Wi-Fi Overview – 802.11 Standards & Architecture

1. What Is Wi-Fi and How Does It Relate to 802.11?

Wi-Fi is the commercial brand name managed by the Wi-Fi Alliance for wireless local area networking products that conform to the IEEE 802.11 family of standards. While the two terms are often used interchangeably, 802.11 is the technical standard and Wi-Fi is the certification that ensures interoperability between products from different manufacturers.

802.11 defines Layer 1 (Physical) and Layer 2 (Data Link — specifically the MAC sublayer) of the OSI model for wireless LANs. Like wired Ethernet (802.3), 802.11 uses MAC addresses for frame addressing and operates within a local network segment. Unlike Ethernet, wireless is a shared medium — all devices within radio range share the same channel, requiring a special medium access control mechanism called CSMA/CA.

Characteristic	Wi-Fi (802.11)	Wired Ethernet (802.3)
Medium	Radio frequency (RF) — shared airspace	Physical cable — dedicated per link (switched)
Collision avoidance	CSMA/CA — Carrier Sense Multiple Access / Collision Avoidance	CSMA/CD — Carrier Sense Multiple Access / Collision Detection (legacy hubs only; switches eliminate collisions)
Half / Full duplex	Half-duplex — a device cannot transmit and receive simultaneously on the same channel	Full-duplex on switched links
Layer 2 addressing	MAC addresses (48-bit) — same format as Ethernet	MAC addresses (48-bit)
Security	Requires encryption (WPA2/WPA3) — airwaves are broadcast	Physical access required to tap; port security at Layer 2
OSI layers defined	Layer 1 (PHY) and Layer 2 MAC sublayer	Layer 1 (PHY) and Layer 2 MAC sublayer

2. 802.11 Standards Comparison

The IEEE has released multiple amendments to the 802.11 standard, each improving speed, range, and spectral efficiency. Understanding the key characteristics of each amendment is an essential CCNA topic.

Standard	Wi-Fi Name	Year	Frequency	Max Theoretical Speed	Key Technology
802.11 (original)	—	1997	2.4 GHz	2 Mbps	DSSS / FHSS — first wireless standard; rarely seen today
802.11b	Wi-Fi 1	1999	2.4 GHz	11 Mbps	DSSS; only 3 non-overlapping channels (1, 6, 11); long range
802.11a	Wi-Fi 2	1999	5 GHz	54 Mbps	OFDM; more non-overlapping channels; shorter range; less interference
802.11g	Wi-Fi 3	2003	2.4 GHz	54 Mbps	OFDM; backward compatible with 802.11b; same channel limitations as 802.11b
802.11n	Wi-Fi 4	2009	2.4 GHz and 5 GHz (dual-band)	600 Mbps	MIMO (Multiple Input Multiple Output) — up to 4 spatial streams; channel bonding (40 MHz channels); frame aggregation
802.11ac	Wi-Fi 5	2013	5 GHz only	6.9 Gbps (Wave 2)	MU-MIMO (Multi-User MIMO) downlink; up to 8 spatial streams; 160 MHz channels; 256-QAM modulation; beamforming
802.11ax	Wi-Fi 6 / Wi-Fi 6E	2019/2021	2.4 GHz, 5 GHz (Wi-Fi 6) + 6 GHz (Wi-Fi 6E)	9.6 Gbps	OFDMA (Orthogonal Frequency Division Multiple Access); uplink and downlink MU-MIMO; BSS Colouring; TWT (Target Wake Time) for IoT power efficiency; 1024-QAM

2.1 Frequency Band Comparison

Feature	2.4 GHz Band	5 GHz Band	6 GHz Band (Wi-Fi 6E)
Range	Longer — lower frequency penetrates walls better	Medium — shorter range than 2.4 GHz	Similar to 5 GHz
Speed	Lower — limited channel width and interference	Higher — wider channels, less congestion	Highest — most spectrum, widest channels
Non-overlapping channels	Only 3 (channels 1, 6, 11 in North America)	Up to 25 (varies by region)	59 (in the USA — 1200 MHz of new spectrum)
Interference	High — used by microwaves, Bluetooth, baby monitors, neighbouring Wi-Fi networks	Lower — less consumer device congestion	Very low — new spectrum; no legacy devices
Standards using it	802.11b, g, n, ax	802.11a, n, ac, ax	802.11ax (Wi-Fi 6E only)

3. Wireless Network Identifiers – SSID and BSSID

3.1 SSID – Service Set Identifier

The SSID (Service Set Identifier) is the human-readable name of a wireless network — the name that appears in the list of available Wi-Fi networks on a device. The SSID is a string of up to 32 characters (bytes) that identifies a wireless network to clients.

