Wireless security is a make-or-break topic on the CCNA 200-301 exam, and the shift from WPA2 to WPA3 represents the most significant evolution in Wi-Fi protection in over a decade. As an engineer, you'll encounter both protocols in the field, and the exam (Objective 2.9) expects you to compare their mechanisms, identify vulnerabilities, and recommend the right solution for a given scenario. Understanding the differences isn't just about memorizing acronyms—it's about grasping how encryption, authentication, and key management actually work at the frame level, which is exactly what this chapter delivers.
Jump to a section
Imagine two bank vaults. The older WPA2 vault uses a single, permanent combination lock. Once you know the combination (the pre-shared key), you can enter the vault at any time, and every time you open the door, the same key is used. However, a clever thief could watch you enter the combination, record it, and later replay that exact sequence to break in. This is analogous to the KRACK attack on WPA2, where an attacker captures the 4-way handshake and forges messages to decrypt traffic.
Now consider the newer WPA3 vault. It uses a time-lock safe that generates a unique temporary code each time you authenticate. You still need a master password to start, but the safe and you perform a cryptographic dance—called Simultaneous Authentication of Equals (SAE)—to derive a one-time session key. Even if a thief records the entire authentication exchange, they cannot compute the master password because the exchange is resistant to offline dictionary attacks. Moreover, each session gets its own key, so capturing one session's key doesn't compromise past or future sessions—this is forward secrecy.
In both cases, the vault protects valuables, but the WPA3 mechanism fundamentally changes the attack surface: no more passive eavesdropping to crack the password, no more replay of handshake messages, and no more retroactive decryption of old traffic if the master password is later compromised. The exam tests whether you understand that WPA3's strength comes from the SAE handshake (not just a bigger key) and that WPA2's vulnerability is in its use of a static PMKID and a handshake that can be captured offline.
Wi-Fi Protected Access 2 (WPA2) and WPA3 are security protocols defined by the Wi-Fi Alliance to protect wireless networks. WPA2, introduced in 2004, became the de facto standard for over a decade. It uses the Advanced Encryption Standard (AES) with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for encryption. WPA3, released in 2018, replaces WPA2 and introduces significant improvements, most notably the Simultaneous Authentication of Equals (SAE) handshake, also known as the Dragonfly Key Exchange. The CCNA 200-301 exam objective 2.9 requires you to compare these two protocols across authentication, encryption, key management, and vulnerability profiles.
How WPA2 Works: The 4-Way Handshake
WPA2 operates in two modes: Personal (PSK) and Enterprise (802.1X). In Personal mode, a pre-shared key (PSK) is used to derive the Pairwise Master Key (PMK). The PMK is then used in a 4-way handshake to generate session keys. Here's the step-by-step frame-level process:
Association: The client associates with the access point (AP).
EAPOL-Key Frame 1 (AP to Client): The AP sends an EAPOL-Key frame containing an ANonce (AP nonce).
EAPOL-Key Frame 2 (Client to AP): The client generates an SNonce (supplicant nonce) and computes the Pairwise Transient Key (PTK) using the PMK, ANonce, SNonce, and MAC addresses. The client sends its SNonce and a Message Integrity Code (MIC) to the AP.
EAPOL-Key Frame 3 (AP to Client): The AP computes the PTK and verifies the MIC. It then sends the GTK (Group Temporal Key) encrypted with the PTK, along with another MIC.
EAPOL-Key Frame 4 (Client to AP): The client acknowledges receipt, and encrypted data communication begins.
The PTK is used for unicast traffic, while the GTK is used for multicast/broadcast traffic. The entire handshake is transmitted in plaintext (except the GTK in frame 3), making it vulnerable to capture. An attacker who captures all four frames can attempt offline dictionary attacks to recover the PSK, because the PMK is derived directly from the PSK.
How WPA3 Works: The SAE Handshake
WPA3 replaces the 4-way handshake with SAE, which uses a password-authenticated key exchange based on the Dragonfly protocol. SAE is resistant to offline dictionary attacks because the password is never directly transmitted; instead, it is used to generate a secret element on both sides. The handshake proceeds as follows:
Commit Phase: Both the client and AP generate a random scalar and a random element (based on the password). They exchange these commit messages. The commit messages contain the scalar and a salted hash of the element, but not the password itself.
