Interactive CCNA study tool for WLAN security mode selection, authentication vs encryption, and common exam traps.
Wireless Security Builder
Build a wireless security stack and see CCNA-focused verdicts, rationale, and exam traps.
1. Scenario selector
2. Security mode selector
3. Authentication selector
4. Encryption selector
Verdict: Recommended
- Home/small office best practice is WPA2-Personal (AES/CCMP) or WPA3-Personal (SAE).
Security Stack
How this configuration layers together for CCNA reasoning.
Security mode comparison cards
Open
No encryption. Easy access. Not secure by itself.
WEP
Legacy and insecure. Do not use.
WPA / WPA-TKIP
Legacy transition mode. Avoid for modern WLANs.
WPA2-Personal
Uses PSK and AES/CCMP. Common for home and small office.
WPA2-Enterprise
Uses 802.1X and RADIUS. Common for enterprise employee WLANs.
WPA3-Personal
Uses SAE and improves password-based security over traditional PSK.
WPA3-Enterprise
Enterprise authentication with stronger modern protections.
Mini-game: category matcher
Match each term to its best category.
PSK
SAE
802.1X
RADIUS
AES/CCMP
GCMP
TKIP
WEP/RC4
WPA2-Personal
WPA2-Enterprise
WPA3-Personal
WPA3-Enterprise
Open
MAC filtering
Captive portal only
Common CCNA traps
! WPA2-Personal uses a shared password (PSK).
! WPA2-Enterprise uses 802.1X with RADIUS.
! 802.1X is authentication, not encryption.
! AES/CCMP provides wireless encryption/integrity.
! TKIP is legacy and should be avoided.
! WEP is insecure.
! MAC filtering is not strong security.
! Captive portal is not the same as WPA2/WPA3 encryption.
! WPA3-Personal uses SAE instead of traditional PSK.
! Open Wi-Fi has no over-the-air encryption.