood of multiple clients transmitting data simultaneously. This mechanism is known as backoff procedure.

Additionally, the MAC sublayer is responsible for network time synchronization. Access points periodically send out special control frames— Beacon frames (beacons) that contain network information and timestamps. Client devices use this data to maintain synchronization and enter power-saving mode, temporarily disabling the radio module.

📊 Which Wi-Fi standard do you use most often?
Wi-Fi 4 (802.11n)
Wi-Fi 5 (802.11ac)
Wi-Fi 6 (802.11ax)
Wi-Fi 7 (802.11be)
Don't know

It's important to note that access control also includes delivery confirmation mechanisms. Upon receiving a frame, the recipient is required to send an acknowledgement (ACK). If the sender does not receive an ACK within a specified timeout, it considers the frame lost and initiates retransmission. This ensures reliable data delivery in an unstable wireless environment.

802.11 Frame Structure and Data Formatting

Data in Wi-Fi networks is transmitted in frames with a special structure, the formation of which is the direct responsibility of the MAC sublayer. Unlike Ethernet frames, 802.11 frames have a more complex header structure, containing up to four addressing fields. This is necessary for the implementation of bridges and access points, which must know not only the sender and receiver, but also the network coordinators.

The MAC frame header contains information about the frame type (management, control, or data), power status, security, and other parameters. Field Frame Control is the first field in the frame and dictates how the receiving end processes it. Errors in interpreting this field can lead to connection loss or failure to decode the packet.

Following the header is the Payload field (frame body), which contains data from higher layers (e.g., IP packets), and the frame ends with a checksum (FCS). The checksum is calculated using the CRC algorithm and allows the recipient to determine whether the data has been corrupted during transmission over the air. If the CRC does not match, the frame is discarded.

Frame field Size (bytes) Function Description
Frame Control 2 Frame type, protocol version, security flags
Duration/ID 2 Channel time or association identifier
Address 1-4 6 (each) Recipient and sender addresses, BSSID, etc.
Sequence Control 2 Sequence and fragment number for assembly
FCS 4 Frame checksum (CRC)

The payload size of a frame is also regulated by the MAC sublayer. There's a concept called the MTU (Maximum Transmission Unit), which limits the maximum packet size. If the application's data exceeds this limit, fragmentation occurs, which we'll discuss in the next section.

Fragmentation and assembly of data packets

In noisy radio environments, the probability of error when transmitting a long data packet is significantly higher than when transmitting a short one. To minimize losses, the MAC sublayer implements a mechanism fragmentationLarge data packets are broken into smaller fragments, which are transmitted independently of each other.

Each fragment is numbered in the Sequence Control field, allowing the receiving end to correctly reassemble the original packet. If one fragment is lost or damaged, only that specific fragment, rather than the entire original packet, must be retransmitted. This significantly increases channel throughput in noisy environments.

The reassembly process occurs on the receiver's side. The MAC protocol buffers incoming fragments and waits for all parts with matching sequence numbers to arrive. Only after all fragments are successfully assembled is the data passed up to the LLC layer.

The influence of fragment size on speed

Reducing the fragment size (Fragmentation Threshold) can improve connection stability in noisy networks, but reduces overall throughput due to the overhead of writing each new fragment header. The optimal value is determined experimentally.

There's also an RTS/CTS (Request to Send / Clear to Send) mechanism, which often works in conjunction with fragmentation. Before transmitting data, the device sends a short request to the access point. If the channel is clear, the access point broadcasts a "silent" command to all other clients for the duration of the current frame's transmission. This solves the "hidden node" problem, where two clients can't hear each other but interfere with a shared access point.

Power saving modes and power management

For mobile devices such as smartphones and laptops, power consumption is critical. The 802.11 MAC sublayer provides special operating modes that allow the client to periodically turn off the radio transmitter to conserve battery power. This mechanism is coordinated by the access point.

When a device enters sleep mode, it notifies the access point. The access point stops sending data directly and begins buffering it in its memory. In Beacon frames, which are sent regularly, the access point indicates whether there is data in the buffer for sleeping clients.