Confirm Phase: Both parties compute a shared secret (the Pairwise Master Key, PMK) using the exchanged scalars and elements. They then send a confirmation message that proves they derived the same PMK. The confirmation is a hash of the PMK and other parameters.
Key Derivation: Once confirmed, the PMK is used to derive session keys (PTK and GTK) via a 4-way handshake similar to WPA2, but now the PMK is cryptographically strong and resistant to offline attacks.
Because the commit messages do not reveal the password, an attacker cannot perform an offline dictionary attack even if they capture the entire SAE exchange. Additionally, WPA3 mandates the use of Protected Management Frames (PMF) to prevent deauthentication attacks.
Key Differences at a Glance
Authentication: WPA2 uses PSK or 802.1X; WPA3 uses SAE for Personal mode and 802.1X with EAP-TLS for Enterprise mode.
Encryption: Both use AES-CCMP (128-bit) by default. WPA3 also supports 192-bit encryption in Enterprise mode (WPA3-Enterprise 192-bit mode).
Key Management: WPA2 derives PMK directly from PSK; WPA3 uses SAE to derive a PMK that is resistant to offline dictionary attacks.
Forward Secrecy: WPA3 provides forward secrecy—if the long-term password is compromised, past session keys remain secure. WPA2 does not.
Vulnerabilities: WPA2 is vulnerable to KRACK (Key Reinstallation Attack) and offline dictionary attacks. WPA3 mitigates these by design.
IOS CLI Verification Commands
On Cisco wireless controllers (WLCs) and access points running AireOS or IOS-XE, you can verify security settings with the following commands:
show wlan summary
show wlan security <wlan-id>
show ap config general
show client detail <client-mac>Example output for a WLAN configured with WPA3:
(WLC) >show wlan security 1
WLAN ID 1
Security Policies:
Layer 2: WPA3-PSK (SAE)
Layer 3: None
PMF: Required
CCKM: Disabled
FT: Enabled
Encryption: AES (CCMP128)For client details:
(WLC) >show client detail 00:11:22:33:44:55
Client MAC Address ........................ 00:11:22:33:44:55
AP MAC Address ........................ 00:aa:bb:cc:dd:ee
WLAN Profile .......................... Corporate
Security ............................. WPA3-PSK (SAE)
Encryption ........................... AES-CCMP
PMF .................................. Required
EAP Type ............................. N/AInteraction with Related Protocols
PMF (Protected Management Frames): WPA3 requires PMF, which protects deauthentication and disassociation frames using AES-CCMP encryption. WPA2 supports PMF only optionally (802.11w).
FT (Fast Transition): WPA3 supports Fast Transition (802.11r) to reduce roaming latency. In WPA2, FT is optional.
WPS (Wi-Fi Protected Setup): WPA3 disables WPS due to its vulnerability to PIN brute-force attacks. WPA2 often had WPS enabled by default, leading to easy compromise.
Opportunistic Wireless Encryption (OWE): WPA3 introduces OWE for open networks, providing encryption without authentication (similar to Enhanced Open). This is not available in WPA2.
Exam Focus: What You Must Know
The CCNA 200-301 exam will test your ability to compare WPA2 and WPA3, especially in terms of security mechanisms. Expect scenario-based questions where you must choose the correct protocol for a given requirement. Key points:
WPA3 uses SAE, which prevents offline dictionary attacks.
WPA2 is vulnerable to KRACK because the 4-way handshake can be manipulated to reinstall an already-used key.
WPA3 mandates PMF; WPA2 does not.
WPA3-Enterprise 192-bit mode is for high-security environments (e.g., government).
Legacy devices that do not support WPA3 can only connect to WPA2 networks.
Common trap: Candidates think WPA3 is simply "WPA2 with a longer key" or that it uses a different encryption algorithm. In reality, both use AES-CCMP; the key difference is the authentication handshake.
