20 MHz Channel

The default bandwidth used by 2.4GHz wireless networks. When a Wi-Fi access point and all associated
clients can support a 40 MHz channel, higher throughput is possible by combining channels. Whenever
another access point that does not support 40 MHz channels is present, or if a legacy client is present, then
all devices must use 20 MHz channels.

40 MHz Channel
Newer access points and clients can use 40 MHz channels in the 2.4 GHz range to obtain higher
throughputs. As long as all devices within the network can support this then the network can use 40 MHz
channels, but if any legacy device is present, the entire network must fall back to using a 20 MHz channel.

802.11
The IEEE committee and the set of standards maintained by the IEEE for wireless networking.

802.11a
The IEEE standard for wireless networking in the 5 GHz range. 802.11a networks can support up to 54
Mbps throughput and operate in the UNII bands.

802.11ac
The IEEE standard for wireless networking in the 5 GHz range. 802.11ac networks can support up to 1
Gbps throughput using multiple channels, 500 Mbps using a single channel, and operate in the UNII bands.
It will use 80 and 160 MHz channels and MIMO to achieve higher throughput rates.

802.11b
The IEEE standard for wireless networking in the 2.4 GHz range. 802.11b networks support up to 11 Mbps
throughput and operate in the ISM band.

802.11d
The IEEE standard for wireless networking that addresses the Media Access Control (MAC) layer to
comply with rules in each country.

802.11e
The IEEE standard for wireless networking Quality of Service (QoS) on 802.11 a, b, and g networks.

802.11g
The IEEE standard for wireless networking in the 2.4 GHz range. 802.11g networks support up to 54 Mbps
throughput and operate in the ISM band.

802.11h
The IEEE standard for wireless networking that sets the requirements for Dynamic Frequency Selection
(DFS) and Transmit Power Control (TPC) so that Wi-Fi devices can coexist in the same UNII frequency
ranges as other 5 GHz devices.

802.11i
The IEEE standard for wireless networking security, using AES encryption, authentication using 802.1x,
and data integrity.

802.11j
The IEEE standard for wireless networking to meet the legal requirements within Japan. These include
power, frequency, and operational characteristics of wireless networks.

802.11n
The IEEE standard for wireless networking that can use both the 2.4 GHz and 5 GHz ranges, with MIMO.
802.11n compatible access points and clients can support throughput rates of up to 600 Mbps, and clients
are backwards compatible with older access points that can only do 802.11 a, b, or g.

802.1x
An IEEE standard for port-based authentication to the network. It can be used in Ethernet switches to
restrict access to the wired network as well as in wireless access points to restrict access to the Wi-Fi
network. 802.1x can use username/password or certificates to authenticate to the network. It is typically
used in combination with wireless encryption schemes to provide confidentiality and integrity.

Access Point
A device that acts as the bridge between wireless clients and the wired network. Often abbreviated as AP.

Ad Hoc Mode
A peer to peer mode of networking using Wi-Fi networking but no access point. Ad Hoc networks can
include more than two devices.

AES
The Advanced Encryption Standard is a symmetric block encryption protocol used in WPA2 and other
protocols to encrypt data with a high degree of protection and a low CPU overhead.

Aggregation
Combining multiple channels (even across bands) to obtain higher overall throughput. See also channel
bonding.

AP
Abbreviation for Access Point.

Association
The process a client goes through to begin exchanging data with an Access Point. A client will listen for
beacons from an AP for the SSID that it wants to use, and then will exchange hello packets with the AP
with the strongest signal and/or supported data rates. Association can be open, or can require a pre-shared
key. Once associated, the client may be required to successfully authenticate before the AP will pass data
between the client and the rest of the network.

Authentication
A client may be required to authenticate to the wireless network before it can pass data between itself and
other hosts. Authentication can be open, but can also require a certificate, username/password, or preshared key.

Beacon
A beacon is transmitted by an AP ten times per second, and advertises the existence of the AP on a
particular channel or channels. It includes information needed by clients to associate and may include the
ESSID, the supported channels and data rates, and whether it is open or requires authentication.

