However, AES is the preferred algorithm to be used when securing a wireless network, because it’s one of the industry-standard algorithms and conforms with the IEEE 802.11i standard.

AES has the same functions as TKIP, but uses additional data from the MAC header the allows destination hosts to recognize if the non-encrypted bits have been tampered and also adds a sequence number to the encrypted data header.

Cisco’s division for Small Office Home Office (SOHO) wireless equipment is Linksys. In Linksys APs you may not see WPA or WPA2, instead, you may see something called pre-shared key (PSK). The equivalent PSKs are the following:

  • PSK or PSK2 with TKIP is the same as WPA
  • PSK or PSK2 with AES is the same as WPA2
  • PSK2 without an encryption method specified is the same as WPA2

Securing a wireless LAN can be made in three steps:

  • Disable SSID broadcast from APs
  • Enable MAC address filtering and allow only known clients.
  • Implement WPA2 (or at least WPA)

Be careful, implementing only the first two security methods does not provide enough security for your network. SSIDs can be discovered with special software, such as Netstumbler, even if they are not broadcasted, and MAC addresses can be cloned.

We hope you found this CCNA topic covering Wireless LAN security in your preparation for taking the exam. Security is an important topic in networking and you should implement security policies every time you deploy a piece of network equipment in your live environment.