Identify the Security Mode
First, determine whether the wireless network uses Personal (PSK) or Enterprise (802.1X) mode. On the CCNA exam, you'll often be given a scenario describing a small office (Personal) or a corporate environment (Enterprise). For Personal mode, WPA2 uses PSK; WPA3 uses SAE. For Enterprise mode, both can use 802.1X, but WPA3 requires EAP-TLS for 192-bit mode. Use the `show wlan security` command on a WLC to verify the configured authentication method.
Examine the Handshake Mechanism
WPA2 uses a 4-way handshake that transmits nonces and MICs in plaintext. An attacker can capture these frames and attempt offline dictionary attacks. WPA3 uses SAE (Dragonfly) with a commit-confirm exchange that never reveals the password. The SAE handshake is resistant to offline attacks because the password is used only to generate a secret element, not transmitted. On the exam, know that SAE is the defining feature of WPA3-Personal.
Check Encryption and Key Management
Both WPA2 and WPA3 use AES-CCMP (128-bit) for encryption by default. However, WPA3-Enterprise offers a 192-bit mode using AES-GCMP. Key management differs: WPA2 derives the PMK directly from the PSK, while WPA3 derives it via SAE, providing forward secrecy. This means that if the PSK is compromised, WPA3 past sessions remain secure; WPA2 sessions can be decrypted. Use `show client detail` to see the encryption cipher in use.
Verify Protected Management Frames (PMF)
WPA3 mandates PMF (802.11w) to protect management frames like deauthentication and disassociation. WPA2 makes PMF optional. On a WLC, you can check PMF status with `show wlan security <wlan-id>`. Look for 'PMF: Required' for WPA3. If PMF is not enabled, the network is vulnerable to deauth attacks. For exam questions, remember that PMF is a requirement for WPA3 certification.
Assess Vulnerability to KRACK and Dictionary Attacks
WPA2 is vulnerable to KRACK (Key Reinstallation Attack) because the 4-way handshake can be manipulated to force a nonce reuse. WPA3's SAE handshake prevents this because the key is derived from a mutual authentication that does not reuse nonces. Additionally, WPA2 PSK can be cracked offline if the handshake is captured; WPA3 SAE prevents offline dictionary attacks. The exam will test your ability to identify which protocol is susceptible to these attacks.
Decide on Deployment Based on Device Compatibility
WPA3 is backward compatible with WPA2 through a mixed mode (WPA2/WPA3 transition mode). However, for maximum security, you should use WPA3-only if all clients support it. The exam may present a scenario with legacy devices that only support WPA2. In that case, you must choose WPA2 or a mixed mode. Use `show ap config general` to check AP capabilities. Remember that WPA3 requires hardware support (802.11ac Wave 2 or later).
In a real enterprise environment, the choice between WPA2 and WPA3 often comes down to device lifecycle and security posture. Consider a university campus with thousands of student devices. Many older laptops and IoT devices may only support WPA2. A network engineer would deploy a mixed-mode SSID (WPA2/WPA3 transition) to allow legacy devices while enabling WPA3 for newer ones. However, this reduces security to the lowest common denominator—attackers can still target WPA2 clients. A better approach is to segment the network: create a WPA3-only SSID for modern devices (e.g., faculty laptops) and a separate WPA2-only SSID for legacy devices, with additional security controls like client isolation and ACLs.
Another scenario is a government agency requiring high security. Here, WPA3-Enterprise 192-bit mode is ideal, using EAP-TLS with certificates and AES-GCMP-256 encryption. The engineer must ensure that all APs and clients support this mode, which often requires hardware upgrades. The 192-bit mode provides stronger encryption and is compliant with standards like CNSA (Commercial National Security Algorithm Suite).
A common misconfiguration is enabling WPA3 without PMF. Without PMF, an attacker can send forged deauthentication frames, disconnecting clients. On Cisco WLCs, PMF is set to 'Required' for WPA3, but if the network is in transition mode, PMF may be set to 'Optional' for backward compatibility. This is a frequent source of security gaps. Always verify PMF status using show wlan security.
Performance considerations: WPA3's SAE handshake is computationally heavier than WPA2's 4-way handshake. On high-density networks with many client associations per second (e.g., stadiums), this can cause CPU spikes on APs. Engineers should test with a pilot deployment before full rollout. Additionally, some older APs cannot handle SAE in hardware and must fall back to software, increasing latency. Cisco recommends APs with at least 802.11ac Wave 2 for WPA3 support.
