Wireless security is no longer optional—it's mandatory. On the CCNA 200-301 exam, you must understand the differences between WPA, WPA2, and WPA3, including their authentication methods, encryption ciphers, and vulnerabilities. This topic falls under exam objective 2.9: 'Describe wireless security protocols (WPA, WPA2, WPA3).' Real-world network engineers must deploy these protocols correctly to protect enterprise data from eavesdropping and unauthorized access. This chapter gives you the exact technical details Cisco expects you to know—no fluff.
Jump to a section
Imagine a hotel that issues keys to guests. In the early days (WEP), the hotel gave every guest the exact same metal key. If any guest copied that key, they could enter any room. That's WEP—a single static key shared by everyone, trivial to crack. WPA came next: the hotel installed electronic locks and gave each guest a unique key that changed every time they checked in. But the lock used an old cipher (TKIP) that could still be picked by a determined thief. WPA2 upgraded the lock to AES—a much stronger cipher that would take years to pick. However, the hotel still used a shared passphrase (the PSK) to generate each guest's unique key. If an attacker learned the passphrase, they could compute all the keys. WPA3 introduced Simultaneous Authentication of Equals (SAE): now the hotel uses a secure handshake where even if the attacker overhears the entire key exchange, they can't derive the passphrase. Moreover, each guest's key is unique per session, and forward secrecy ensures that even if the passphrase is later compromised, past sessions remain safe. This evolution from shared static keys to per-session, forward-secret handshakes mirrors the real progression from WEP to WPA3.
Wi-Fi Protected Access (WPA) is a family of security protocols designed to secure wireless networks. They replace the broken WEP (Wired Equivalent Privacy) standard. The CCNA exam expects you to know the key differences in authentication, encryption, and key management.
WPA (IEEE 802.11i draft): Introduced in 2003 as a stopgap. Uses TKIP (Temporal Key Integrity Protocol) for encryption, which is now deprecated. Authentication can be PSK (Pre-Shared Key) or 802.1X (Enterprise). WPA is considered insecure due to TKIP vulnerabilities.
WPA2 (IEEE 802.11i-2004): The standard since 2004. Uses CCMP (Counter Mode CBC-MAC Protocol) with AES encryption. Still widely used but vulnerable to KRACK (Key Reinstallation Attack) and offline dictionary attacks on PSK.
WPA3 (IEEE 802.11ax, 2018): The latest standard. Uses GCMP-256 (Galois/Counter Mode Protocol) for encryption and SAE (Simultaneous Authentication of Equals) for handshake. Provides forward secrecy and protection against dictionary attacks.
Authentication Methods
Both WPA2 and WPA3 support two modes: - Personal (PSK): Uses a pre-shared key (passphrase) for authentication. In WPA2, the PSK is used to derive the Pairwise Master Key (PMK). In WPA3, SAE replaces the vulnerable 4-way handshake. - Enterprise (802.1X): Uses a RADIUS server for authentication. WPA2-Enterprise uses EAP (Extensible Authentication Protocol). WPA3-Enterprise adds 192-bit security mode for government-grade networks.
Encryption Ciphers
TKIP: 128-bit RC4 stream cipher with per-packet key mixing and message integrity check (MIC). Deprecated—do not use.
CCMP (AES): 128-bit AES in CCM mode. Required for WPA2. Provides confidentiality, integrity, and authentication.
GCMP (AES): 256-bit AES in GCM mode. Used in WPA3 for stronger encryption.
Step-by-Step Handshake: WPA2-PSK
Discovery: Client sends Probe Request; AP responds with Probe Response containing security capabilities.
Authentication: Open system authentication (no real security—just a placeholder).
Association: Client sends Association Request; AP responds with Association Response.
4-Way Handshake: PMK is derived from PSK. Four EAPOL-Key frames are exchanged:
- Message 1: AP sends ANonce (AP nonce). - Message 2: Client sends SNonce (client nonce) and MIC (Message Integrity Code). Both sides compute PTK (Pairwise Transient Key). - Message 3: AP sends GTK (Group Temporal Key) and MIC. - Message 4: Client acknowledges. 5. Data Encryption: All subsequent data is encrypted with CCMP/AES.
Step-by-Step Handshake: WPA3-SAE
Discovery: Same as WPA2, but AP advertises WPA3 capabilities.
SAE Handshake (Dragonfly): Instead of the 4-way handshake using PSK, SAE uses a password-authenticated key exchange (PAKE). Both parties prove knowledge of the password without revealing it. The handshake is resistant to offline dictionary attacks.
4-Way Handshake: Still present but uses the PMK derived from SAE. Forward secrecy ensures that compromising the password does not decrypt past traffic.
