MATLAB Examples

IEEE® 802.11™ WLAN - OFDM Beacon Receiver with USRP® Hardware

This example shows how to use the Universal Software Radio Peripheral (USRP®) device using SDRu (Software Defined Radio USRP®) System objects™ to implement a WLAN receiver. The receiver is able to recover 802.11 OFDM Non-HT beacon frames [ 1 ] transmitted over the air from commercial 802.11 hardware. OFDM beacons can be transmitted from 802.11a/g/n/ac access points and are typically found in the 5 GHz band. Packet information such as SSID and MAC addresses are printed to the command line during recovery. This example assumes an access point is within range and transmits OFDM beacons in the desired channel.

This example recovers only OFDM beacon packets only. An alternative Simulink® example, sdruwlan80211BeaconRx.mdl, recovers DSSS beacons.

Please refer to the Setup and Configuration section of Documentation for USRP® Radio for details on configuring your host computer to work with the SDRu Receiver System object.

This example requires the WLAN System Toolbox™.

Contents

Introduction

This example has the following objectives:

  • Receive signals from commercial WLAN transmitters in MATLAB® using SDRu System objects.
  • Illustrate the use of the WLAN System Toolbox and Communications System Toolbox™ with real-world signals and radio hardware demonstrating full packet synchronization and decoding.

In this example, the SDRuReceiver System object receives data corrupted by the transmission over the air and outputs complex baseband signals which are processed by the WLAN RF Front End object. This example shows the WLAN signal recovery functions working together in a streaming arrangement to recover packets.

Code Architecture

The function runWLANNonHTReceiver implements packet capture and synchronization using two System objects, comm.SDRuReceiver and RFFrontEnd. Once captured, the packet is decoded with WLAN System Toolbox functions.

SDRu Receiver

MATLAB communicates with the USRP® board using the SDRu receiver System object. The parameter structure Config.RadioInfo sets the hardware parameters such as Gain, DecimationFactor, and MasterClockRate.

RF Front End

nonHTFrontEnd provides packet synchronization and collection. This happens in four stages:

  1. Packet Detection: First a packet must be detected before any processing begins. This is accomplished by auto-correlating input symbols. Since the beginning of each 802.11 OFDM packet contains a repetitive structure called the L-STF, peaks will occur in the correlation when this packet is present. The L-STF is then extracted and used for coarse frequency offset estimation.
  1. Symbol Timing: Once a packet has been detected, several future symbols are captured into a buffer. This buffer is cross-correlated against to locate the L-LTF. Locating the L-LTF first provides fine symbol timing, identifying OFDM symbol boundaries for all successive symbols in the packet. After the entire L-LTF is captured it is used for channel estimation and fine frequency offset estimation.
  1. L-SIG Decoding: The first OFDM symbol after the L-LTF is the L-SIG field. This field must be recovered and decoded to determine the modulation, code rate, and length of the subsequent payload. The information is used to first capture the correct amount of data after the L-SIG for a complete payload.
  1. Payload Decoding: All OFDM symbols after the L-SIG are buffered to a length determined by the L-SIG field. After all the symbols have been captured, they are demodulated and decoded into their source bits. The source bits are then evaluated. This evaluation includes CRC checking, header, and body extraction. If the packet is of subtype beacon, summary information will be printed about the recovered packet.

Once a full packet is received or any failures occur during the processing chain, the receiver will return to packet detection to search for more packets. This process is repeated for the duration of the requested capture time. The capture time is related to the amount of data pulled from the radio, not the runtime of the physical simulation.

Check for presence of WLAN System Toolbox

if isempty(ver('wlan'))
    error('Please install WLAN System Toolbox to run this example.');
end

Discover Radio

Discover radio(s) connected to your computer. This example uses the first USRP® radio found using the findsdru function. Check if the radio is available. Record the radio type and set configurations based on that type.

Config.RadioInfo = getRadioInfoWLANBeacon();
disp(Config.RadioInfo);

Set Simulation Parameters

Request user input from the command-line for simulation parameters. You will be asked for 1) capture duration in seconds, 2) plotting status (on/off), 3) the amount of data to display from the recovered packets, 4) to enable vendor lookup for mac addresses, 5) band of interest, and 6) channels you want to scan. If vendor lookup is enabled this function will also download a MAC address lookup table, made publicly available by the IEEE.

Config.SimInfo = getUserInputWLANBeacon();

To find valid channel channel numbers in your geographic location, please refer to the documentation.

