802.11 Wireless Standards
IEEE standards evolution — know the key specs
802.11a
1999
5 GHz
54 Mbps
Not compatible
with b/g
with b/g
802.11b
1999
2.4 GHz
11 Mbps
First mass
market Wi-Fi
market Wi-Fi
802.11g
2003
2.4 GHz
54 Mbps
Backward
compat. w/ b
compat. w/ b
802.11n
2009 · Wi-Fi 4
2.4 / 5 GHz
600 Mbps
MIMO
dual-band
dual-band
802.11ac
2013 · Wi-Fi 5
5 GHz only
3.5 Gbps
MU-MIMO
beamforming
beamforming
Exam tip: 802.11ax (Wi-Fi 6, 2.4+5+6 GHz, OFDMA) is the newest but 802.11ac is the most commonly tested. Know that 5 GHz = more channels, less range; 2.4 GHz = longer range, more interference.
WLAN Security — WPA2 vs WPA3
Authentication and encryption standards
WPA2 — IEEE 802.11i
WPA2
EncryptionAES / CCMP
PersonalPSK (passphrase)
Enterprise802.1X + RADIUS
WeaknessPMKID / KRACK attacks
WPA3 — 2018+
WPA3
EncryptionAES-256 / GCMP-256
PersonalSAE (replaces PSK)
Enterprise192-bit security suite
AdvantageForward secrecy, PMKID-safe
Never use: WEP (broken), WPA (TKIP weaknesses), or open authentication for anything sensitive.
AP Deployment Modes
Autonomous vs Controller-Based architecture
AUTONOMOUS AP
Standalone / Fat AP
Each AP configured independently. No central controller. Good for small deployments. Harder to manage at scale — no centralized roaming or RF management.
LIGHTWEIGHT AP (LWAPP / CAPWAP)
Controller-Based / Thin AP
AP offloads management to a WLC (Wireless LAN Controller). Centralized config, roaming, RF management. Uses CAPWAP tunnels (UDP 5246/5247). Enterprise standard.
CLOUD-BASED AP
Cloud-Managed (e.g. Meraki)
APs managed via cloud dashboard. No on-prem controller required. Fast deployment, good for distributed sites.
WLAN Components & Terms
Key concepts for the exam
BSSBasic Service Set — single AP + clients
BSSIDAP's MAC address identifying the BSS
SSIDNetwork name broadcast in beacon frames
ESSExtended Service Set — multiple APs same SSID
IBSSAd-hoc — device-to-device, no AP
DSDistribution System — wired backbone
BeaconAP broadcasts SSID every 100ms (DTIM)
AssociationClient ↔ AP link establishment
RoamingClient moves between APs in same ESS
CAPWAPControl And Provisioning of WAPs protocol
WLC portsUDP 5246 (control), 5247 (data)
2.4 GHz vs 5 GHz Channels
Non-overlapping channel selection is critical
2.4 GHz: Only 3 non-overlapping channels in most regions: 1, 6, 11. All other channels overlap, causing interference.
5 GHz: 24+ non-overlapping 20 MHz channels. Much less interference. 802.11ac / Wi-Fi 5 uses 5 GHz exclusively.
| Band | Non-overlap | Range | Penetration |
|---|---|---|---|
| 2.4 GHz | 3 channels (1,6,11) | Longer | Better (walls) |
| 5 GHz | 24+ channels | Shorter | Worse |
| 6 GHz | 59 channels (Wi-Fi 6E) | Shortest | Worst |
CSMA/CAWireless avoids collisions (can't detect them)
RTS/CTSOptional: reserve medium before transmitting
CAPWAP — Control and Provisioning of Wireless Access Points
How lightweight APs tunnel traffic to the WLC
CAPWAP is the protocol that splits wireless functions between the Access Point (AP) and the Wireless LAN Controller (WLC). The AP handles the radio (PHY/MAC) while the WLC handles authentication, roaming, and policy.
CAPWAP Tunnels
Control tunnelUDP 5246 — encrypted (DTLS); config & management
Data tunnelUDP 5247 — client data forwarded to WLC (unencrypted by default)
DiscoveryAP broadcasts, then tries DHCP Option 43 or DNS to find WLC
Lightweight APNo local config — all intelligence in WLC
AP Modes (WLC-Managed)
Local modeDefault — all traffic tunnelled to WLC via CAPWAP
FlexConnectAP can locally switch traffic if WLC link fails (branch offices)
Monitor modePassive scanning only — rogue detection, IDS
Sniffer modeCaptures all 802.11 frames and sends to Wireshark
Rogue DetectorMonitors wired network for rogue AP MACs
| Feature | Autonomous AP | Lightweight AP + WLC |
|---|---|---|
| Configuration | Per-AP (CLI or GUI) | Centralised on WLC |
| Roaming | Layer 3 roam — client reconnects | Seamless Layer 2 roam (same controller) |
| Scaling | Poor (manual per-AP) | Excellent (push config to all APs) |
| RF management | Manual | Automatic (RRM — Radio Resource Management) |
| Failure impact | AP still works alone | Local mode AP loses association if WLC fails |
Channel Planning & RF Fundamentals
Non-overlapping channels, SNR, and interference
Proper channel planning ensures adjacent APs don't interfere with each other. Each 802.11 channel is 22 MHz wide in 2.4 GHz — only channels 1, 6, and 11 are non-overlapping.