SSID Characteristic	Detail
Length	1 to 32 bytes (characters)
Broadcast	Included in Beacon frames sent every 100 ms by the AP by default. Can be suppressed (hidden SSID) but this provides minimal security — SSIDs are still visible in Probe Requests and Association frames.
Uniqueness	Not globally unique — multiple APs can share the same SSID to form an ESS (Extended Service Set)
Multiple SSIDs	A single AP can broadcast multiple SSIDs simultaneously (e.g., "CorpWiFi" and "GuestWiFi"), each mapped to a different VLAN

3.2 BSSID – Basic Service Set Identifier

The BSSID is the MAC address of the radio interface of the access point serving a particular BSS. While the SSID is the human-readable name, the BSSID uniquely identifies a specific BSS on the air. When an AP broadcasts multiple SSIDs, each SSID has its own BSSID (derived from the AP's base MAC address with a slight increment).

Identifier	Format	Purpose	Example
SSID	Up to 32-char string	Human-readable network name — users select by SSID	CorpWiFi
BSSID	48-bit MAC address	Uniquely identifies a BSS — used in 802.11 frame headers	AA:BB:CC:DD:EE:01

4. Wireless Network Architecture – BSS, ESS, and IBSS

802.11 defines several service set types that describe how wireless devices are organised in a network. Understanding these topologies is fundamental to wireless design.

4.1 BSS – Basic Service Set

A BSS (Basic Service Set) is the fundamental building block of a wireless network. It consists of a single Access Point (AP) and all the client devices (stations) associated with it. The AP defines the BSS and provides connectivity to the wired network through its uplink port.

BSS Component	Description
Access Point (AP)	The central device of the BSS — it transmits Beacon frames, manages associations, and bridges wireless traffic to the wired network (Distribution System)
BSA (Basic Service Area)	The physical coverage area (cell) of the AP's radio — determined by transmit power, antenna gain, and environmental obstacles
BSSID	The MAC address of the AP's radio interface — uniquely identifies this BSS
Stations (STAs)	Client devices (laptops, phones, IoT devices) associated with the AP within the BSA
Distribution System (DS)	The wired backbone (Ethernet switch) that connects the AP to the rest of the network

4.2 ESS – Extended Service Set

An ESS (Extended Service Set) consists of two or more BSSs (access points) connected to the same Distribution System (wired network) and sharing the same SSID. From a client's perspective, an ESS appears as a single large wireless network — the client can roam from one AP's coverage area to another without the user noticing (seamless roaming).

Feature	BSS	ESS
Number of APs	One	Two or more
SSID	Unique to the single AP	Same SSID on all APs — presents as one unified network
BSSID	Single BSSID (the AP's MAC)	Each AP has its own unique BSSID
Roaming	No roaming — one coverage cell	Seamless roaming between APs as clients move
Wired connection	AP connected to the DS	All APs connected to the same DS (same network/VLAN)
Typical use	Small office, home — one AP covers the entire area	Enterprise campus, large office — multiple APs provide contiguous coverage

In an ESS, overlapping APs should use non-overlapping channels (e.g., channels 1, 6, and 11 on 2.4 GHz) to avoid co-channel interference. A 15–20% cell overlap is recommended between adjacent APs to allow smooth client roaming.

4.3 IBSS – Independent Basic Service Set (Ad-Hoc Mode)

An IBSS (Independent Basic Service Set), commonly called ad-hoc mode, is a wireless network in which devices communicate directly with each other peer-to-peer — there is no access point, no Distribution System, and no connection to a wired network. One device acts as the IBSS coordinator (creates the network) and others join it.