Bluetooth
A standard for short range wireless connectivity between devices, used with mice, keyboards, mobile
phones, printers, speakers, and more. Bluetooth uses frequencies in the same ISM band as 802.11b and g
Wi-Fi networks.

Bridge

A network device that interconnects two dissimilar network types. An AP can act as a bridge between the
wired and wireless networks, but can also serve as a wireless connection between two wired segments.
See Workgroup Bridge.

BSSID
BSSID stands for Basic Service Set Identifier and is the MAC address of the AP.

Captive Portal
In wireless networking, a captive portal is a process running on an AP that can intercept and redirect clients
who have associated to a web page where they must agree to terms of service, provide a password, or
even purchase access. These are common in hotels, airports, guest networks, and other locations that offer
Internet access but want to charge a fee, restrict it to authorized users, or require the user to accept their
AUP. See hotspot.

Channel
A channel is the network path for wireless transmissions. Each Wi-Fi standard has numerous channels,
each of which is a central frequency. There are 11 channels in 802.11b and g networks in the United States
and Canada; 14 in most other countries. There are 9 channels in 802.11a networks in the United States,
with various counts for other regions of the world. Some countries including the US can have additional
channels in the 5 GHz range if they employ DFS. Channels have a bandwidth-the greater the bandwidth,
the greater the potential throughput. See 20 MHz and 40 MHz channels.

Channel Bonding
In 802.11b and g networks, multiple channels can be combined to obtain greater throughput when all
access points and clients can support it. See also aggregation.

Closed Network
A closed network requires users to have authentication information before they can get onto the network.

Collision Avoidance
Collision avoidance (CA) is the method wireless devices typically employ to ensure data transmissions do
not interfere with others. CA schemes can use a Clear to Send/Ready to Send (CTS/RTS) scheme where
they signal readiness to transmit data, but must wait to be acknowledged by a central controller (AP) before
transmitting actual data. Contrast this with Ethernet and its collision detection (CD) scheme where hosts
transmit and then listen to see if others are also transmitting, and then sending a jamming signal to indicate
a collision, and falling back a random period of time before trying again.

Concurrent Operation
Also called Dual Band, APs that can use both 2.4 and 5 GHz bands are capable of concurrent operation.
These can offer 802.11n capabilities to compatible clients while also servicing legacy clients using 802.11
b, g, and a.

Direct Sequence Spread Spectrum (DSSS)

DSSS is the modulation technique used by 802.11b networks to transmit data. It is resistant to interference,
and permits sharing of a channel amongst multiple purposes, however it requires more bandwidth to
transmit than the actual data being transmitted.

Diversity
Using multiple antennae to reduce interference and improve both transmission and reception of signals.

Dual-band
See Concurrent Operation.

EAP
The Extensible Authentication Protocol (EAP) can be used to provide authentication to the wireless network
when employing WPA-Enterprise and WPA2-Enterprise.

EAP-FAST
EAP-FAST is Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling. It is one
possible EAP scheme used in wireless networks for authentication. It is being promoted by Cisco as a
replacement for LEAP.

EAP-TLS
EAP-TLS is Extensible Authentication Protocol-Transport Layer Security. It is one possible EAP scheme
used in wireless networks for authentication, and uses client certificates. It is widely deployed across most
major Wi-Fi vendors.

EAP-TTLS/MS-CHAPv2
EAP-TTLS/MS-CHAPv2 is Extensible Authentication Protocol-Tunneled TLS using MSCHAPv2. It is one
possible EAP scheme used in wireless networks for authentication, and uses a username/password
(typically authenticated by Active Directory) to provide authentication.

ESSID
The Extended Service Set Identifier is the name of the wireless network, and is used by all APs that
provide access to the same infrastructure in an ESS. It can be advertised by APs in their beacons, or
suppressed so that clients must know the ESSID before associating with an AP. See ESS.

ESS
An extended service set (ESS) refers to a network with two or more APs working cooperatively. They share
access to the same VLAN, use the same SSID, and can support fast handoff between clients that move
from the coverage range of one AP to another.