When misconfigured, the most common issue is clients failing to connect. For example, if PMF is set to 'Required' but a client does not support it, the client will be rejected. The engineer must check client capabilities and adjust the WLAN profile accordingly. Logs on the WLC will show authentication failures with reason codes like 'PMF required but client does not support'. Troubleshooting involves checking the client's wireless adapter settings and the WLC's PMF configuration.
The CCNA 200-301 exam objective 2.9 specifically requires you to 'Compare WPA2 and WPA3 security protocols'. This means you must know the key differences in authentication, encryption, key management, and vulnerabilities. Expect multiple-choice questions that present a scenario (e.g., 'A company wants to prevent offline dictionary attacks on their Wi-Fi password. Which protocol should they use?') and ask you to select the correct protocol or feature.
Common wrong answers and why candidates choose them: 1. 'WPA3 uses a longer encryption key than WPA2.' – Wrong. Both use AES-CCMP 128-bit by default. WPA3-Enterprise offers 192-bit, but not Personal. Candidates confuse key length with handshake strength. 2. 'WPA3 is vulnerable to KRACK because it still uses a 4-way handshake.' – Wrong. WPA3 uses SAE for authentication, not the vulnerable 4-way handshake. The 4-way handshake in WPA3 occurs after SAE, but with a strong PMK. Candidates think the handshake is the same. 3. 'WPA2 with AES is as secure as WPA3.' – Wrong. WPA2's PSK is vulnerable to offline dictionary attacks and KRACK, regardless of encryption. Security is about authentication, not just encryption. 4. 'WPA3 requires 802.1X authentication.' – Wrong. WPA3 Personal uses SAE, not 802.1X. Enterprise mode uses 802.1X. Candidates confuse the two modes.
Specific values and defaults:
WPA2 PSK minimum length: 8 characters (but 20+ recommended).
WPA3 Personal uses SAE (Dragonfly) with a 128-bit PMK derived from the password.
WPA3-Enterprise 192-bit mode uses AES-GCMP-256 for encryption and ECDHE-384 for key exchange.
PMF is 'Required' for WPA3, 'Optional' for WPA2.
The SAE commit message includes a scalar and an element (hash).
Decision rule for scenario questions: If the scenario mentions 'offline dictionary attack resistance', 'KRACK mitigation', or 'forward secrecy', the answer is WPA3. If the scenario mentions 'legacy device compatibility' or 'low computational overhead', the answer is WPA2. For 'government-grade security', choose WPA3-Enterprise 192-bit.
Elimination strategy: Eliminate any answer that claims WPA3 uses a different encryption cipher than AES-CCMP for Personal mode (it doesn't). Eliminate any answer that says WPA2 provides forward secrecy (it doesn't). Eliminate any answer that says WPA3 is vulnerable to KRACK (it isn't).
WPA3 uses SAE (Simultaneous Authentication of Equals) for Personal mode, replacing WPA2's PSK 4-way handshake.
SAE prevents offline dictionary attacks because the password is never transmitted; only a derived secret is exchanged.
WPA3 mandates Protected Management Frames (PMF) (802.11w); WPA2 makes it optional.
Both WPA2 and WPA3 Personal use AES-CCMP 128-bit encryption by default.
WPA3 provides forward secrecy: compromising the password does not decrypt past sessions.
WPA2 is vulnerable to KRACK (Key Reinstallation Attack) and offline dictionary attacks; WPA3 is not.
WPA3-Enterprise 192-bit mode uses AES-GCMP-256 and ECDHE-384 for high-security environments.
These come up on the exam all the time. Here's how to tell them apart.
WPA2
Authentication: PSK or 802.1X (4-way handshake)
Encryption: AES-CCMP 128-bit
Key Management: PMK derived directly from PSK
Vulnerabilities: KRACK, offline dictionary attacks
PMF: Optional (802.11w)
WPA3
Authentication: SAE (Personal) or 802.1X (Enterprise)
Encryption: AES-CCMP 128-bit (Personal); AES-GCMP 192-bit (Enterprise 192-bit mode)
Key Management: PMK derived via SAE, forward secrecy
Vulnerabilities: None known; resistant to KRACK and offline attacks
PMF: Required
Mistake
WPA3 uses a longer key than WPA2, making it more secure.