Feature	Infrastructure Mode (BSS/ESS)	Ad-Hoc Mode (IBSS)
Access Point	Required — all traffic flows through the AP	None — devices communicate directly
Wired network access	Yes — AP bridges to wired DS	No — isolated wireless network only
Scalability	High — ESS supports large-scale enterprise deployments	Very limited — poor performance beyond a few devices
Management	Centralised — AP manages associations	Distributed — no central management
Typical use	All enterprise, home, and public Wi-Fi networks	Temporary file sharing between two laptops; IoT mesh networks; largely superseded by Wi-Fi Direct

5. Infrastructure Mode vs Ad-Hoc Mode

The two fundamental operating modes of 802.11 wireless are infrastructure mode and ad-hoc mode. A third mode, mesh, is also defined and increasingly used in enterprise and home Wi-Fi systems.

Mode	Service Set	AP Required?	Use Case	Cisco CCNA Focus
Infrastructure	BSS / ESS	Yes	All enterprise and consumer Wi-Fi; clients associate with AP to access the wired network	Primary focus — AP-based wireless networks
Ad-Hoc	IBSS	No	Peer-to-peer file transfer; emergency networks; largely replaced by Wi-Fi Direct	Awareness only — understand IBSS definition and limitations
Mesh	MBS (Mesh Basic Service Set)	No central AP — mesh nodes relay traffic	Enterprise outdoor coverage; home mesh systems (Eero, Orbi); Cisco Meraki mesh APs	Awareness — mesh backhaul concept

6. CSMA/CA – Wireless Medium Access Control

Because wireless is a shared half-duplex medium, multiple devices cannot transmit simultaneously without collision. 802.11 uses CSMA/CA (Carrier Sense Multiple Access / Collision Avoidance) instead of the CSMA/CD used in legacy Ethernet. The key difference: wireless avoids collisions before transmitting (cannot detect them in-flight like wired CSMA/CD because a transmitting node cannot hear incoming signals while transmitting).

CSMA/CA Step	Action
1. Listen (carrier sense)	The station listens to the channel. If the medium is idle for a DIFS (DCF Inter-Frame Space) period, it may transmit.
2. Back-off timer	If the medium was busy, the station waits for the channel to become idle, then waits an additional random back-off period (random number of slot times) to reduce the chance of simultaneous transmissions from multiple stations.
3. Transmit	After the back-off expires and the channel is still idle, the station transmits its frame.
4. ACK (acknowledgement)	The receiving station sends an ACK frame after a SIFS (Short Inter-Frame Space) interval. If no ACK is received, the sender assumes a collision occurred and retransmits after a new back-off period.
5. Optional RTS/CTS	For large frames or hidden node environments, the sender may first send RTS (Request to Send). The AP responds with CTS (Clear to Send), which alerts all stations in range to defer their transmissions — solving the hidden node problem.

Hidden node problem: Station A and Station C are both associated with AP B, but A and C are out of radio range of each other. Both A and C might sense the channel as idle (they cannot hear each other) and transmit simultaneously — causing a collision at AP B that neither A nor C can detect. RTS/CTS solves this by having the AP's CTS reach all stations, preventing simultaneous transmissions.

7. How Wireless Clients Associate – The Full Process

A wireless client goes through a defined sequence of steps before it can pass data traffic through an access point. Understanding this process — including the management frames involved — is tested on the CCNA exam.

7.1 Wireless Client State Machine

State	Description	Allowed Actions
State 1: Unauthenticated, Unassociated	Initial state — client has no relationship with any AP	Can send and receive Probe Request/Response and Authentication Request frames only
State 2: Authenticated, Unassociated	Client has completed 802.11 open authentication but has not yet associated with the AP	Can send Association Request / Reassociation Request frames
State 3: Authenticated, Associated	Client is fully associated and can exchange data frames through the AP	Full data frame exchange; Layer 2 connectivity established

