Podcast
Questions and Answers
FlexConnect APs can operate in either Connected mode or Standalone mode.
FlexConnect APs can operate in either Connected mode or Standalone mode.
True (A)
In Standalone mode, the FlexConnect AP can perform all CAPWAP functions.
In Standalone mode, the FlexConnect AP can perform all CAPWAP functions.
False (B)
Direct-Sequence Spread Spectrum (DSSS) is a modulation technique primarily used by 802.11a devices.
Direct-Sequence Spread Spectrum (DSSS) is a modulation technique primarily used by 802.11a devices.
False (B)
Frequency-Hopping Spread Spectrum (FHSS) requires synchronization between sender and receiver.
Frequency-Hopping Spread Spectrum (FHSS) requires synchronization between sender and receiver.
Channel saturation can degrade the quality of wireless communication.
Channel saturation can degrade the quality of wireless communication.
Orthogonal Frequency-Division Multiplexing (OFDM) uses only a single frequency channel.
Orthogonal Frequency-Division Multiplexing (OFDM) uses only a single frequency channel.
Cisco offers techniques to mitigate frequency channel saturation.
Cisco offers techniques to mitigate frequency channel saturation.
DSSS and FHSS are both modulation techniques used to avoid interference in wireless communications.
DSSS and FHSS are both modulation techniques used to avoid interference in wireless communications.
In a man-in-the-middle attack, the hacker acts as a legitimate entity between two parties.
In a man-in-the-middle attack, the hacker acts as a legitimate entity between two parties.
The 'evil twin AP' attack uses a different SSID from the legitimate access point to deceive users.
The 'evil twin AP' attack uses a different SSID from the legitimate access point to deceive users.
In Connected mode, the FlexConnect AP cannot switch client data traffic locally.
In Connected mode, the FlexConnect AP cannot switch client data traffic locally.
The original 802.11 standard did not use Frequency-Hopping Spread Spectrum (FHSS).
The original 802.11 standard did not use Frequency-Hopping Spread Spectrum (FHSS).
Identifying legitimate devices on a WLAN is unnecessary for defending against MITM attacks.
Identifying legitimate devices on a WLAN is unnecessary for defending against MITM attacks.
MAC address filtering is a method used to enhance WLAN security.
MAC address filtering is a method used to enhance WLAN security.
Open authentication is a type of secure authentication system for wireless networks.
Open authentication is a type of secure authentication system for wireless networks.
Authentication and encryption systems are integral components of secure WLANs.
Authentication and encryption systems are integral components of secure WLANs.
To defeat a MITM attack, network monitoring is the only required step.
To defeat a MITM attack, network monitoring is the only required step.
SSID cloaking involves hiding the network name from users.
SSID cloaking involves hiding the network name from users.
A rogue Access Point (AP) does not need to match the SSID of a legitimate AP to be considered a threat.
A rogue Access Point (AP) does not need to match the SSID of a legitimate AP to be considered a threat.
Monitoring the traffic on the network can help identify unauthorized devices.
Monitoring the traffic on the network can help identify unauthorized devices.
WLAN networks operate in the 2.4 and 5 GHz frequency bands.
WLAN networks operate in the 2.4 and 5 GHz frequency bands.
The organization responsible for regulating satellite orbits is the Wi-Fi Alliance.
The organization responsible for regulating satellite orbits is the Wi-Fi Alliance.
IEEE is involved in specifying how a radio frequency is modulated for information transmission.
IEEE is involved in specifying how a radio frequency is modulated for information transmission.
The 2.4 GHz band corresponds to the SHF frequency range.
The 2.4 GHz band corresponds to the SHF frequency range.
The Wi-Fi Alliance aims to improve the interoperability of products based on the IEEE 802.11 standard.
The Wi-Fi Alliance aims to improve the interoperability of products based on the IEEE 802.11 standard.
The IEEE 802 LAN/MAN family of standards is maintained by the International Telecommunication Union.
The IEEE 802 LAN/MAN family of standards is maintained by the International Telecommunication Union.
WLAN devices exclusively operate on the frequency of 5 GHz.
WLAN devices exclusively operate on the frequency of 5 GHz.
The electromagnetic spectrum includes the frequencies utilized by wireless devices.
The electromagnetic spectrum includes the frequencies utilized by wireless devices.
WPA uses the Advanced Encryption Standard (AES) for encryption.
WPA uses the Advanced Encryption Standard (AES) for encryption.
The RADIUS server requires the user's authentication information.
The RADIUS server requires the user's authentication information.
WPA3 is considered less secure than WPA2.
WPA3 is considered less secure than WPA2.
UDP port 1812 is used for RADIUS Authentication.
UDP port 1812 is used for RADIUS Authentication.
TKIP encrypts the Layer 2 payload without using WEP.
TKIP encrypts the Layer 2 payload without using WEP.