Correct
WPA3 Personal uses the same 128-bit AES-CCMP encryption as WPA2. The security improvement comes from the SAE handshake, not key length. Only WPA3-Enterprise 192-bit mode uses a longer key (192-bit).
Candidates assume 'newer = bigger key' without understanding the handshake mechanism.
Mistake
WPA3 is backward compatible with WPA2 devices without any configuration.
Correct
WPA3 is not backward compatible natively. To support legacy devices, you must configure a mixed WPA2/WPA3 transition mode on the AP, which reduces security for all clients.
Candidates think WPA3 can automatically fall back to WPA2, but it requires explicit configuration.
Mistake
WPA3 uses a 4-way handshake just like WPA2.
Correct
WPA3 uses SAE (Dragonfly) for authentication, which is a commit-confirm exchange. After SAE, a 4-way handshake is used to derive session keys, but the PMK is already strong and resistant to offline attacks.
Candidates see the term 'handshake' and assume it's identical to WPA2's vulnerable process.
Mistake
WPA2 is secure if you use a long, complex password.
Correct
Even with a strong password, WPA2's 4-way handshake can be captured and subjected to offline dictionary attacks. The password strength only makes the attack slower, but not impossible. WPA3 eliminates this attack vector entirely.
Candidates think password complexity alone is sufficient, ignoring protocol-level vulnerabilities.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
No, WPA3 devices cannot connect to a WPA2-only network because the authentication handshake (SAE vs. 4-way) is incompatible. However, most WPA3 devices support WPA2 as a fallback if the network is configured in mixed mode (WPA2/WPA3 transition). The device will negotiate the highest common protocol. On the exam, remember that backward compatibility requires explicit configuration on the AP.
WPA3 requires hardware that supports the SAE handshake and PMF. Most 802.11ac Wave 2 and all 802.11ax (Wi-Fi 6) access points support WPA3. Older 802.11n or early 802.11ac Wave 1 APs may not. Check the AP's datasheet for WPA3 certification. Cisco APs like the 2800/3800 series support WPA3 with a software upgrade, while older 1700/2700 series do not.
WPA3-Personal uses SAE (Dragonfly) for authentication with a pre-shared key, providing resistance to offline dictionary attacks. WPA3-Enterprise uses 802.1X with EAP-TLS (mandatory for 192-bit mode) and offers additional security features like 192-bit encryption and certificate-based authentication. Enterprise mode is for organizations that require individual user authentication and stronger encryption.
As of this writing, no practical attacks against WPA3's core SAE handshake have been demonstrated. However, some side-channel attacks (e.g., timing attacks) have been theorized but require physical proximity and are not practical. WPA3 also mitigates KRACK and dictionary attacks. The biggest risk is misconfiguration, such as using a weak password or disabling PMF.
WPA3 introduces Opportunistic Wireless Encryption (OWE), also known as Enhanced Open. OWE provides per-client encryption without requiring a password, using Diffie-Hellman key exchange. This prevents passive eavesdropping on open networks. WPA2 does not offer this; open WPA2 networks transmit all traffic in plaintext.
Protected Management Frames (PMF) encrypt management frames like deauthentication, disassociation, and beacon frames. WPA3 requires PMF to prevent denial-of-service attacks where an attacker sends fake deauth frames. In WPA2, PMF is optional (802.11w), so many WPA2 networks are vulnerable to such attacks.
Yes, WPA3-Enterprise uses 802.1X authentication with a RADIUS server. The client and RADIUS server perform EAP authentication (e.g., EAP-TLS, EAP-PEAP). After successful authentication, the RADIUS server derives a PMK and sends it to the AP. The AP and client then perform an SAE handshake (in WPA3) or a 4-way handshake (in WPA2). In WPA3-Enterprise, the handshake is the same SAE process, but the PMK comes from the RADIUS server.
You've just covered WPA2 vs WPA3: Wireless Security Comparison — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?