Interactive CCNA study tool for WLAN security mode selection, authentication vs encryption, and common exam traps.

802.11 Security Concepts

Wireless Security Builder

Build a wireless security stack and see CCNA-focused verdicts, rationale, and exam traps.

1. Scenario selector

2. Security mode selector

3. Authentication selector

4. Encryption selector

Verdict: Recommended

- Home/small office best practice is WPA2-Personal (AES/CCMP) or WPA3-Personal (SAE).

Security Stack

How this configuration layers together for CCNA reasoning.

Home Wi-Fi WLAN
-> Authentication: PSK
-> Key management: Pre-shared secret
-> Encryption: AES/CCMP
-> AAA/RADIUS: Not central AAA-driven
-> Client access policy: Apply role-based access and segmentation
-> Security mode: WPA2-Personal

Security mode comparison cards

Open

No encryption. Easy access. Not secure by itself.

WEP

Legacy and insecure. Do not use.

WPA / WPA-TKIP

Legacy transition mode. Avoid for modern WLANs.

WPA2-Personal

Uses PSK and AES/CCMP. Common for home and small office.

WPA2-Enterprise

Uses 802.1X and RADIUS. Common for enterprise employee WLANs.

WPA3-Personal

Uses SAE and improves password-based security over traditional PSK.

WPA3-Enterprise

Enterprise authentication with stronger modern protections.

Mini-game: category matcher

Match each term to its best category.

0/15 answered

PSK

SAE

802.1X

RADIUS

AES/CCMP

GCMP

TKIP

WEP/RC4

WPA2-Personal

WPA2-Enterprise

WPA3-Personal

WPA3-Enterprise

Open

MAC filtering

Captive portal only

Common CCNA traps

! WPA2-Personal uses a shared password (PSK).

! WPA2-Enterprise uses 802.1X with RADIUS.

! 802.1X is authentication, not encryption.

! AES/CCMP provides wireless encryption/integrity.

! TKIP is legacy and should be avoided.

! WEP is insecure.

! MAC filtering is not strong security.

! Captive portal is not the same as WPA2/WPA3 encryption.

! WPA3-Personal uses SAE instead of traditional PSK.

! Open Wi-Fi has no over-the-air encryption.