Key Differences at a Glance
| Feature | WPA | WPA2 | WPA3 | |---------|-----|------|------| | Encryption | TKIP (RC4) | CCMP (AES-128) | GCMP (AES-256) | | Handshake | 4-way (PSK) | 4-way (PSK) | SAE + 4-way | | Forward Secrecy | No | No | Yes | | Dictionary Attack Resistance | No | No | Yes | | Enterprise Auth | 802.1X/EAP | 802.1X/EAP | 802.1X/EAP (192-bit optional) |
IOS CLI Verification Commands
On a Cisco wireless controller or access point, use these commands to verify security settings:
show wlan summary
show wlan security <wlan-id>
show ap config general <ap-name>Example output:
(Cisco Controller) >show wlan security 1
WLAN Profile Name............. corporate
SSID........................... corp-wifi
Security Policies:
Layer 2 Security.......... WPA2
Encryption................ AES (CCMP)
Authentication............ PSK
PSK Format................ ASCII
PSK (8-63 chars).......... <hidden>Common Misconfigurations
Mixing WPA and WPA2 on the same SSID (WPA/WPA2 mixed mode) is allowed but reduces security to the lowest common denominator.
Using TKIP for compatibility—Cisco recommends disabling TKIP entirely.
Weak PSK (e.g., dictionary words) makes WPA2 vulnerable to offline attacks.
Interaction with Other Protocols
802.1X: WPA2-Enterprise and WPA3-Enterprise use EAP over RADIUS. Common EAP types: PEAP, EAP-TLS, EAP-FAST.
802.11r (Fast Roaming): Works with WPA2 and WPA3 to reduce handshake latency during roaming.
802.11w (Protected Management Frames): Required for WPA3, optional for WPA2. Protects against deauthentication attacks.
Choose Security Mode (Personal vs Enterprise)
Decide whether to use PSK (Personal) or 802.1X (Enterprise). For small offices/home, PSK is simpler. For enterprises, 802.1X with RADIUS is required for scalability and per-user authentication. On a Cisco WLC, navigate to Security > WLANs > Edit > Security > Layer 2 to set the security mode. For PSK, select 'WPA2-PSK' or 'WPA3-PSK'. For Enterprise, select 'WPA2-Enterprise' or 'WPA3-Enterprise' and configure the RADIUS server.
Select Encryption Cipher (TKIP vs AES vs GCMP)
For WPA2, choose AES (CCMP). TKIP is deprecated and should never be used unless legacy devices require it. For WPA3, GCMP-256 is the default. On a Cisco WLC, under the same WLAN security settings, check 'AES' under Encryption. For WPA3, the controller automatically selects GCMP. Avoid mixed mode (WPA + WPA2) as it weakens security.
Configure PSK or RADIUS Server
If using PSK, enter a strong passphrase (20+ characters, mix of letters, numbers, symbols). On the WLC, go to Security > WLANs > Edit > Security > Layer 2, select 'WPA2-PSK' and enter the PSK. For Enterprise, configure the RADIUS server IP, shared secret, and authentication port (default 1812). Go to Security > AAA > RADIUS > Authentication to add the server.
Enable Protected Management Frames (802.11w)
WPA3 requires 802.11w, which protects deauthentication and disassociation frames. For WPA2, it's optional but recommended. On the WLC, go to Security > WLANs > Edit > Security > Layer 2 and enable 'Protected Management Frames'. Set to 'Required' for WPA3, 'Optional' for WPA2.
Verify Configuration with show Commands
Use 'show wlan summary' to list all WLANs. Use 'show wlan security <wlan-id>' to verify the security settings. Example output: 'Security Policies: Layer 2 Security.......... WPA2, Encryption................ AES (CCMP), Authentication............ PSK'. Also use 'show client detail <mac>' to see the security parameters negotiated for a connected client.
Test Connectivity and Perform Security Audit
Connect a client and verify successful association. Check that the client displays the correct security type (WPA2-PSK or WPA3-SAE). Use a wireless analyzer (e.g., Wireshark) to capture the 4-way handshake and ensure it's not exposing the PSK. For WPA3, verify that SAE handshake is used instead of the traditional 4-way. Check for any TKIP usage—if present, disable it immediately.
Enterprise Deployment Scenarios
Scenario 1: Retail Chain with Legacy Devices A retail company has 500 stores, each with legacy barcode scanners that only support WPA-TKIP. The network engineer must balance security with compatibility. The solution: create two SSIDs—one for legacy devices using WPA-TKIP (isolated VLAN) and one for corporate devices using WPA2-AES. This segmentation minimizes risk. However, the engineer must plan to phase out legacy devices within a year, as TKIP is no longer secure. The WLC configuration uses separate WLAN profiles with different security settings and VLAN mappings.
