What is the difference between 2.4GHz and 5GHz Wi-Fi?

2.4GHz Wi-Fi has longer range and better wall penetration but is more congested and has only 3 non-overlapping channels (1, 6, 11). 5GHz has shorter range but is faster, less congested, and has 24+ non-overlapping channels. Use 2.4GHz for coverage; 5GHz for performance near the AP.

What is the difference between WPA2 and WPA3?

WPA2 uses AES-CCMP with PSK authentication, which is vulnerable to offline dictionary attacks after capturing the 4-way handshake. WPA3 replaces PSK with SAE (Simultaneous Authentication of Equals), which provides forward secrecy and resists offline brute-force attacks. WPA3 also adds OWE for encrypting open networks.

What is an evil twin attack?

An evil twin attack creates a rogue AP mimicking a legitimate SSID — often with stronger signal. Clients connect to the attacker's AP and all traffic is intercepted. Defence: 802.1X enterprise authentication, VPN on untrusted networks, and WIDS monitoring.

Wireless Networking — 802.11 Standards, WPA3 & Attacks

⚡ Quick Answer

Key 802.11 standards: 802.11n (Wi-Fi 4) = 2.4/5GHz, 600 Mbps. 802.11ac (Wi-Fi 5) = 5GHz only, 3.5 Gbps. 802.11ax (Wi-Fi 6) = 2.4/5/6GHz, 9.6 Gbps. Security evolution: WEP = broken. WPA = legacy. WPA2 = AES-CCMP, vulnerable to offline dictionary attacks. WPA3 = SAE — current standard, resists offline attacks. Enterprise: 802.1X + RADIUS for per-user auth. 2.4GHz = 3 non-overlapping channels (1, 6, 11), longer range. 5GHz = 24+ channels, faster, shorter range. Wireless attacks: evil twin, rogue AP, deauthentication, jamming.

802.11 Wireless Standards

The 802.11 standard family defines how Wi-Fi works. Each revision improves speed, efficiency, or range. For the exam, know the frequency bands, maximum theoretical throughput, and Wi-Fi generation names.

Standard	Wi-Fi Gen	Frequency	Max Speed	Key Feature
802.11a	—	5 GHz only	54 Mbps	First 5GHz standard (1999); less interference, shorter range
802.11b	—	2.4 GHz only	11 Mbps	First widely adopted standard; slowest; 2.4GHz congestion
802.11g	—	2.4 GHz only	54 Mbps	Same speed as 'a' but on 2.4GHz; backward-compatible with 802.11b
802.11n	Wi-Fi 4	2.4 + 5 GHz	600 Mbps	First dual-band standard; introduced MIMO (multiple antennas)
802.11ac	Wi-Fi 5	5 GHz only	3.5 Gbps	MU-MIMO, wider channels (80/160MHz), beamforming
802.11ax	Wi-Fi 6/6E	2.4 + 5 + 6 GHz	9.6 Gbps	OFDMA for dense environments; Wi-Fi 6E adds 6GHz band

🎯 Exam Tip — Three Speed Facts to Memorise

802.11a and 802.11g are both 54 Mbps — same speed, different bands (a=5GHz, g=2.4GHz). This is a classic trick question.

802.11ac is 5GHz only — it does not operate on 2.4GHz. If the scenario requires dual-band, the answer is 802.11n or 802.11ax.

802.11ax = Wi-Fi 6 — the answer to any "most current standard" question.

2.4 GHz vs 5 GHz

📡

2.4 GHz Band

Longer range — lower frequency penetrates walls better. Only 3 non-overlapping channels in the US: channels 1, 6, and 11. Highly congested — shared with Bluetooth, microwaves, baby monitors, and neighbouring networks. Lower maximum throughput. Best for: distant devices, IoT sensors, devices needing broad coverage.

