Wireless Standards & Security N10-009

Slide 1 of 10  |  N10-009 Obj 2.4  |  Wireless
Wireless Standards
& Security
Picking the wrong standard, frequency, or security mode leaves 50 users offline.
A new branch office needs wireless coverage. You need to choose the right standard, frequency, channel plan, and security. One wrong choice and 50 users have no connectivity. Every decision in this presentation feeds directly into that problem.
10 Slides N10-009 Obj 2.4 802.11 a/b/g/n/ac/ax WPA2 / WPA3
Slide 2 of 10
802.11 Standards — The Version History
Each generation added speed, changed frequency, or both. Know the numbers cold.
Standard Max Speed Frequency Wi-Fi Gen Key Notes
802.11a 54 Mbps 5 GHz Wi-Fi 1 Short range. Less congestion than 2.4. Rarely seen today.
802.11b 11 Mbps 2.4 GHz Wi-Fi 1 Slowest modern standard. Long range but heavily congested band.
802.11g 54 Mbps 2.4 GHz Wi-Fi 3 Matched 'a' speed on 2.4 GHz. Backward compatible with 'b'.
802.11n 600 Mbps 2.4 & 5 GHz Wi-Fi 4 First dual-band standard. Introduced MIMO. Common baseline today.
802.11ac 3.5 Gbps 5 GHz only Wi-Fi 5 MU-MIMO. 80 / 160 MHz channels. Current enterprise standard.
802.11ax 9.6 Gbps 2.4, 5, 6 GHz Wi-Fi 6 / 6E OFDMA. Best in dense environments. 6E adds the new 6 GHz band.
Branch office decision: 802.11ac (Wi-Fi 5) or 802.11ax (Wi-Fi 6) are the only serious choices for a new deployment. Anything older is end-of-life strategy.
Slide 3 of 10
2.4 GHz vs 5 GHz vs 6 GHz
Lower frequency means longer range and more interference. Higher frequency means faster speeds and shorter reach.
2.4 GHz
Range: Excellent — penetrates walls well
Speed: Lowest — up to 600 Mbps (n)
Congestion: Heavy — microwaves, Bluetooth, neighbors
Channels: 3 non-overlapping (1, 6, 11)
Best for: Coverage across large spaces, legacy devices
5 GHz
Range: Moderate — walls attenuate more signal
Speed: High — up to 3.5 Gbps (ac)
Congestion: Low — more channels, less interference
Channels: 24+ non-overlapping 20 MHz channels
Best for: High-density offices, video, large file transfers
6 GHz
Range: Shortest — high attenuation through walls
Speed: Highest — up to 9.6 Gbps (ax/Wi-Fi 6E)
Congestion: Very low — brand new, largely empty spectrum
Channels: 59 non-overlapping 20 MHz channels
Best for: Ultra-dense venues, future-proofing deployments
AP 802.11ax Laptop -55 dBm Strong signal Phone -72 dBm Fair signal IoT -87 dBm Weak / edge Distance from AP increases → signal attenuates
Branch Office Decision
Deploy dual-band APs covering 2.4 GHz and 5 GHz. Legacy IoT devices use 2.4 GHz. Laptops and phones connect to 5 GHz for performance. Band steering pushes capable clients to the faster band automatically — covered in the wireless architecture module.
Slide 4 of 10
Channels & Channel Bonding
Adjacent 2.4 GHz channels overlap and create co-channel interference. Only 1, 6, and 11 are non-overlapping.
2.4 GHz — Non-Overlapping Channel Plan
Ch 1
CH 1
Ch 6
CH 6
Ch 11
CH 11
Ch 3
CH 3 — overlaps 1 and 6
GOOD: Ch 1, 6, 11 — Non-overlapping AP1 Ch 1 AP2 Ch 6 AP3 Ch 11 Waves do not intersect — clean spectrum BAD: Ch 1, 3, 6 — Overlapping channels AP1 Ch 1 AP2 Ch 3 ! AP3 Ch 6 CCI CCI
Channels 2 through 5 and 7 through 10 all overlap neighboring channels. Assign APs exclusively to 1, 6, or 11 on 2.4 GHz. This is the core channel planning rule.
Channel Bonding
What It Is
Combining two adjacent channels into one wider channel doubles throughput. 20 MHz + 20 MHz = 40 MHz channel bond. 802.11ac supports 80 MHz and 160 MHz bonded channels on 5 GHz.
The Tradeoff
Wider channels are faster but consume more spectrum. In a dense office with many APs, 20 MHz channels leave room for neighbors. In a sparse environment, 80 MHz maximizes per-client throughput.
Exam note: 5 GHz has enough channels for 80 MHz bonding without co-channel interference. On 2.4 GHz, bonding is rarely practical — there is almost no remaining spectrum.