% Get channel number
reply = input(['What is the band you want to scan?\n', ...
    '1 == 5 GHz band (default)\n',...
    '2 == 2.4 GHz band\n[1]: '],'s');
if isempty(reply)
    reply = '1';
end
if strcmp(reply,'1')
    bandToScan = 5;
    validChannels = [...
        '  7-16    (5.035-5.080 GHz)\n' ...
        '  34-64   (5.170-5.320 GHz)\n' ...
        '  100-144 (5.550-5.720 GHz)\n' ...
        '  149-165 (5.745-5.825 GHz)\n' ...
    ];
    defaultChannels = '[153 157]';
else
    bandToScan = 2.4;
    validChannels = [...
        '  1-13    (2.412-2.472 GHz)\n'...
        '  14      (2.484 GHz)\n'...
    ];
    defaultChannels = '[1 6]';
end

% Get channels to scan
reply = input(['Valid channel numbers are:\n' validChannels ...
    'Which channels do you want to scan? ' defaultChannels ':'],'s');
if isempty(reply)
    reply = defaultChannels;
end
channelsToScan = reshape(str2num(reply),[],1); %#ok<ST2NM>

Codegen acceleration

To accelerate receiver function performance, generate code if you have valid MATLAB Coder™ license.

runCodegen = false;
if checkCodegenLicense
    reply = input('Do you want to generate MEX file for receiver? Y/N [N]: ','s');
    if isempty(reply)
        reply = 'N';
    end
    if strcmpi(reply,'Y')
        runCodegen = true;
    end
end
compileIt = runCodegen;

% Generate MEX file for receiver
if compileIt
    fprintf('Generating MEX file for receiver\n');
    clear runWLANNonHTReceiver_mex
    codegen('runWLANNonHTReceiver','-args',{1e9,coder.Constant(Config)});
end

Capture and Decode OFDM-based Packets

Capture and try to decode packets at the channels list for the amount of time requested. The center frequency is a tunable parameter for the radio; therefore, it can be changed without having to regenerate code for the entire receiver function.

for channel= 1:length(channelsToScan)
    % Calculate center frequency for channel
    WiFiCenterFrequency = helperWLANChannelFrequency(channelsToScan(channel),bandToScan);

    % Run receiver
    fprintf('Running receiver at channel %d (%1.3f GHz)\n',...
        channelsToScan(channel),WiFiCenterFrequency/1e9);

    if runCodegen
        runWLANNonHTReceiver_mex(WiFiCenterFrequency,Config);
    else
        runWLANNonHTReceiver(WiFiCenterFrequency,Config);
    end
end

% Run complete
fprintf('Desired channel(s) scanned\n');

When running the simulation, the recovered packets are decoded as soon as they are captured. If they pass their CRC check and they are of the subtype beacon, information will be printed to the command-line. A sample output is as follows:

Running receiver at channel 153 (5.765 GHz)
SSID: w-guest
Packets Decoded: 1
---------------
SSID: w-guest
Packets Decoded: 2
---------------
### Processed 100 milliseconds of received data ...
SSID: w-guest
Packets Decoded: 3
---------------
SSID: w-guest
Packets Decoded: 4
---------------
### Processed 200 milliseconds of received data ...
Running receiver at channel 157 (5.785 GHz)
SSID: w-guest
Packets Decoded: 5
---------------
### Processed 100 milliseconds of received data ...
SSID: w-guest
Packets Decoded: 6
---------------
### Processed 200 milliseconds of received data ...
Desired channel(s) scanned

The gain behavior of different USRP® daughter boards varies considerably. Thus, the gain setting defined in this example may not be well-suited for your daughter boards. If packets are not properly decoded by the receiver system, you can vary the gain of the source signals in SDRu Receiver System objects by changing the Config.USRPGain value in the receiver initialization file.

The desired collection time should not exceed 5 seconds. To ensure contiguous data from the USRP®, burst mode is used, which internally stores samples in a separate buffer. The maximum size of this buffer is OS dependent and will be exceeded when the collection time is too long. When using the B-Series USRP® devices, it can be useful to reset the radio by running call_uhd_app('b2xx_fx3_utils','-D') if the function runWLANNonHTReceiver was exited prematurely.

Appendix

This example uses the following script and helper functions:

The following WLAN System Toolbox functions were also used:

References

  1. IEEE Std 802.11-2012 (Revision of IEEE Std 802.11-2007) - IEEE Standard for Information technology--Telecommunications and information exchange between systems Local and metropolitan area networks--Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications

Copyright Notice

Universal Software Radio Peripheral® and USRP® are trademarks of National Instruments Corp.