7.2 Association Process Step by Step

Step	Frame / Action	Direction	Purpose
1	Beacon	AP → All stations (broadcast)	AP periodically broadcasts its SSID, BSSID, supported data rates, channel, security capabilities, and timing information. Sent every 100 ms by default (TU — Time Unit).
2a	Probe Request (active scanning)	Client → Broadcast or specific SSID	Client actively searches for networks by broadcasting a Probe Request with a specific SSID (or wildcard). Faster than passive scanning but uses more power.
2b	Probe Response	AP → Client	AP responds to a matching Probe Request with its capabilities (same information as Beacon)
3	Authentication Request	Client → AP	Client requests 802.11 open authentication. Note: this is not WPA2/WPA3 security authentication — it is a legacy 802.11 frame-level handshake that is always open in modern networks. Real security happens after association (4-way handshake for WPA2/WPA3).
4	Authentication Response	AP → Client	AP accepts the authentication — client moves to State 2 (Authenticated, Unassociated)
5	Association Request	Client → AP	Client requests association — specifies the SSID, supported data rates, capabilities (HT/VHT/HE), and QoS parameters
6	Association Response	AP → Client	AP accepts (or rejects) the association and assigns an AID (Association ID) — a unique identifier for the client within this BSS. Client moves to State 3 (Associated).
7	Security handshake (4-way)	AP ↔ Client	WPA2/WPA3 4-way handshake exchanges the PMK (Pairwise Master Key) to derive the PTK (Pairwise Transient Key) for encrypting unicast traffic. GTK (Group Temporal Key) for multicast/broadcast is also distributed.
8	DHCP / IP configuration	Client → DHCP server (via AP)	Client obtains IP address, subnet mask, default gateway, and DNS server — Layer 3 connectivity established. Full data forwarding can now begin.

7.3 Active vs Passive Scanning

Scanning Type	How It Works	Pros	Cons
Passive Scanning	Client listens on each channel for Beacon frames from APs. No frames are transmitted by the client during scanning.	Power efficient — used by battery-powered devices; no radio emissions required	Slower — must wait for the next Beacon (up to 100 ms per channel)
Active Scanning	Client transmits a Probe Request on each channel and waits for Probe Responses from APs.	Faster — AP responds immediately; client does not wait for next Beacon interval	Consumes more power; generates RF traffic

8. Wireless Roaming

Roaming occurs when a wireless client moves from the coverage area of one AP to another within the same ESS. Roaming is entirely client-driven in 802.11 — the client decides when to roam based on signal strength and quality thresholds, not the AP.

Roaming Type	Description	Re-authentication?
Basic Roaming	Client disassociates from the current AP and goes through the full association process (including 802.1X/WPA2 authentication) with the new AP — noticeable delay	Yes — full re-authentication; can interrupt VoIP calls
Fast BSS Transition (802.11r)	Reduces roaming delay by pre-caching security keys before the client leaves the current AP — authentication and key derivation happen in fewer frames	Partial — accelerated key exchange; sub-50 ms roaming
OKC (Opportunistic Key Caching)	WLC caches the PMK from the first authentication; client reuses the cached PMK when associating with new APs — avoids full 802.1X re-authentication	No full re-auth — PMK reused from cache

In a WLC-managed network, roaming between APs on the same WLC is handled seamlessly — the WLC maintains client session state. See Wireless Roaming and Wireless LAN Controller for details.

9. AP Deployment – Autonomous vs Lightweight

Cisco access points can operate in two fundamental modes depending on whether intelligence resides in the AP itself or is centralised in a Wireless LAN Controller (WLC).

Feature	Autonomous AP	Lightweight AP (with WLC)
Configuration	Configured individually via CLI or GUI — each AP is self-contained	Zero-touch — AP downloads configuration from WLC via CAPWAP tunnel
Control plane	Local — AP manages its own associations, channel selection, and security	Centralised — WLC handles all management and control decisions
Data plane	Local — AP forwards traffic directly to/from wired network	Tunnelled (central switching) or local switching (FlexConnect)
Scalability	Poor — managing hundreds of individual APs is operationally complex	Excellent — WLC manages thousands of APs from a single interface
Roaming support	Basic — re-association required at each AP	Seamless — WLC maintains client state across APs
Use case	Small offices, home — a few APs that need no centralised management	Enterprise — large campus with many APs requiring consistent policy and roaming

See Lightweight vs Autonomous APs, Access Points & WLC, and WLC Overview for full detail.