Channels 1/6/11 onlyBetter rangeMore congestion

⚡

5 GHz Band

Shorter range — higher frequency attenuates more through walls. 24+ non-overlapping channels available (40, 80, and 160MHz channel widths). Much less congested. Higher throughput. Best for: devices near the AP, video streaming, gaming, high-bandwidth applications where speed matters more than coverage.

24+ channelsHigher speedLess interference

📌 Channel Overlap — Why Only Channels 1, 6, 11

In the 2.4GHz band, channels are 22MHz wide but spaced only 5MHz apart — adjacent channels overlap heavily. Channels 1, 6, and 11 are the only three that don't overlap with each other. When deploying multiple APs in the same space, use only these three channels to avoid adjacent-channel interference (which garbles transmissions), even though it increases co-channel interference (which only slows devices, it doesn't corrupt data).

Wi-Fi Security — WEP through WPA3

WEP — Completely Broken

Wired Equivalent Privacy (1997)

Encryption: RC4 stream cipher with 40 or 104-bit keys

Fatal flaw: 24-bit IV (Initialization Vector) reuse — attackers crack the key by collecting ~50,000 packets (minutes with modern tools)

Status: Cryptographically broken since 2001. Banned by PCI-DSS. Never use.

Exam tip: Always the wrong answer — if WEP appears as an option, eliminate it immediately

WPA (Original) — Legacy

Wi-Fi Protected Access (2003)

Encryption: TKIP (Temporal Key Integrity Protocol) — per-packet key mixing, still uses RC4 underneath

Improvement: Dynamic key rotation — far better than WEP but architecture limits it

Status: Deprecated 2012. Known TKIP attacks. Replace with WPA2/WPA3.

Exam tip: A "legacy/transitional" option — better than WEP but not acceptable today

WPA2 — Minimum Acceptable Standard

Wi-Fi Protected Access 2 (2004)

Encryption: AES-CCMP — strong block cipher, replaces RC4

Personal (PSK): Single shared password. Vulnerable to offline dictionary attack — attacker captures 4-way handshake and brute-forces offline

Enterprise (802.1X): Per-user RADIUS authentication — much more secure

Vulnerabilities: KRACK (2017, patched), PMKID attack (enables offline cracking without handshake capture)

WPA3 — Current Recommended Standard

Wi-Fi Protected Access 3 (2018)

Personal: SAE (Simultaneous Authentication of Equals) — replaces PSK. Generates unique keys per session, resists offline dictionary attacks even with weak passwords

Forward secrecy: Past sessions cannot be decrypted even if the password is later compromised

Open networks: OWE (Opportunistic Wireless Encryption) encrypts open Wi-Fi traffic without a password

Enterprise: WPA3-Enterprise 192-bit uses GCMP-256 for high-security environments

🎯 Exam Tip — Personal vs Enterprise

WPA2/WPA3-Personal (PSK/SAE): One shared password for all users. Simple setup. Risk: anyone with the password has access; must change password if someone leaves.

WPA2/WPA3-Enterprise (802.1X): Per-user credentials validated by RADIUS. Revoking one user's access doesn't affect others. Required for any regulated environment (PCI-DSS, HIPAA). If the scenario mentions "revoking individual access" or "per-user credentials," the answer is Enterprise/802.1X.

802.1X — Enterprise Wi-Fi Authentication

In WPA2/WPA3-Enterprise, clients authenticate using 802.1X (port-based access control) and EAP (Extensible Authentication Protocol). Three components are involved:

Component	Role	Examples
Supplicant	The client device requesting wireless access. Presents credentials via EAP.	Laptop, phone, IoT device
Authenticator	The wireless AP. Passes EAP traffic between supplicant and auth server — does not make the allow/deny decision itself.	Wireless access point, managed switch
Auth Server (RADIUS)	Validates credentials and returns Accept or Reject to the authenticator. Integrates with Active Directory / LDAP.	Microsoft NPS, FreeRADIUS, Cisco ISE

📌 EAP Methods

EAP-TLS: Most secure — both client and server authenticate with X.509 certificates. Requires certificate deployment to all clients. Used in high-security environments.

