Antennas & MIMO

A passive antenna creates no power. What "gain" measures is how an antenna concentrates the fixed power it is fed into some directions at the expense of others. IEEE Std 145-2013 defines gain as the ratio of the radiation intensity in a given direction to the intensity that would be produced if the same accepted power were radiated isotropically, that is, equally in every direction. Gain combines two factors, G = nD, where n is radiation efficiency and D is directivity.

The reference matters. Gain expressed in dBi is relative to a theoretical isotropic radiator, a point source that radiates uniformly in all directions. Gain in dBd is relative to a half-wave dipole, and because a lossless half-wave dipole already concentrates energy slightly (a directivity of 1.64, which is 10 log10(1.64) = 2.15 dB), the two scales differ by a fixed offset: dBi = dBd + 2.15. A datasheet quoting "9 dBd" is claiming 11.15 dBi. dBi is the more common convention in Wi-Fi.

The trade is geometric and unavoidable. Concentrating energy into a narrower beam raises peak gain but shrinks the angular region the antenna covers; spreading energy over a wider region lowers gain. Higher gain therefore buys range and a louder signal on-axis, but it costs coverage angle and demands tighter aiming. For a field operator this is the whole story of antenna selection: you are choosing the shape of your coverage, not adding free power.

An omnidirectional antenna radiates evenly around its vertical axis. Seen from above the horizontal pattern is a circle; in three dimensions it is a doughnut with a null straight up and straight down the mast. The familiar "rubber duck" whip on an access point or USB adapter is omnidirectional and low gain. It is the right choice when clients can be anywhere around the radio: a central access point, a survey rig, or a monitor station that should hear traffic from every bearing.

Directional antennas trade that all-around coverage for reach in one direction. A patch (panel) antenna is a flat element that produces a broad forward lobe, typically tens of degrees wide, and is easy to wall-mount; it suits covering one room or aiming across a courtyard. A yagi is an end-fire array of a driven element plus parasitic directors and reflectors that produces a narrow forward lobe and meaningful front-to-back ratio; it is for reaching a known distant point. A sector antenna deliberately covers a fixed horizontal arc, with common sector widths of 60, 90, or 120 degrees, and is the building block of a multi-sector site where several sectors tile a full circle while each one keeps directional gain. Pointing an omnidirectional antenna does nothing useful; aiming a yagi a few degrees off can drop the link entirely.

Polarization is the orientation of the wave's electric field, set by the antenna's geometry: vertical, horizontal, or circular. It matters because a polarization mismatch between transmit and receive antennas loses signal (in the ideal cross-polarized case, almost all of it). Most Wi-Fi gear is vertically polarized, which is why a tilted client antenna can degrade a marginal link. For monitoring or aiming a directional link, matching polarization at both ends preserves the margin that gain bought you.

Whether a link works at a given distance is decided by the link budget, a running tally in decibels of every gain and loss between the two radios. Three quantities set it:

• EIRP (effective isotropic radiated power) is how loud a transmitter is in its strongest direction: transmit power plus antenna gain minus cable loss, in dBm. Regulators cap it; in the US a 2.4 GHz access point may run up to 36 dBm EIRP, while a handheld client sits far lower.
• Path loss is what the wave gives up crossing the gap. In free space it follows the free-space path loss law, FSPL(dB) = 20 log10(d) + 20 log10(f) + 32.44, with distance d in kilometres and frequency f in MHz. Two facts fall straight out of it: loss climbs with distance (about 6 dB per doubling, a quarter of the power), and it climbs with frequency the same way. Walls, floors, and bodies add more on top.
• Receiver sensitivity is the faintest signal the receiver can still decode, a negative dBm figure where more negative is better. A radio might need -90 dBm for its slowest, most robust rate but -65 dBm for its fastest.

The link closes when the signal arriving at the receiver (EIRP, minus path loss, plus the receive antenna's gain) clears the sensitivity floor with margin to spare. Everything antennas do, adding gain, aiming tighter, matching polarization, is just buying back decibels in this budget.

A link has two directions, and they are rarely balanced. The access point is the privileged end: higher transmit power, larger or higher-gain antennas, several receive chains it can combine, and a more sensitive front end. A phone or laptop transmits at lower power from small antennas with fewer chains. An IoT device (a sensor, a smart plug, a battery doorbell) is weaker still: a tiny PCB antenna, a single chain, and transmit power deliberately held low to save battery and cost.