Slide 5 of 10
MIMO, MU-MIMO, and OFDMA
These are the antenna and scheduling technologies that drive real-world Wi-Fi performance at scale.
802.11n and later
MIMO
Multiple Input, Multiple Output. Uses multiple antennas on both the AP and client to transmit multiple data streams simultaneously over the same channel. A 3x3 MIMO radio has 3 transmit and 3 receive antennas — up to 3 spatial streams. Increases throughput without requiring additional spectrum.
802.11ac Wave 2 and later
MU-MIMO
Multi-User MIMO. Extends MIMO to serve multiple clients simultaneously. Single-user MIMO completes one client before moving to the next. MU-MIMO serves up to 4 clients (downlink) simultaneously using beamforming to separate spatial streams. Critical when 20+ devices compete for the same AP.
802.11ax only
OFDMA
Orthogonal Frequency Division Multiple Access. Divides each channel into resource units (RUs). Different clients receive different RUs in the same transmission window. Unlike MU-MIMO (spatial), OFDMA operates in the frequency domain. Dramatically reduces latency for IoT and VoIP. This is the defining upgrade in Wi-Fi 6.
Why This Matters for the Branch Office
50 users connecting simultaneously is exactly the use case for MU-MIMO and OFDMA. An 802.11ac AP without MU-MIMO serves each client sequentially — at 50 clients, everyone waits in line. An 802.11ax AP with OFDMA schedules all clients in the same time slot across different frequency sub-carriers. The difference is perceptible, especially during peak hours.
Branch office with 50 concurrent users: 802.11ax with OFDMA is the correct call. MU-MIMO handles spatial separation; OFDMA handles the high-client-density scheduling problem.
Slide 6 of 10
WPA2 vs WPA3
WPA3 is not optional for new deployments. Understand what changed and why every change matters.
WPA2 (2004)
Encryption: AES-CCMP (128-bit)
Key exchange: 4-way handshake (PSK)
Weakness: Captured handshakes enable unlimited offline dictionary attacks
Enterprise: 802.1X + RADIUS (remains strong)
Personal: Pre-Shared Key — one password for all devices
Mgmt frames: Unauthenticated — deauth attacks are trivial
WPA3 (2018)
Encryption: AES-GCMP-256 (personal) / CNSA suite (enterprise)
Key exchange: SAE (Simultaneous Authentication of Equals)
Improvement: SAE is interactive — offline cracking is eliminated
Forward secrecy: Yes — past traffic cannot be decrypted later
PMF: Protected Management Frames mandatory
Enhanced Open: OWE encrypts open networks with no password
SAE — The Core Upgrade
WPA2-Personal: the 4-way handshake can be captured during client association and attacked offline at unlimited compute speed with unlimited guesses. WPA3-SAE: the handshake is interactive — each guess requires a live exchange with the AP. Offline cracking is eliminated. A weak password is still weak, but the attack surface shrinks dramatically.
Branch office: deploy WPA3-Personal or WPA3-Enterprise. If legacy devices require WPA2, enable WPA2/WPA3 transition mode temporarily while you phase them out.
Slide 7 of 10
PSK vs 802.1X Enterprise
The authentication model determines who can join and how they prove their identity.
Personal — PSK / SAE
Credential: Single shared passphrase for all users
Revocation: Change the password — everyone must reconnect
Visibility: No per-user identity — all traffic looks the same on the AP
Scale: Homes, small offices under 20 users
Risk: One compromised employee exposes the entire network password
Infrastructure: None beyond the AP itself
Enterprise — 802.1X + RADIUS
Credential: Per-user certificate or username/password via EAP
Revocation: Disable one account — zero impact on other users
Visibility: Per-user traffic logging and dynamic VLAN assignment
Scale: Any size — 10 users to 100,000
Risk: A compromised credential affects only that account
Infrastructure: RADIUS server required (NPS on Windows, FreeRADIUS on Linux)
How 802.1X Works
Client (supplicant) associates with the AP (authenticator). The AP forwards credentials to a RADIUS server. RADIUS validates against Active Directory or a certificate store. On success, RADIUS returns Access-Accept. The AP opens the port. EAP is the framework — PEAP and EAP-TLS are the two common methods.
Branch office with 50 corporate users: 802.1X is the correct authentication model. If Active Directory already exists, Windows NPS becomes a functional RADIUS server in minutes.
Slide 8 of 10
Wireless Security Threats
Know the attack name, the mechanism, and the defense. All of these appear on the exam.
Evil Twin AP
Attacker broadcasts an SSID identical to the legitimate network with higher signal strength. Clients auto-connect. All traffic passes through the attacker.