The shared key in RADIUS authentication is used to decrypt the messages.
The shared key in RADIUS authentication is used to decrypt the messages.
The Counter Cipher Mode with Block Chaining Message Authentication Code Protocol is used by WPA.
The Counter Cipher Mode with Block Chaining Message Authentication Code Protocol is used by WPA.
WPA3 offers improved security features compared to WPA2.
WPA3 offers improved security features compared to WPA2.
UDP ports 1645 and 1646 are the only ports used by RADIUS servers.
UDP ports 1645 and 1646 are the only ports used by RADIUS servers.
802.1X standard ensures centralized authentication of end users.
802.1X standard ensures centralized authentication of end users.
WPA3 - Enterprise requires the use of a 192-bit cryptographic suite and employs 802.1X/EAP authentication.
WPA3 - Enterprise requires the use of a 192-bit cryptographic suite and employs 802.1X/EAP authentication.
Opportunistic Wireless Encryption (OWE) is used to provide authentication in Open Networks.
Opportunistic Wireless Encryption (OWE) is used to provide authentication in Open Networks.
WLAN networks can only operate in the 5 GHz frequency band.
WLAN networks can only operate in the 5 GHz frequency band.
Simultaneous Authentication of Equals (SAE) helps protect against brute force attacks in WPA3 - Personal.
Simultaneous Authentication of Equals (SAE) helps protect against brute force attacks in WPA3 - Personal.
DTLS is a protocol that provides encryption between access points (AP) and wireless controller (WLC).
DTLS is a protocol that provides encryption between access points (AP) and wireless controller (WLC).
Study Notes
Wireless Radio Frequencies
- Wireless devices operate within the electromagnetic spectrum, specifically in the 2.4 GHz (UHF) and 5 GHz (SHF) frequency bands.
- WLAN standards include 802.11b/g/n/ax for 2.4 GHz and 802.11a/n/ac/ax for 5 GHz.
Wireless Standards Organizations
- ITU: Regulates radio spectrum allocation and satellite orbits.
- IEEE: Specifies modulation techniques and maintains IEEE 802 LAN/MAN family of standards.
- Wi-Fi Alliance: Promotes WLAN growth and product interoperability based on the 802.11 standard.
CAPWAP Operation
- FlexConnect allows AP configuration over a WAN link with two main modes:
- Connected mode: AP has CAPWAP tunnel connectivity with WLC, performing all functions.
- Standalone mode: AP operates without WLC connection, handling data traffic and client authentication locally.
Channel Management
- Channel saturation occurs when wireless demand exceeds capacity, degrading communication quality.
- Mitigation techniques include:
- DSSS: Spreads signal over larger frequency bands to avoid interference.
- FHSS: Rapidly switches carriers among frequency channels, requiring synchronization.
- OFDM: Uses multiple sub-channels on adjacent frequencies, improving efficiency.
WLAN Threats
- Man-in-the-Middle Attack (MITM): An attacker intercepts communication between legitimate entities. Commonly executed via "evil twin AP" attacks.
- Prevention strategies include authenticating devices and monitoring for abnormal network traffic.
Secure WLANs
Security Measures
- SSID Cloaking and MAC Address Filtering protect network access.
- Authentication systems include Open and Shared Key Authentication.
Encryption Methods
- WPA and WPA2 use TKIP (for legacy support) and AES (provides robust encryption) respectively.
- TKIP encrypts the Layer 2 payload, while AES relies on CCMP for data integrity.
Authentication in the Enterprise
- Requires a RADIUS server for AAA, mandating:
- RADIUS server IP address.
- UDP ports (1812 for Authentication; 1813 for Accounting, also 1645/1646).
- Shared key for device authentication.
WPA3 Features
- WPA3 replaces WPA2 as a more secure protocol:
- WPA3-Personal: Prevents brute force through Simultaneous Authentication of Equals (SAE).
- WPA3-Enterprise: Uses 802.1X/EAP, mandates a 192-bit cryptographic suite.
- Open Networks: Enforces Opportunistic Wireless Encryption (OWE) for traffic encryption.
- IoT Onboarding: Employs Device Provisioning Protocol (DPP) for rapid IoT device integration.
Summary of Wireless LANs
- WLAN types include WPAN, WLAN, WMAN, and WWAN, utilizing unlicensed radio spectrum.
- Standard protocols like CAPWAP manage multiple APs through a central controller.
- Wireless LAN devices operate using transmitters and receivers aligned to specific radio frequencies, employing DSSS, FHSS, and OFDM channel techniques for communication.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Explore the fundamentals of wireless radio frequencies, including 2.4 GHz and 5 GHz bands. Learn about major wireless standards organizations such as ITU and IEEE, as well as the CAPWAP operation modes. Understand channel management techniques to optimize communication quality.