The result is an asymmetric link. The downlink (access point to device) is loud and closes at long range; the uplink (device back to access point) is quiet and gives out first. You can sit far enough away to receive an access point's beacons cleanly and still be unable to associate, because your replies never make it back. Two-way range is set by the weaker uplink, not by the beacon you can hear.

That asymmetry is exactly why passive capture reaches farther than interaction. With a sensitive receiver and a high-gain directional antenna, an operator can hear and record an access point's frames, beacons, and even handshakes, from well beyond the distance at which they could associate, inject, or reliably deauthenticate a client. Listening only needs one direction to close; doing anything needs both.

Treat any single number with suspicion: range depends on band, walls, interference, and antennas, and marketing figures assume open-air best cases. As rough, real-world indoor expectations:

• Access point: on 2.4 GHz, roughly 30 to 45 m indoors through a few interior walls, and 90 m or more outdoors with line of sight; on 5 GHz, closer to 15 to 25 m indoors, since the higher frequency is absorbed faster.
• Phone or laptop: it can hear the access point across those distances, but its lower-power reply caps reliable two-way use at less, which is why a "full bars" beacon can still ride a connection that drops at the edge.
• IoT device: often only a handful of metres to perhaps 10 to 15 m reliably indoors, which is why smart-home gear near the edge of coverage is the first to fall off.
• Aimed point-to-point: with a high-gain directional antenna at both ends and clear line of sight, dedicated links span kilometres, the same link budget spent entirely on antenna gain and clear air instead of all-around coverage.

The band a network uses trades reach against capacity, and the trade comes straight out of the link budget above:

• 2.4 GHz reaches farthest and penetrates walls best (lowest frequency, lowest path loss), but the band is narrow and crowded, with only three non-overlapping 20 MHz channels, so throughput and resistance to interference are lowest.
• 5 GHz offers far more channels and higher throughput, at shorter range and weaker wall penetration.
• 6 GHz (Wi-Fi 6E and Wi-Fi 7) adds the most clean spectrum and the highest capacity, but has the shortest reach and the poorest penetration, and indoor use is held to low power, which shortens it further.

The rule of thumb is simple: lower frequency buys distance, higher frequency buys capacity. A network that must blanket a large area leans on 2.4 GHz; one that must move data fast to nearby clients leans on 5 or 6 GHz.

A single antenna sends one stream of symbols at a time. MIMO uses multiple transmit and receive antennas to send several independent data streams, called spatial streams, on the same channel at the same time. It works because a rich multipath environment makes the path from each transmit antenna to each receive antenna distinct; the receiver solves the resulting matrix to separate streams that overlap in frequency and time. Each added spatial stream is, in principle, another multiple of throughput on the same spectrum.

A radio's MIMO capability is written as transmit x receive : streams, for example 4x4:4. IEEE 802.11n (Wi-Fi 4, 2009) introduced MIMO to Wi-Fi with up to four spatial streams. IEEE 802.11ac (Wi-Fi 5, 2013) raised the ceiling to eight spatial streams at the access point, with clients commonly supporting up to four. IEEE 802.11ax (Wi-Fi 6, ratified by the IEEE Standards Board on 9 February 2021) keeps the eight-stream maximum but changes how those streams are shared, as the next sections describe. Real throughput depends on how many antennas both ends have and on the channel: line-of-sight with little multipath can actually reduce spatial-stream separation, so MIMO gains are environment-dependent rather than guaranteed.

Where plain MIMO sends independent streams, transmit beamforming uses multiple antennas to shape one signal, adjusting the phase and amplitude fed to each antenna so the waves add constructively at the intended receiver and partially cancel elsewhere. The result is a higher signal-to-noise ratio at that client without raising total transmit power. To do this the transmitter (the beamformer) needs to know the channel to the receiver (the beamformee).

The two ways to learn that channel define the two forms. In implicit beamforming the beamformer estimates the channel from frames it receives from the client, assuming the channel is reciprocal in both directions; it needs no special feedback but is sensitive to calibration. In explicit beamforming the beamformer sends a known sounding frame, a null data packet (NDP), the beamformee measures the channel and returns a compressed feedback matrix (the steering or V matrix), and the beamformer uses that to compute its weights. 802.11n defined several optional beamforming methods and almost no two vendors implemented the same ones, so cross-vendor beamforming was effectively absent; 802.11ac standardized on a single explicit, channel-sounding method, which is what made beamforming interoperable in practice and is the basis for the multi-user techniques below.