Defense: 802.1X — clients authenticate to a server certificate, not the AP name. Certificate validation detects impostor APs.
Deauthentication Attack
802.11 management frames are unencrypted in WPA2. Attacker sends spoofed deauth frames. Clients disconnect. Used to force reconnection and capture WPA2 4-way handshakes.
Defense: WPA3 mandates Protected Management Frames (PMF / 802.11w). Deauth frames are authenticated and cannot be spoofed.
Rogue Access Point
An unauthorized AP physically connected to the wired network — installed by an employee or attacker. Bypasses NAC and firewall policy. Creates a wireless backdoor.
Defense: Wireless IDS, 802.1X authentication on all switchports, and periodic site surveys to detect unauthorized transmitters.
WPA2 Handshake Capture
Attacker captures the 4-way handshake during client association or forces it via deauth. Attacks the hash offline with a dictionary or GPU cluster at unlimited speed.
Defense: WPA3-SAE eliminates offline cracking. On WPA2, enforce long random passphrases — 20 or more characters.
Jamming / Interference
Intentional RF flooding renders the network unusable. Unintentional sources include microwave ovens, baby monitors, and neighboring 2.4 GHz APs.
Defense: Use 5 GHz for critical traffic. Spectrum analyzers identify interference sources during site surveys.
Wardriving
Scanning and mapping SSIDs, BSSIDs, and signal strengths from a moving vehicle using a wireless adapter in monitor mode. Often precedes more targeted attacks.
Defense: SSID hiding provides minimal security — SSIDs are still visible in probe responses. Strong WPA3 authentication is the real control.
Slide 9 of 10
Site Surveys & Troubleshooting
You cannot tune what you cannot measure. A site survey is mandatory before deploying APs in a new space.
Site Survey — What You Do
Passive survey: Walk the space in listen mode. Map signal strength from existing APs without associating.
Active survey: Connect to each AP and measure actual throughput, retry rates, and signal-to-noise ratio.
Predictive survey: Use floor plan software to model AP placement before physical installation.
Heat map: Visual overlay of signal strength across the floor plan. Reveals dead zones and excessive overlap.
Spectrum analysis: Identify non-Wi-Fi interference — baby monitors, Bluetooth, DECT phones, microwave ovens.
Output: AP placement plan with channel assignments and transmit power settings per AP.
Common Wireless Problems
Weak signal / dead zones: AP too far or obstructed. Add an AP or reposition. Verify transmit power is not artificially reduced.
Co-channel interference: Two APs on the same channel with overlapping coverage. Reassign to 1, 6, or 11 with proper separation.
High retry rate: Poor SNR or multipath reflections. Lower transmit power to tighten the coverage cell and reduce interference.
Client drops connection: Deauth attack, AP overload, or sticky client refusing to roam. Check per-AP client count and RSSI thresholds.
Slow speed near AP: Legacy 2.4 GHz clients dragging the whole SSID down. Separate SSIDs by band or enforce a minimum data rate.
Overlap zone — client evaluates RSSI threshold AP1 SSID: Corp AP2 SSID: Corp AP1: -55 dBm (connected) AP2: -85 dBm Laptop Corp Client connected to AP1 — strong signal
Before the branch office goes live: run a predictive survey from the floor plan, install the APs, then validate with a passive walk-through. Document every channel assignment and transmit power setting before handing off.
Slide 10 of 10  |  N10-009 Obj 2.4
Branch Office — Decision Made
The branch office gets dual-band 802.11ax (Wi-Fi 6) APs. 5 GHz uses 20 MHz non-overlapping channels because the space is dense. Security is WPA3-Enterprise backed by the corporate RADIUS server. The 2.4 GHz radio serves legacy IoT devices only. A site survey was conducted first. Channel assignments are documented. 50 users connect. There are no dead zones. Throughput is consistent. The handshakes are SAE-protected. There is no single shared password to leak. Every decision was correct.
6 Facts to Carry Out of This Presentation
1 802.11ax (Wi-Fi 6) is the current standard — dual-band + 6 GHz (6E), OFDMA, up to 9.6 Gbps theoretical.
2 2.4 GHz: range but congestion, only 3 non-overlapping channels (1, 6, 11). 5 GHz: speed, 24+ channels, less range.
3 WPA3 replaces the 4-way handshake with SAE — eliminates offline dictionary attacks. PMF becomes mandatory.
4 Enterprise auth = 802.1X + RADIUS. Per-user credentials. Granular revocation. Required for corporate deployments.
5 Evil twin attacks exploit SSID trust. Defense is 802.1X certificate validation — the client authenticates the server, not just the name.
6 Always run a site survey before AP deployment. Heat maps reveal dead zones. Channel plans eliminate co-channel interference.