2.4 GHz non-overlappingChannels 1, 6, 11 (US) — only 3 available
5 GHz channels24 non-overlapping channels (UNII-1/2/3) — far less interference
Channel bonding802.11n/ac: bond 2 channels = 40 MHz, 4 = 80 MHz (5 GHz)
Co-channel interferenceTwo APs on same channel — degrades throughput (not blocked)
Adjacent-channel interferenceOverlapping channels — much worse, causes errors
SNR (Signal-to-Noise Ratio)Higher = better. Target >20 dB for reliable connection
RSSIReceived signal strength — typically -50 dBm (excellent) to -80 dBm (poor)
Cell overlap rule: Adjacent AP cells should overlap by 10–15% at the -67 dBm boundary to ensure seamless roaming without gaps.
WPA2 Enterprise — 802.1X / EAP Flow
Identity-based wireless authentication via RADIUS
WPA2 Enterprise uses 802.1X port-based authentication with EAP (Extensible Authentication Protocol). Three parties are involved: the Supplicant (client), Authenticator (AP/WLC), and Authentication Server (RADIUS).
Auth flow:
1. Client associates → AP blocks all traffic except EAP
2. AP relays EAP messages to RADIUS server (RADIUS Access-Request)
3. RADIUS challenges client with EAP method (PEAP, EAP-TLS, etc.)
4. Client proves identity → RADIUS sends Access-Accept
5. AP derives PMK from session keys → 4-way handshake with client
6. Traffic allowed — unique per-session encryption keys
1. Client associates → AP blocks all traffic except EAP
2. AP relays EAP messages to RADIUS server (RADIUS Access-Request)
3. RADIUS challenges client with EAP method (PEAP, EAP-TLS, etc.)
4. Client proves identity → RADIUS sends Access-Accept
5. AP derives PMK from session keys → 4-way handshake with client
6. Traffic allowed — unique per-session encryption keys
| EAP Method | Client Cert | Server Cert | Security |
|---|---|---|---|
| EAP-TLS | Required | Required | Strongest |
| PEAP | No (username/pw) | Required | Strong — widely used |
| EAP-FAST | No (PAC) | Optional | Moderate (Cisco) |
| LEAP | No | No | Weak — deprecated |
Wireless QoS & Roaming
WMM traffic prioritisation and seamless client handoff
WMM (Wi-Fi Multimedia) is the 802.11e QoS standard. It defines 4 access categories mapped from DSCP/CoS markings so voice and video get priority over background traffic.
| WMM Category | Priority | Traffic Type | DSCP |
|---|---|---|---|
| AC_VO — Voice | Highest | VoIP, telephony | EF (46) |
| AC_VI — Video | High | Video streaming | AF41 (34) |
| AC_BE — Best Effort | Normal | HTTP, email | 0 |
| AC_BK — Background | Lowest | File backup, bulk | CS1 (8) |
Roaming Types
Intra-controllerClient moves between APs on same WLC — seamless, no re-auth
Inter-controller (L2)APs on different WLCs, same subnet — anchor/foreign WLC pair
Inter-controller (L3)Different subnets — client IP preserved via EoIP tunnel to anchor WLC
802.11r (FT)Fast BSS Transition — pre-auth to reduce roaming latency for VoIP
Wireless Knowledge Drills
Spaced repetition · 60-second timer per question
0
Correct
0
Wrong
0
Streak 🔥
60s
QUESTION 1 · WIRELESS
Packet Tracer Labs
Step-by-step wireless configuration walkthroughs.
Wireless Topology Diagrams
Wireless Cheatsheet
802.11 Standards Quick Reference
802.11a5 GHz · 54 Mbps · 1999
802.11b2.4 GHz · 11 Mbps · 1999
802.11g2.4 GHz · 54 Mbps · 2003
802.11n2.4+5 GHz · 600 Mbps · Wi-Fi 4
802.11ac5 GHz only · 3.5 Gbps · Wi-Fi 5
802.11ax2.4+5+6 GHz · Wi-Fi 6 · OFDMA
Non-overlap 2.4GCh 1, 6, 11
Non-overlap 5G24+ channels
CSMA/CACollision Avoidance (wireless)
CSMA/CDCollision Detection (wired Ethernet)
Security Standards
WEPBroken — never use
WPATKIP — weak, deprecated
WPA2-PersonalPSK + AES/CCMP
WPA2-Enterprise802.1X + RADIUS + AES
WPA3-PersonalSAE (replaces PSK)
WPA3-Enterprise192-bit, forward secrecy
Open authNo security — public hotspots only
802.1X portSupplicant → Authenticator → RADIUS
Autonomous AP Config (IOS)
# Set SSID and security on autonomous AP
AP(config)# interface Dot11Radio0
AP(config-if)# ssid CORP-WIFI
AP(config-if)# no shutdown
AP(config)# dot11 ssid CORP-WIFI
AP(config-ssid)# authentication open
AP(config-ssid)# authentication key-management wpa version 2
AP(config-ssid)# wpa-psk ascii MyP@ssw0rd
AP(config-ssid)# mbssid guest-mode
# Assign SSID to radio interface
AP(config-if)# ssid CORP-WIFI
AP(config-if)# channel 6
# Verify
AP# show dot11 associations
AP# show interfaces Dot11Radio0
Key Wireless Architecture Terms
BSSSingle AP + its clients
ESSMultiple APs, same SSID
IBSSAd-hoc (no AP)
BSSIDAP's MAC address
Autonomous APSelf-contained, no controller
Lightweight APNeeds WLC (CAPWAP)
WLCWireless LAN Controller
CAPWAPUDP 5246 (ctrl) / 5247 (data)
FlexConnectAP can switch locally if WLC down
RoamingClient moves between APs in ESS
Topic Checklist
Track your progress through wireless concepts.
0%
Complete