Single-user MIMO sends all its spatial streams to one client at a time. Multi-user MIMO (MU-MIMO) uses beamforming to send distinct spatial streams to several clients simultaneously, giving each its own stream so the access point's antennas serve a group at once instead of in sequence. 802.11ac Wave 2 introduced MU-MIMO in the downlink direction (access point to clients). 802.11ax extends MU-MIMO to the uplink as well, so multiple clients can transmit to the access point at the same time, and supports up to eight users across the eight spatial streams. MU-MIMO suits a handful of clients each with substantial data, especially large frames.

OFDMA subdivides capacity along a different axis. A 20 MHz channel is built from many narrow subcarriers; in 802.11ax the subcarrier spacing is 78.125 kHz, four times finer than 802.11ac's 312.5 kHz, paired with a longer 12.8 microsecond symbol (four times the legacy 3.2 microseconds). OFDMA groups those subcarriers into resource units (RUs), and the access point can hand different RUs to different clients within one transmission. RU sizes are 26, 52, 106, 242, 484, and 996 tones, corresponding to roughly 2, 4, 8, 20, 40, and 80 MHz of bandwidth. Using the smallest 26-tone RUs, a single 20 MHz channel can serve up to nine users at once, and like MU-MIMO, OFDMA works in both downlink and uplink, scheduled by the access point. OFDMA shines for many clients each sending small frames, where the per-frame overhead of taking the whole channel in turn would dominate.

These are complementary, not competing. OFDMA divides a channel in frequency (each client gets a slice of subcarriers); MU-MIMO divides it in space (each client gets a beamformed spatial stream); and the two can combine, with multiple clients in one RU separated spatially. The point of all of it is the same goal the Wi-Fi Alliance named when it introduced Wi-Fi 6 on 3 October 2018 as the brand for 802.11ax: higher aggregate capacity and consistent performance in dense environments with many clients, rather than a higher headline speed for a single link.

Antenna choice changes what a network looks like from the outside. A directional or sector antenna concentrates a network's energy along a bearing, so it can be heard at range from on-axis and is nearly silent off-axis; the same directional gain on a survey or monitor antenna is what recovers a weak distant signal, at the cost of having to aim and to match polarization. An omnidirectional monitor station hears every bearing but with less reach per direction. Understanding gain, pattern, and polarization is therefore both an offensive reach question and a defensive exposure question.

The multi-antenna features change behavior on the wire. Beamforming and MU-MIMO mean a frame intended for one client is steered, so an eavesdropper sitting off the beam may receive a degraded or unreliable copy of traffic that a client on-axis hears cleanly; position relative to the beam now affects capture quality. OFDMA means several clients can be transmitting in the same airtime on different subcarriers, which a single legacy capture interface may not fully resolve. None of this changes the cryptography, the lock is still set by the security mode, see WPA2-Personal, WPA3-Personal, and Open networks, but it does change how a given network propagates and how cleanly it can be observed. For definitions of the terms used here, see the Glossary.

• IEEE Standards Association, "The Evolution of Wi-Fi Technology and Standards": https://standards.ieee.org/beyond-standards/the-evolution-of-wi-fi-technology-and-standards/
• IEEE 802.11 (working group and standard, including 802.11n, 802.11ac, 802.11ax): https://standards.ieee.org/ieee/802.11/7028/
• IEEE, "Built for Speed: IEEE Standard 802.11ax": https://innovationatwork.ieee.org/built-for-speed-ieee-standard-802-11-ax/
• IEEE Std 145-2013, IEEE Standard for Definitions of Terms for Antennas (gain, isotropic, directivity definitions): https://standards.ieee.org/standard/145-2013.html
• ITU-R Recommendation P.525, "Calculation of free-space attenuation": https://www.itu.int/rec/R-REC-P.525/en
• FCC, 47 CFR Part 15 (unlicensed device power and EIRP limits): https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-15
• FCC, "FCC Opens 6 GHz Band to Wi-Fi and Other Unlicensed Uses" (low-power indoor 6 GHz): https://www.fcc.gov/document/fcc-opens-6-ghz-band-wi-fi-and-other-unlicensed-uses
• Wi-Fi Alliance, "Wi-Fi Alliance introduces Wi-Fi 6" (3 October 2018, generational naming): https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-6
• Wi-Fi Alliance, Wi-Fi 6 program: https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-6
• Cisco, "Wi-Fi 6 OFDMA: Resource unit (RU) allocations and mappings": https://blogs.cisco.com/networking/wi-fi-6-ofdma-resource-unit-ru-allocations-and-mappings
• Extreme Networks, "OFDM and OFDMA Subcarriers - What Are the Differences?": https://www.extremenetworks.com/resources/blogs/ofdm-and-ofdma-subcarriers-what-are-the-differences