Scenario 2: University Campus with High Density A university deploys WPA2-Enterprise with PEAP-MSCHAPv2 across thousands of access points. Students authenticate using their university credentials via RADIUS. The problem: frequent deauthentication attacks due to lack of 802.11w. After upgrading to WPA3 with SAE, the network sees zero deauth attacks. However, some older laptops (pre-2018) cannot connect. The engineer configures a transitional SSID with WPA2-Enterprise for those devices, while encouraging upgrades. Performance considerations: WPA3 adds slight overhead in the handshake, but with modern hardware, the impact is negligible.
Scenario 3: Government Agency Requiring High Security A government office mandates WPA3-Enterprise with 192-bit security mode. The engineer configures the WLC to use a RADIUS server with EAP-TLS and client certificates. All APs must support WPA3 and be updated to the latest firmware. Misconfiguration scenario: if the RADIUS server is unreachable, clients fall back to open authentication? No—the AP will reject association. The engineer must ensure RADIUS redundancy and correct certificate validation. A common mistake is setting the PSK length too short—WPA3-PSK still requires a strong passphrase, but SAE prevents offline attacks.
What Happens When Misconfigured? - Using TKIP: network is vulnerable to packet injection and decryption (e.g., Michael attack). - Using WPA2-PSK with weak passphrase: attacker captures the 4-way handshake and cracks it offline. - Mixing WPA and WPA2: clients may negotiate WPA (TKIP) even if WPA2 is available. - Disabling 802.11w: attackers can send deauth frames to disconnect clients (DoS).
Exactly What CCNA 200-301 Tests
Exam objective 2.9: 'Describe wireless security protocols (WPA, WPA2, WPA3).' Expect multiple-choice questions that ask you to:
Identify the encryption cipher used by each protocol (TKIP for WPA, CCMP/AES for WPA2, GCMP/AES-256 for WPA3).
Recognize that WPA3 uses SAE (Simultaneous Authentication of Equals) instead of the PSK-based 4-way handshake.
Understand that WPA3 provides forward secrecy and protection against offline dictionary attacks.
Know that WPA2 is still widely used but vulnerable to KRACK and dictionary attacks.
Differentiate between Personal (PSK) and Enterprise (802.1X) modes.
Common Wrong Answers and Why
'WPA3 uses TKIP for backward compatibility.' Wrong—WPA3 mandates GCMP-256 and does not support TKIP. TKIP is only in WPA and optional in early WPA2. Candidates confuse 'compatibility' with 'mixed mode'.
'WPA2-Enterprise uses the same 4-way handshake as WPA2-Personal.' Partially true—the 4-way handshake is the same, but the PMK is derived differently (from RADIUS vs PSK). The exam may test the distinction that Enterprise uses 802.1X for authentication, not the PSK.
'WPA3 eliminates the need for a strong passphrase.' False—SAE prevents offline dictionary attacks, but a weak passphrase can still be guessed online (brute force). The handshake is resistant to offline cracking, but the password itself should still be strong.
'WPA2 is completely secure.' No—KRACK attack (2017) exploits the 4-way handshake to reinstall keys. WPA3 fixes this.
Specific Values and Commands
Encryption: TKIP (128-bit RC4), CCMP (128-bit AES), GCMP (256-bit AES).
Handshake: WPA2 uses 4-way EAPOL-Key exchange; WPA3 uses SAE (Dragonfly) + 4-way.
Default PSK length: 8-63 ASCII characters (Cisco allows up to 63).
Protected Management Frames: Required for WPA3, optional for WPA2.
Command: show wlan security <id> to verify encryption and authentication.
Decision Rule for Scenario Questions
If the question asks 'Which protocol provides forward secrecy?' → WPA3. If it asks 'Which protocol is vulnerable to offline dictionary attacks?' → WPA2-PSK. If it asks 'Which encryption cipher does WPA2 use?' → CCMP/AES. If it asks about a handshake that prevents dictionary attacks → SAE (WPA3).
WPA uses TKIP (RC4) encryption; WPA2 uses CCMP (AES-128); WPA3 uses GCMP (AES-256).
WPA3 introduces SAE (Simultaneous Authentication of Equals) to replace the PSK-based 4-way handshake.
WPA3 provides forward secrecy: compromising the password does not decrypt past traffic.
WPA2-PSK is vulnerable to offline dictionary attacks if the passphrase is weak.
Protected Management Frames (802.11w) are required for WPA3, optional for WPA2.