PEAP (Protected EAP): Client authenticates with username/password, wrapped inside a TLS tunnel (server presents a certificate). Most common in enterprise deployments — simpler than EAP-TLS since clients don't need certificates.

EAP-TTLS: Similar to PEAP — TLS tunnel for credential protection. Supports a wider variety of inner authentication methods.

Wireless Attack Types

Evil Twin Attack

Attacker creates a rogue AP broadcasting the same SSID as a legitimate network, often at higher power to attract clients. All traffic routes through the attacker (man-in-the-middle). Defence: 802.1X (clients only connect to authenticated infrastructure), VPN on untrusted networks, WIDS monitoring for duplicate SSIDs.

Rogue Access Point

An unauthorised AP plugged into the corporate wired network — by an employee for convenience, or by an attacker. Creates an uncontrolled wireless entry point that bypasses perimeter controls. Defence: WIDS/WIPS, 802.1X on all switch ports (NAC), regular RF surveys, physical security.

Deauthentication Attack

Attacker sends spoofed 802.11 deauth frames forcing clients to disconnect. On reconnect, the WPA2 4-way handshake is captured for offline cracking. Also used to push clients onto an evil twin. Defence: WPA3/SAE (resists offline cracking), 802.11w Protected Management Frames (PMF) — authenticates management frames to block spoofed deauths.

Jamming (RF DoS)

Flooding a frequency with RF noise to prevent legitimate devices from communicating — a wireless denial-of-service. Can be accidental (microwave ovens on 2.4GHz) or deliberate. Defence: WIDS jamming detection, 5GHz band (less interference), frequency-hopping spread spectrum (FHSS). Physical access to RF spectrum cannot be fully prevented.

Other Key Wireless Concepts

📶

SSID Hiding

Disabling SSID broadcast in AP beacon frames. Provides no real security — the SSID is still visible in probe request/response frames when any client connects. Attackers discover hidden SSIDs trivially using passive monitoring tools. Causes legitimate users connectivity issues. Never substitute for proper encryption.

🔢

MAC Address Filtering

Allowing only pre-approved MAC addresses to associate with the AP. Easily bypassed — MAC addresses are transmitted in plaintext and trivially spoofed. An attacker sniffs an authorised MAC and spoofs it. High administrative overhead. Not a security control — just a marginal inconvenience to unskilled attackers.

🏢

WIDS / WIPS

Wireless IDS monitors the RF environment and alerts on rogue APs, evil twins, and anomalous behaviour. Wireless IPS takes active countermeasures — e.g., sending deauth frames to disconnect clients from rogue APs. Implemented as dedicated sensor overlays or as features in enterprise Wi-Fi controllers (Cisco, Aruba, Meraki).

📐

Site Survey

A wireless site survey maps RF coverage, identifies dead zones, measures signal strength, and detects interference sources and rogue APs before or after AP deployment. Passive surveys (listen only) and active surveys (associate and measure) are used. Essential for large deployments to ensure coverage and proper channel assignment.

Exam Scenarios

Scenario 1: Users keep getting disconnected from Wi-Fi, and during reconnection an attacker in the building captures their WPA2 handshake. What attack is this, and what stops it? Answer: Deauthentication (deauth) attack. The attacker sends spoofed deauth frames forcing reconnects. Fix: deploy WPA3 (SAE resists offline cracking) and enable 802.11w Protected Management Frames to authenticate management frames and block spoofed deauths.

Scenario 2: A coffee shop's open Wi-Fi uses no password. WPA3 is available. What feature of WPA3 provides encryption even for open networks? Answer: OWE (Opportunistic Wireless Encryption). Each client session is individually encrypted even without a password, preventing passive eavesdropping by other users on the same open SSID.

Scenario 3: An employee leaves the company. The security team wants to revoke their Wi-Fi access without changing the password for everyone else. What Wi-Fi authentication method is required? Answer: WPA2/WPA3-Enterprise with 802.1X and RADIUS. Each user has individual credentials tied to their Active Directory account. Disabling the AD account revokes their Wi-Fi access immediately without affecting other users.