10. Wi-Fi Security Overview

Wireless traffic is broadcast over the air — any device within range can receive it. Encryption and authentication are therefore essential. The 802.11 standard has evolved through several security generations:

Security Standard	Year	Encryption	Authentication	Status
WEP (Wired Equivalent Privacy)	1997	RC4 (40-bit / 104-bit key)	Shared key or open	Broken — crackable in minutes; never use
WPA (Wi-Fi Protected Access)	2003	TKIP (RC4-based, per-packet key)	PSK or 802.1X / EAP	Deprecated — TKIP is vulnerable; avoid
WPA2 (802.11i)	2004	AES-CCMP (128-bit AES)	PSK (Personal) or 802.1X/EAP (Enterprise)	Current standard — widely deployed; secure with strong PSK
WPA3	2018	AES-GCMP-256 (WPA3-Enterprise)	SAE (Simultaneous Authentication of Equals) replacing PSK; 192-bit Enterprise mode	Latest standard — mandatory for Wi-Fi 6; protects against offline dictionary attacks

WPA2-Personal uses a Pre-Shared Key (PSK) — the same passphrase on all clients and the AP. WPA2-Enterprise uses 802.1X and EAP — each user authenticates with individual credentials (username/password or certificate) via a RADIUS server. Enterprise mode is the recommended standard for corporate networks.

See Wi-Fi Security (WPA2/WPA3) for full detail on authentication modes and the 4-way handshake.

11. Key 802.11 Frame Types

802.11 defines three categories of frames. Understanding the purpose of each type is helpful for the CCNA exam and for wireless troubleshooting.

Frame Category	Frame Type	Purpose
Management Frames	Beacon	AP announces its presence — SSID, capabilities, timing
	Probe Request	Client actively searches for APs
	Probe Response	AP responds to a Probe Request
	Authentication	802.11 open authentication exchange (not WPA2 security)
	Association Request / Response	Client requests to join a BSS; AP accepts or rejects
	Deauthentication / Disassociation	Graceful termination of authentication or association
Control Frames	RTS / CTS	Request to Send / Clear to Send — virtual carrier sense, solves hidden node problem
Control Frames	ACK	Acknowledgement of received data or management frame
Data Frames	Data	Carries the actual payload — equivalent to Ethernet data frames; encrypted with WPA2/WPA3 in secure networks

12. Wi-Fi Quick-Reference Summary

Wi-Fi Concept	Key Fact
802.11 OSI layers	Layer 1 (PHY) and Layer 2 MAC sublayer
Wireless medium access	CSMA/CA (Collision Avoidance) — half-duplex shared medium
Fastest 5 GHz-only standard (common)	802.11ac (Wi-Fi 5) — up to 6.9 Gbps
Latest standard	802.11ax (Wi-Fi 6 / Wi-Fi 6E) — OFDMA, 9.6 Gbps
Non-overlapping 2.4 GHz channels	3 — channels 1, 6, and 11
SSID	Human-readable wireless network name — up to 32 characters
BSSID	MAC address of the AP's radio — uniquely identifies one BSS
BSS	One AP + its associated clients; one coverage cell
ESS	Two or more APs sharing the same SSID — enables roaming
IBSS (Ad-hoc)	Peer-to-peer — no AP; no wired network access
Beacon interval	100 ms (10 per second) — AP advertises SSID and capabilities
Client association states	Unauthenticated/Unassociated → Authenticated/Unassociated → Authenticated/Associated
Current Wi-Fi security standard	WPA2 (AES-CCMP); WPA3 is the latest
WPA2 Personal authentication	Pre-Shared Key (PSK)
WPA2 Enterprise authentication	802.1X / EAP with RADIUS server
Cisco lightweight AP protocol	CAPWAP (Control and Provisioning of Wireless Access Points)

