Wireless basics — Wi-Fi for CCNA
9 min
The CCNA expects you to know enough Wi-Fi to talk intelligibly about the SSID, the encryption, the bands, and the controller architecture. This is the survey, not the deep dive (that's the CWNA cert).
The vocabulary
| Term | Meaning | |---|---| | AP (Access Point) | The "switch port" of the wireless world — bridges Wi-Fi clients onto the wired LAN | | SSID | Service Set Identifier — the network name, e.g. "Corp-Wi-Fi" | | BSSID | The AP radio's MAC address. Each SSID-radio combination is a BSSID | | WLAN | Wireless LAN — an SSID + its config (security, VLAN, etc.) | | WLC | Wireless LAN Controller — central brain managing many APs | | CAPWAP | Tunneling protocol from AP to WLC (carries control + data) | | RF | Radio Frequency — the actual signal in the air |
The bands
| Band | Channels | Range (rough) | Throughput | Issue | |---|---|---|---|---| | 2.4 GHz | 11–14 (only 1/6/11 non-overlapping) | Good | Lower | Severely crowded (microwaves, BT, every old AP) | | 5 GHz | 24+ non-overlapping | Medium | High | Less crowded, less wall-penetrating | | 6 GHz (Wi-Fi 6E / 7) | Many new | Short | Very high | Brand new, modern devices only, regulatory varies |
Standards: 802.11n (Wi-Fi 4, 2.4 + 5), 802.11ac (Wi-Fi 5, 5 only), 802.11ax (Wi-Fi 6 / 6E), 802.11be (Wi-Fi 7).
Autonomous vs controller-based APs
- Autonomous APs — each AP has its own full config. Fine for <10 APs. Doesn't coordinate channel assignment, roaming, or RF management between neighbors.
- Lightweight APs + WLC — APs boot, discover a WLC, and tunnel everything (CAPWAP) back to it. WLC handles auth, VLAN mapping, RRM (Radio Resource Management — automatic channel + power), and seamless client roaming between APs.
Modern enterprise: WLC-managed every time. Small office / home: autonomous (or a "controller-in-the-cloud" model from vendors like Meraki).
Security — the only acceptable modern choices
| Standard | Status | |---|---| | WEP | Don't. Broken since 2001. | | WPA (TKIP) | Don't. Deprecated. | | WPA2-PSK | OK for home / small office, with a strong passphrase. | | WPA2-Enterprise | Per-user authentication via RADIUS (802.1X). The standard for corporate. | | WPA3-Personal (SAE) | Replaces PSK — resists offline dictionary attacks. | | WPA3-Enterprise | Per-user 802.1X with stronger crypto. |
For enterprise: WPA2-Enterprise minimum, WPA3-Enterprise where supported. Always use 802.1X with EAP (typically PEAP or EAP-TLS) against your AD or RADIUS server.
How a client joins a WLAN
- Discovery — passive scan listens for beacons, active scan sends probe requests. Client finds the SSID.
- Association — client picks an AP (by signal, load, vendor heuristic) and associates with it.
- Authentication — open / PSK / 802.1X via EAP. WPA2/3 handshake establishes per-session keys.
- DHCP — client gets an IP, starts using the network.
A "roam" is the same dance to a new AP. Fast roaming standards (802.11r, OKC) reduce that to milliseconds.
What to remember
- AP = wireless switch port; WLC centrally manages many APs via CAPWAP.
- 2.4 GHz is crowded; 5 GHz is the workhorse; 6 GHz is the future.
- Use WPA2-Enterprise minimum; never WEP or plain WPA.
- An SSID can map to a specific VLAN — the AP bridges wireless frames into the matching tagged VLAN.