  • 💤 The client device wakes up strictly according to the timer to listen for beacons.
  • 📥 If the data is available, the client sends a request to receive it (PS-Poll).
  • ⚡ After receiving the data, the device may go into sleep mode again.

There are several versions of power-saving mechanisms, including legacy PS-Poll and the more modern U-APSD (Unscheduled Automatic Power-Save Delivery). The latter allows the device to sleep longer and wake up only when it is ready to send data, which is significantly more efficient for interactive applications.

⚠️ Attention: Enabling aggressive power-saving modes on your Wi-Fi adapter can lead to increased ping (latency) and instability in online games or video calls. If responsiveness is important, we recommend using the "Maximum Performance" mode.

MAC-level security and access control

Although the main encryption protocols (WPA2, WPA3) operate at the interface between the MAC and upper layers, it is the MAC sublayer that implements the primary access control mechanisms. One of these is MAC address filtering. The network administrator can create a whitelist of allowed devices, and the access point will ignore association requests from any other addresses.

However, relying solely on MAC filtering is not recommended. MAC addresses are transmitted in the clear even on encrypted networks (in the headers of control frames), making it easy for an attacker to intercept a legitimate address and clone it on their device. This process is called MAC spoofing.

More advanced security features, such as association flood protection or rogue access point detection, are also implemented at this layer. Modern wireless intrusion detection systems (WIPS) analyze device MAC behavior to identify anomalies.

Corporate networks often utilize dynamic encryption key changes and client isolation, which are also controlled by MAC sublayer policies. This prevents direct communication between user devices within the same Wi-Fi network, routing all traffic through a security gateway.

Diagnostics and optimization of MAC layer operation

Understanding the MAC sublayer's functions helps in diagnosing Wi-Fi problems. For example, a high retrace rate (retransmission rate) indicates signal quality issues or interference, which causes the MAC protocol to constantly request frame retransmissions. Monitoring CRC error counters and retrace rates is an engineer's first step in troubleshooting.

Packet sniffers such as Wireshark or specialized spectrum analyzers are used to analyze network performance. They allow you to see raw 802.11 frames, analyze the intervals between Beacon frames, and assess bandwidth usage. By viewing the frame structure, you can determine whether the network is being flooded with control packets from a faulty device.

Optimization often comes down to choosing the right channel and bandwidth, which impacts airtime contention. In dense environments with numerous neighboring networks, properly setting fragmentation thresholds and RTS/CTS can significantly improve the situation, although in modern Wi-Fi 6 standards, these mechanisms operate automatically and more efficiently.

☑️ Diagnosing MAC-level problems

Completed: 0 / 4

It's worth remembering that router software is constantly updated, and MAC protocol algorithms may be improved by the manufacturer. Always consult the official documentation for your equipment if you plan to make changes to the advanced settings of the wireless module.

FAQ: Frequently Asked Questions

Is it possible to change the MAC address of a network card programmatically?

Yes, this process is called MAC spoofing. Operating systems allow you to temporarily change the software MAC address in the network adapter settings. However, the physical address hardcoded into the chip remains unchanged and is restored after a reset or driver reinstallation.

Does the number of connected devices affect Wi-Fi speed?

Absolutely. Since the MAC protocol uses a time-sharing (TDMA-like approach), each device is allocated only a fraction of the airtime. The more clients compete for the channel, the greater the overhead of service frames and context switches, which reduces overall throughput.

What is a BSSID and how is it different from a MAC address?

A BSSID (Basic Service Set Identifier) ​​is typically the MAC address of an access point's radio module, which identifies a specific wireless network (BSS). While a client's MAC address is unique to the device, the BSSID identifies the Wi-Fi "cell" to which you are connecting.

Why is my old laptop slowing down my entire Wi-Fi network?

It's likely using an older standard (e.g., 802.11b/g), which requires longer security intervals and transmits data more slowly. The access point is forced to synchronize with the slowest client in these scenarios, which reduces airtime efficiency for everyone else.

Do I need to enable WMM for Wi-Fi to work?

Yes, WMM (Wi-Fi Multimedia) is a mandatory requirement for Wi-Fi Certified devices. This MAC-level traffic prioritization mechanism is critical for the proper operation of voice and video communications. Without it, the speed and stability of your equipment may significantly decrease.