Test Your Knowledge – Wi-Fi Quiz

1. Which 802.11 standard introduced MIMO, operates on both 2.4 GHz and 5 GHz, and is branded as Wi-Fi 4?

A. 802.11g B. 802.11ac C. 802.11n D. 802.11ax

Correct answer is C. 802.11n (Wi-Fi 4) introduced MIMO (Multiple Input Multiple Output) — using multiple antennas to transmit and receive multiple spatial streams simultaneously. It was the first standard to support both 2.4 GHz and 5 GHz (dual-band), with a maximum theoretical speed of 600 Mbps. It also introduced channel bonding (40 MHz) and frame aggregation. 802.11ac (Wi-Fi 5) extended this with MU-MIMO and 5 GHz only.

2. How many non-overlapping channels are available in the 2.4 GHz band in North America, and which channels are they?

A. 5 channels — 1, 3, 6, 9, 11 B. 3 channels — 1, 6, and 11 C. 11 channels — all 2.4 GHz channels are non-overlapping D. 6 channels — 1, 2, 6, 7, 11, 12

Correct answer is B. The 2.4 GHz band has 14 channels total (11 in North America), but each channel is 22 MHz wide and the channels are only 5 MHz apart — so adjacent channels overlap significantly. Only channels 1, 6, and 11 are spaced far enough apart (25 MHz) to be completely non-overlapping. This is why enterprise wireless designs using 2.4 GHz assign only these three channels to adjacent APs. The 5 GHz band has up to 25 non-overlapping channels, making it far more scalable.

3. What is the difference between a BSS and an ESS?

A. A BSS uses 5 GHz; an ESS uses 2.4 GHz B. A BSS requires a WLC; an ESS uses autonomous APs C. A BSS is ad-hoc; an ESS is infrastructure mode D. A BSS is a single AP and its associated clients; an ESS is two or more APs sharing the same SSID and DS, enabling seamless client roaming

Correct answer is D. A BSS consists of one AP (with its BSSID) and the client stations associated with it — it is a single coverage cell. An ESS is formed when two or more BSSs share the same SSID and are connected to the same Distribution System (wired network). From a client's perspective the ESS appears as one large seamless network, enabling roaming. Each AP in the ESS has its own unique BSSID even though they share the same SSID.

4. What is an IBSS, and how does it differ from infrastructure mode?

A. An IBSS (ad-hoc mode) is a peer-to-peer wireless network with no access point and no connection to a wired network — devices communicate directly B. An IBSS is a BSS that uses WPA3 instead of WPA2 for security C. An IBSS is an ESS with more than 10 access points D. An IBSS uses a WLC for centralised management of access points

Correct answer is A. An IBSS (Independent Basic Service Set), commonly called ad-hoc mode, requires no access point. Devices communicate directly with each other peer-to-peer. There is no Distribution System, no wired network connectivity, and no centralised management. It scales poorly and is largely replaced by Wi-Fi Direct. Infrastructure mode (BSS/ESS) uses access points and connects to a wired network — it is the standard for all enterprise and consumer Wi-Fi.

5. Why does 802.11 use CSMA/CA instead of CSMA/CD?

A. CSMA/CD is slower — CSMA/CA provides higher throughput B. CSMA/CA is a Cisco proprietary standard; CSMA/CD is the IEEE standard C. A wireless transmitter cannot simultaneously listen for collisions while transmitting — it cannot detect collisions in flight, so it must avoid them before transmitting D. CSMA/CD does not support the 2.4 GHz frequency band

Correct answer is C. CSMA/CD (Collision Detection) works in wired networks because a station can listen to the cable while transmitting and detect a voltage change that indicates a collision. In wireless, the radio transmitter overwhelms its own receiver while sending — it literally cannot hear incoming signals during transmission. Therefore, 802.11 uses CSMA/CA (Collision Avoidance) — listen before transmitting, use random back-off timers to prevent simultaneous transmissions, and require ACK frames to confirm successful receipt.