Enterprise mode (802.1X) can be used with WPA2 or WPA3 for per-user authentication via RADIUS.
TKIP is deprecated and should not be used; Cisco recommends disabling mixed mode.
WPA3 uses a 256-bit encryption key compared to WPA2's 128-bit.
These come up on the exam all the time. Here's how to tell them apart.
WPA2-PSK
Uses 4-way handshake with PSK-derived PMK
Encryption: CCMP (AES-128)
Vulnerable to offline dictionary attacks
No forward secrecy
Protected Management Frames optional
WPA3-SAE (Personal)
Uses SAE handshake (Dragonfly) + 4-way
Encryption: GCMP (AES-256)
Resistant to offline dictionary attacks
Provides forward secrecy
Protected Management Frames required
Mistake
WPA3 is backward compatible with WPA2 devices.
Correct
WPA3 is not backward compatible. Devices must support WPA3 to connect to a WPA3-only network. However, many access points support 'transition mode' that offers both WPA2 and WPA3 simultaneously.
Candidates think 'newer' means 'backward compatible', but WPA3 uses a different handshake (SAE) that older hardware cannot perform.
Mistake
WPA2-Enterprise is more secure than WPA3-Personal.
Correct
Not necessarily. WPA3-Personal provides stronger security than WPA2-Enterprise in some aspects (e.g., forward secrecy, protection against dictionary attacks). However, Enterprise mode adds per-user authentication and centralized management.
Candidates often equate 'Enterprise' with 'more secure', but the protocol version matters more.
Mistake
WPA3 uses the same 4-way handshake as WPA2.
Correct
WPA3 still uses a 4-way handshake, but it is preceded by an SAE handshake that derives the PMK. The 4-way handshake itself is similar, but the key derivation is different.
Candidates hear '4-way handshake' and assume it's identical, missing the SAE addition.
Mistake
WPA3 eliminates the need for a RADIUS server in Enterprise mode.
Correct
WPA3-Enterprise still requires a RADIUS server for authentication. The 192-bit security mode is an optional enhancement, not a replacement.
Candidates may think WPA3's improvements make 802.1X unnecessary, but authentication still requires a backend.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
WPA2-PSK (Personal) uses a pre-shared key (passphrase) for authentication. All clients use the same key. WPA2-Enterprise uses 802.1X with a RADIUS server, providing unique credentials per user (e.g., username/password or certificates). Enterprise is more scalable and secure because the key is not shared. On the exam, remember that WPA2-Enterprise still uses the same 4-way handshake, but the PMK comes from RADIUS, not the PSK.
Yes, if the WPA3 device supports WPA2 backward compatibility (most do). However, the connection will use WPA2, not WPA3. The device will negotiate the highest common security protocol. If the network is WPA3-only (no transition mode), WPA2 devices cannot connect. For exam purposes, know that WPA3 is not backward compatible with WPA2 in terms of handshake; transition mode allows both.
SAE (Simultaneous Authentication of Equals) is a password-authenticated key exchange used in WPA3. Unlike WPA2-PSK, where the PSK is directly used in the 4-way handshake (vulnerable to offline dictionary attacks), SAE uses a zero-knowledge proof: both parties prove knowledge of the password without revealing it. This prevents an attacker from capturing the handshake and cracking the password offline. SAE also provides forward secrecy.
Yes, TKIP is an optional encryption cipher in WPA2 for backward compatibility with older devices. However, it is deprecated and considered insecure. Cisco recommends disabling TKIP and using only AES (CCMP). On the exam, know that WPA2 requires CCMP for certification, but TKIP may be present in mixed mode.
KRACK (Key Reinstallation Attack) exploits a vulnerability in the 4-way handshake of WPA2. An attacker forces the reinstallation of an already-in-use key by replaying message 3 of the handshake. This can lead to decryption of packets. WPA3 is not vulnerable because it uses SAE. The fix for WPA2 is to update client and AP firmware. The exam may test that KRACK affects WPA2, not WPA3.
Use the 'show wlan security <wlan-id>' command. Example: 'show wlan security 1'. Look for 'Layer 2 Security' (WPA2, WPA3, etc.), 'Encryption' (AES, GCMP), and 'Authentication' (PSK, 802.1X). For client-specific details, use 'show client detail <mac>' to see negotiated encryption and authentication methods.
The PSK can be 8 to 63 ASCII characters. For hexadecimal, it can be 64 hex characters. Cisco recommends using a passphrase of at least 20 characters with a mix of character types. The exam may test the exact range (8-63 ASCII).
You've just covered WPA, WPA2, and WPA3 — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?