Scenario 4: A laptop with an 802.11ac adapter cannot connect to the 2.4GHz guest network. Why? Answer: 802.11ac (Wi-Fi 5) operates on the 5GHz band only — it has no 2.4GHz radio. The laptop needs to connect to a 5GHz SSID, or the guest network needs to also broadcast a 5GHz option (using a dual-band AP running 802.11n or 802.11ax).

Scenario 5: Three APs in an open office are configured on channels 1, 3, and 6. Users report corrupted downloads and choppy VoIP. What is wrong? Answer: Adjacent-channel interference. Channel 3 overlaps with both channels 1 and 6, causing signal corruption. Reconfigure to use only non-overlapping channels: 1, 6, and 11.

Wireless Frequencies and Regulatory Considerations

Wi-Fi operates in licensed spectrum bands, and the regulatory environment affects which channels are available and at what transmit power levels. For A+ and Network+ exam purposes, the key regulatory concepts are channel availability, transmit power limits, and the DFS requirement.

In the 5GHz band, channels are divided into several groups. Channels 36–48 are UNII-1 and can be used at lower power levels indoors. Channels 52–64 and 100–144 are UNII-2 and UNII-2e, and these channels require DFS (Dynamic Frequency Selection) — the AP must listen for radar signals (used by weather radar and military radar systems that share these frequencies) before transmitting. If radar is detected, the AP must immediately vacate that channel and switch to a clear one. This is why APs on DFS channels occasionally lose clients briefly during a channel switch — they detected radar and moved. Channels 149–165 are UNII-3 and allow the highest transmit power levels, making them popular for outdoor and longer-range deployments.

The 6GHz band, newly opened for Wi-Fi 6E, has different rules — it requires either Automated Frequency Coordination (AFC) for outdoor use or is limited to indoor use at lower power levels. The 6GHz band dramatically expands available spectrum: approximately 1,200 MHz compared to just 70 MHz on 2.4GHz and 500 MHz on 5GHz, providing up to seven additional 160MHz-wide channels. This is why Wi-Fi 6E is considered a major step forward for high-density deployments.

MIMO, MU-MIMO, and OFDMA

Understanding the antenna and multiplexing technologies behind modern Wi-Fi standards is increasingly important for the exam, especially the differences between Wi-Fi generations.

MIMO (Multiple-Input, Multiple-Output) was introduced with 802.11n (Wi-Fi 4). Instead of a single antenna, MIMO uses multiple antennas at both the transmitter and receiver to send and receive multiple spatial streams simultaneously. A 2×2:2 MIMO AP has 2 transmit antennas, 2 receive antennas, and can handle 2 simultaneous spatial streams — doubling throughput compared to a single antenna. Enterprise-class 802.11n APs often support 3×3:3 or 4×4:4 configurations.

MU-MIMO (Multi-User MIMO), introduced in 802.11ac Wave 2 (Wi-Fi 5), extends MIMO to serve multiple clients simultaneously. Single-user MIMO (SU-MIMO) only transmits to one device at a time — other devices wait their turn. MU-MIMO allows the AP to transmit to multiple devices in parallel using spatial multiplexing. Wi-Fi 5 supported MU-MIMO downlink (AP to client) only. Wi-Fi 6 (802.11ax) extends MU-MIMO to uplink as well, and supports up to 8 simultaneous spatial streams.

OFDMA (Orthogonal Frequency-Division Multiple Access) is a major Wi-Fi 6 feature and a key exam topic when the question mentions dense environments or IoT. Traditional Wi-Fi (OFDM in 802.11a/g/n/ac) assigns the entire channel to one device for each transmission. OFDMA divides the channel into smaller frequency units called Resource Units (RUs) and allocates different RUs to different clients simultaneously. This dramatically reduces latency and improves efficiency in high-density environments — stadiums, airports, offices with many IoT devices — because the AP can serve many small devices simultaneously rather than making them queue for channel access.