6. During the 802.11 client association process, what is the purpose of the Beacon frame?

A. The client sends a Beacon to announce its presence to nearby APs B. The AP periodically broadcasts its SSID, BSSID, supported data rates, security capabilities, and channel information every 100 ms — allowing passive clients to discover the network C. The Beacon frame carries encrypted user data between the AP and associated clients D. The Beacon frame is sent only in response to a Probe Request from a client

Correct answer is B. The Beacon is a management frame broadcast by the AP every 100 ms (10 per second) to announce the network's existence. It contains: SSID, BSSID, supported and required data rates, channel, security parameters (RSN/RSNIE for WPA2/WPA3), QoS capabilities, and timing information. Clients performing passive scanning listen for Beacons. The Probe Response contains the same information but is sent in direct response to a Probe Request.

7. A wireless client has completed 802.11 open authentication but has not yet sent an Association Request. What state is it in?

A. State 1 — Unauthenticated, Unassociated B. State 3 — Authenticated, Associated C. State 4 — DHCP pending D. State 2 — Authenticated, Unassociated

Correct answer is D. The 802.11 client state machine has three states: State 1 (Unauthenticated, Unassociated) is the initial state. After exchanging Authentication Request/Response frames, the client moves to State 2 (Authenticated, Unassociated). After exchanging Association Request/Response frames, the client moves to State 3 (Authenticated, Associated) and can begin forwarding data. WPA2/WPA3 security (4-way handshake) occurs after State 3 is reached.

8. What is the hidden node problem in wireless networks, and which 802.11 mechanism addresses it?

A. Two stations both in range of the AP but out of range of each other cannot sense each other's transmissions — they may transmit simultaneously causing a collision at the AP. RTS/CTS solves this by having the AP's CTS frame reach all stations. B. An AP broadcasts its SSID in cleartext — hiding the SSID prevents unauthorised clients from connecting C. A client cannot find an AP if the SSID is suppressed — Probe Requests with wildcard SSID solve this D. WPA2 prevents hidden nodes from associating with enterprise APs

Correct answer is A. The hidden node problem occurs when two stations (A and C) are both in range of the AP but not in range of each other. Both A and C sense the channel as idle (they can't hear each other) and transmit simultaneously — causing a collision at the AP. RTS/CTS solves this: Station A sends RTS to the AP; the AP broadcasts CTS which is heard by all stations in its range (including C), telling all of them to defer their transmissions while A completes its frame.

9. What encryption algorithm does WPA2 use, and why was it a major improvement over WPA (TKIP)?

A. RC4 — same as WPA but with a longer key B. DES — the Data Encryption Standard used in enterprise networks C. AES-CCMP — a fundamentally stronger block cipher replacing the vulnerable RC4/TKIP stream cipher used in WPA D. 3DES — the same algorithm used in IPsec VPNs

Correct answer is C. WPA2 (IEEE 802.11i) uses AES-CCMP (Counter Mode with CBC-MAC Protocol) — AES with 128-bit keys. WPA used TKIP (Temporal Key Integrity Protocol), which was a stop-gap using the same weak RC4 stream cipher as WEP but with per-packet key mixing. AES is a much stronger block cipher that is not vulnerable to the statistical attacks that broke RC4. WPA2 with AES-CCMP is currently the minimum recommended Wi-Fi security standard; WPA3 improves further with SAE authentication and AES-GCMP-256.

10. In an enterprise deployment with 50 access points all broadcasting the SSID "CorpWiFi", a client roams from AP1 to AP2. What remains the same, and what changes during the roam?

A. Both SSID and BSSID remain the same — the client keeps the same AP association B. The SSID remains the same ("CorpWiFi") but the BSSID changes — the client is now associated with AP2's radio MAC address instead of AP1's C. Both SSID and BSSID change — the client joins a different network D. The BSSID stays the same — all APs in an ESS share one BSSID

Correct answer is B. This is a critical ESS/roaming concept. In an ESS, all APs share the same SSID ("CorpWiFi") — this is what makes them appear as one unified network to clients. However, each AP has its own unique BSSID (its radio MAC address). When a client roams from AP1 to AP2, it disassociates from AP1's BSSID and associates with AP2's BSSID — but the SSID and (ideally) the IP address remain the same. The WLC tracks this transition and updates its forwarding tables.

← Back to Home