MATLAB Examples

IEEE® 802.11™ WLAN - OFDM Beacon Receiver with USRP® Hardware

This example shows how to use the Universal Software Radio Peripheral (USRP®) device using SDRu (Software Defined Radio USRP) System objects™ to implement a WLAN receiver. The receiver is able to recover 802.11 OFDM Non-HT beacon frames transmitted over the air from commercial 802.11 hardware. OFDM beacons can be transmitted from 802.11a/g/n/ac access points. Packet information such as SSID and MAC addresses are printed to the command line during recovery. This example assumes an access point is within range and transmits OFDM beacons in the desired channel.

This example recovers only OFDM beacon packets only. An alternative Simulink® example, sdruwlan80211BeaconRx.mdl, recovers DSSS beacons.

Please refer to the Setup and Configuration section of Documentation for USRP® Radio for details on configuring your host computer to work with the SDRu Receiver System object.

This example requires the WLAN System Toolbox™.

Contents

Introduction

This example has the following objectives:

*Receive signals from commercial WLAN transmitters in MATLAB® using SDRu System objects.

*Illustrate the use of the WLAN System Toolbox and Communications System Toolbox™ with real-world signals and radio hardware demonstrating full packet synchronization and decoding.

In this example, the SDRuReceiver System object receives data corrupted by the transmission over the air and outputs complex baseband signals which are processed by the WLAN RF Front End object. This example shows the WLAN signal recovery functions working together in a streaming arrangement to recover packets.

Code Architecture

The function runWLANNonHTReceiver implements packet capture and synchronization using two System objects, comm.SDRuReceiver and RFFrontEnd. Once captured, the packet is decoded with WLAN System Toolbox functions.

SDRu Receiver

MATLAB communicates with the USRP® board using the SDRu receiver System object. The parameter structure Config.RadioInfo sets the hardware parameters such as Gain, DecimationFactor, and MasterClockRate.

RF Front End

RFFrontEndWLANBeacon provides packet synchronization and collection. This happens in four stages:

1. Packet Detection: First a packet must be detected before any processing begins. This is accomplished by auto-correlating input symbols. Since the beginning of each 802.11 OFDM packet contains a repetitive structure called the L-STF, peaks will occur in the correlation when this packet is present. The L-STF is then extracted and used for coarse frequency offset estimation.

2. Symbol Timing: Once a packet has been detected, several future symbols are captured into a buffer. This buffer is cross-correlated against to locate the L-LTF. Locating the L-LTF first provides fine symbol timing, identifying OFDM symbol boundaries for all successive symbols in the packet. After the entire L-LTF is captured it is used for channel estimation and fine frequency offset estimation.

3. L-SIG Decoding: The first OFDM symbol after the L-LTF is the L-SIG field. This field must be recovered and decoded to determine the modulation, code rate, and length of the subsequent payload. The information is used to first capture the correct amount of data after the L-SIG for a complete payload.

4. Payload Decoding: All OFDM symbols after the L-SIG are buffered to a length determined by the L-SIG field. After all the symbols have been captured, they are demodulated and decoded into their source bits. The source bits are then evaluated. This evaluation includes CRC checking, header, and body extraction. If the packet is of subtype beacon , summary information will be printed about the recovered packet.

Once a full packet is received or any failures occur during the processing chain, the receiver will return to packet detection to search for more packets. This process is repeated for the duration of the requested capture time. The capture time is related to the amount of data pulled from the radio, not the runtime of the physical simulation.

Check for presence of WLAN System Toolbox

if isempty(ver('wlan'))
    error('Please install WLAN System Toolbox to run this example.');
end

Discover Radio

Discover radio(s) connected to your computer. This example uses the first USRP radio found using the findsdru function. Check if the radio is available. Record the radio type and set configurations based on that type.

Config.RadioInfo = getRadioInfoWLANBeacon();
disp(Config.RadioInfo);
Checking radio connections...
                USRPGain: 50
                Platform: 'B210'
                 Address: 'ECR04ZDBT'
         MasterClockRate: 20000000
    USRPDecimationFactor: 1

Set Simulation Parameters

Request user input from the command-line for simulation parameters. You will be asked for 1) capture duration in seconds, 2) plotting status (on/off), 3) the amount of data to display from the recovered packets, 4) to enable vendor lookup for mac addresses, 5) channel starting frequency, and 6) channels you want to scan. If vendor lookup is enabled this function will also download a MAC address lookup table, made publicly available by the IEEE.