Wireless Network Architecture Concepts

The exam tests specific wireless terminology describing how wireless networks are structured. Make sure you know these terms precisely.

Term	Definition	Exam Significance
SSID	Service Set Identifier — the name of a wireless network. Up to 32 characters. Multiple APs can broadcast the same SSID to create a seamless network.	Hidden SSID is security through obscurity — not genuine security. Clients must know the SSID to connect.
BSS	Basic Service Set — a single AP and its associated clients. The smallest wireless network unit.	Each BSS has a unique BSSID (the AP's MAC address). Differentiates physical AP cells.
ESS	Extended Service Set — multiple BSSs (APs) sharing the same SSID, connected by a distribution system (wired network). Enables seamless roaming.	Corporate Wi-Fi is an ESS. Clients roam between APs without reconnecting as long as the SSID and security settings match.
IBSS	Independent Basic Service Set — ad-hoc wireless network with no AP. Devices connect peer-to-peer directly.	Rarely used in enterprise settings; generally blocked on corporate networks as a security risk.
BSSID	The MAC address of an AP's radio interface. Uniquely identifies each AP cell, even if multiple APs share the same SSID.	Used by WIDS tools to detect rogue APs — unexpected BSSIDs broadcasting your SSID indicate an evil twin attack.
Roaming	Client moves from one AP to another within an ESS without losing connectivity. 802.11r (Fast BSS Transition) speeds up the re-authentication process during roaming.	Poor roaming is a common wireless complaint — clients stick to a weak AP instead of roaming to a closer one.

Common Wireless Troubleshooting Issues

Network+ tests practical troubleshooting in addition to theory. Here are the most common wireless problems and their root causes that appear in exam scenarios.

Slow wireless speeds despite strong signal are often caused by co-channel interference (too many APs on the same channel in the same area), or by legacy devices on the network. When even one 802.11b device is present on a 2.4GHz network, the AP enables a protection mechanism that dramatically reduces throughput for all devices. Separating legacy and modern devices onto different SSIDs/bands resolves this.

Intermittent connectivity or high retransmission rates are often caused by adjacent-channel interference (APs on overlapping channels), physical obstructions causing multipath reflection, or interference from non-Wi-Fi 2.4GHz sources such as microwave ovens, cordless phones, and Bluetooth devices. Moving to 5GHz resolves most of these issues because the 5GHz band has more channels and far less crowded spectrum.

Clients connecting at low speeds (e.g., 54 Mbps instead of 300+ Mbps) despite a capable adapter usually means the client is far from the AP and using a lower modulation rate due to weak signal, or the AP's configuration has the band steering or minimum RSSI threshold misconfigured, allowing distant clients to hold onto a connection at very low rates instead of roaming to a closer AP.

802.1X authentication failures in enterprise environments are commonly caused by an expired RADIUS server certificate, a mismatch between the server certificate's CA and the CA trusted by clients, or a client not having the correct supplicant (EAP method) configured. Always check certificate validity dates when enterprise Wi-Fi authentication suddenly stops working.

Wi-Fi 6E and the 6GHz Band

Wi-Fi 6E extends 802.11ax into the 6GHz band, which was opened by the FCC in 2020. The 6GHz band offers approximately 1,200 MHz of spectrum — compared to 70 MHz on 2.4GHz and 500 MHz on 5GHz. This means up to seven additional 160MHz-wide channels, virtually eliminating interference and congestion. Wi-Fi 6E devices require a tri-band adapter. The 6GHz band has shorter range than 5GHz (higher frequency attenuates more), so it is best suited for high-density indoor environments. Older Wi-Fi 6 devices do not support 6GHz — they require a firmware upgrade or replacement.

Ace Network+ and Security+

Every protocol, standard, and attack concept — all on one cheat sheet.

View Network+ Cheat Sheet →

Wireless Networking Explained