CAC Theory of Operation
Features > Centralized Authentication Control

The following explanation is taken from Wi-Fi HaLow for the Internet of Things: An Up-to-date Survey on 802.11ah.

In Centralized Authentication Control (CAC), the AP dynamically changes the portion of stations that are allowed to send AuthReq messages. Specifically, the AP sets a threshold and broadcasts it to all stations by sending beacon frames. The beacon frame is a management frame and contains the information about the network, it is transmitted periodically by the AP to announce the presence of a wireless network and to synchronize all the stations of the network. When a station is initialized, it generates a random value from the interval [0, 1022], and tries to send an AuthReq to the AP if the random value is smaller than the threshold obtained from the received beacon.

Otherwise, it postpones authentication/association until the next beacon arrives. The threshold should be adjusted dynamically by the AP to limit the number of stations accessing the channel in one beacon interval, and make sure all stations can associate as fast as possible.