Config.SimInfo = getUserInputWLANBeacon();

% To find valid channel starting frequencies and channel numbers in
% your geographic location, please refer to Annex E of the IEEE 802.11
% standard. The default channel starting frequency, 5e9, is a possible
% value for North America.

% Get channel starting frequency
reply = input('What is the channel starting frequency (Hz)? [5e9]: ','s');
if isempty(reply)
    reply = '5e9';
end
channelStartingFreq = str2double(reply);

% Get channels to scan
reply = input('Which channels do you want to scan (integer(s) between 1 and 200)? [153,157]: ','s');
if isempty(reply)
    reply = '[153,157]';
end
channelsToScan = reshape(str2num(reply),[],1); %#ok<ST2NM>
Seconds of data to capture? [0.2]: 
Do you want to enable scopes? Y/N [N]: 
Do you want to display packet info?
1 == SSID only (default)
2 == Additional beacon packet info
3 == Show all packets (includes non-beacons)
[1]: 
Do you want display vendors for MAC addresses?
(Vendor list must be downloaded once, this may take a minute or two) Y/N [N]: 
What is the channel starting frequency (Hz)? [5e9]: 
Which channels do you want to scan (integer(s) between 1 and 200)? [153,157]: 

Codegen acceleration

To accelerate receiver function performance, generate code if you have valid MATLAB Coder™ license.

runCodegen = false;
if checkCodegenLicense
    reply = input('Do you want to generate MEX file for receiver? Y/N [N]: ','s');
    if isempty(reply)
        reply = 'N';
    end
    if strcmpi(reply,'Y')
        runCodegen = true;
    end
end
compileIt = runCodegen;

% Generate MEX file for receiver
if compileIt
    fprintf('Generating MEX file for receiver\n');
    clear runWLANNonHTReceiver_mex
    codegen('runWLANNonHTReceiver','-args',{1e9,coder.Constant(Config)});
end
Do you want to generate MEX file for receiver? Y/N [N]: 

Capture and Decode OFDM-based Packets

Capture and try to decode packets at the channels list for the amount of time requested. The center frequency is a tunable parameter for the radio; therefore, it can be changed without having to regenerate code for the entire receiver function.

for channel= 1:length(channelsToScan)
    % Calculate center frequency for channel
    WiFiCenterFrequency = channelStartingFreq + 5e6*channelsToScan(channel);

    % Run receiver
    fprintf('Running receiver at channel %d (%1.3f GHz)\n',...
        channelsToScan(channel),WiFiCenterFrequency/1e9);

    if runCodegen
        runWLANNonHTReceiver_mex(WiFiCenterFrequency,Config);
    else
        runWLANNonHTReceiver(WiFiCenterFrequency,Config);
    end
end

% Run complete
fprintf('Desired channel(s) scanned\n');
Running receiver at channel 153 (5.765 GHz)
SSID: w-guest
Packets Decoded: 1
---------------
SSID: w-guest
Packets Decoded: 2
---------------
### Processed 100 milliseconds of received data ...
SSID: w-guest
Packets Decoded: 3
---------------
SSID: w-guest
Packets Decoded: 4
---------------
### Processed 200 milliseconds of received data ...
Running receiver at channel 157 (5.785 GHz)
SSID: w-guest
Packets Decoded: 5
---------------
### Processed 100 milliseconds of received data ...
SSID: w-guest
Packets Decoded: 6
---------------
### Processed 200 milliseconds of received data ...
Desired channel(s) scanned

When running the simulation, the recovered packets are decoded as soon as they are captured. If they pass their CRC check and they are of the subtype beacon, information will be printed to the command-line.

The gain behavior of different USRP® daughter boards varies considerably. Thus, the gain setting defined in this example may not be well-suited for your daughter boards. If packets are not properly decoded by the receiver system, you can vary the gain of the source signals in SDRu Receiver System objects by changing the Config.USRPGain value in getRadioInfoWLANBeacon.m.

The desired collection time should not exceed 5 seconds. To ensure contiguous data from the USRP, burst mode is used, which internally stores samples in a separate buffer. The maximum size of this buffer is OS dependent and will be exceeded when the collection time is too long. When using the B-Series USRP devices, it can be useful to reset the radio by running call_uhd_app('b2xx_fx3_utils','-D') if the function runWLANNonHTReceiver was exited prematurely.

Appendix

This example uses the following script and helper functions:

The following WLAN System Toolbox functions were also used:

References

Copyright Notice

Universal Software Radio Peripheral® and USRP® are trademarks of National Instruments Corp.