Frequency Hopping Spread Spectrum (FHSS)

FHSS is the modulation technique used by Bluetooth and other technologies that use the same frequency
ranges as 802.11 networks. Transmissions hop across multiple frequencies several times per second, and
can work well at short ranges even in the presence of multiple competing systems trying to use the same
frequency ranges.

Hotspot
An AP set up specifically to provide Internet access to users. Hotspots are popular in coffee shops,
restaurants, and other publicly accessible locations, and usually do not require any authentication or offer
any encryption. They provide the convenience of free Internet access to attract customers.

ISM Band
The Industrial, Scientific, and Medical frequency bands are unlicensed bands used by a variety of devices
for wireless connectivity. In the 2.4 GHz ISM band, 802.11b and g network devices, Bluetooth devices,
NFC devices, baby monitors, and microwave ovens all compete for bandwidth.

Lightweight Extensible Authentication Protocol

LEAP was developed by Cisco to provide authentication to networks using WEP for encryption. It is
vulnerable to dictionary attacks and has been replaced by EAP-FAST.

MAC Address Filtering

An approach to restricting access to a wireless network by only permitting clients to connect if their MAC
address is on a list. MAC address filtering is not scalable, and since most wireless NICs can be configured
to use any MAC, easily defeated by anyone within range that can pick up transmissions from an authorized
client and simply use their MAC address.

MIMO
Multiple Input/Multiple Output signaling that uses several transceivers and antennae to improve throughput
and range of the wireless network. Both APs and clients can use MIMO, though it is most often a feature of
APs.

Network Name
See ESSID and SSID.

NFC
Near Field Communication is a technology used most often with mobile devices to exchange data based on
proximity, or even physical contact. NFC technology is being built into mobile phones for data transfer,
touch to pay technologies, and smartcard reading. NFC is also being incorporated into some APs to make
setting up a client easier. See WPS.

OFDM
Orthogonal frequency-division multiplexing is used by 802.11a, g, n, and ac standards using multiple carrier
frequencies. It is especially useful at obtaining higher throughput and overcoming interference in discrete
frequencies.

Open Network
An open wireless network permits association and authentication without requiring a passphrase,
certificate, or credentials. Open networks are often called hotspots and provide free Internet access to
anyone within range. Many coffee shops and restaurants will deploy these to attract customers. They may
still incorporate a captive portal. See hotspots.

Passphrase
A password or combination of words used to provide authentication to a wireless network WEP uses fixed
40 or 104 bit passphrases, while WPA and WPA2 can use arbitrary length passphrases.

Pre-shared Key
A pre-shared key (PSK) is a passphrase that is shared ahead of need. PSKs are typically used in WEP,
WPA, and WPA2 protected networks, where each client that wishes to join the network has the same PSK.

QoS

Quality of Service enables networks to prioritize certain traffic types above others, so that things which are
mission critical or latency sensitive gain preferred access to the network over things that are lower priority
or can tolerate delay. This is especially useful in Wi-Fi networks using voice or video; the quality of both
suffer when encountering latency. APs that offer QoS can provide more access to clients that need it than
to those that do not. See 802.11d.

Range
The distance between an AP and a client (or between two APs, see Workgroup Bridge) over which Wi-Fi
transmissions can be successful. The greater the range, the greater the attenuation of a signal and the
lower the overall throughput will be.

Repeater
A wireless network device that receives signals and retransmits them, without providing direct access to the
wired network. Repeaters are typically used to increase the range wireless networks can cover.

Roaming
In a wireless network with multiple APs, a client that is moving from the coverage area provided by one AP
to that provided by another is roaming. It must disassociate from the first AP before it can associate to the
next AP.

Rogue
A rogue client is one that attempts or succeeds in accessing a wireless network without authority to do so.
A rogue AP is one installed onto the wired network without authority, and can be a maliciously placed
device by someone attempting to penetrate the network, or by a non-malicious user who simply wanted to
get wireless access to the wired network but did not involve IT or go through appropriate processes.

Router
In the context of SOHO, a wireless router is an AP that also performs Internet connection sharing, and can
run a DHCP service, a captive portal service,

SSID
The Service Set Identifier (SSID) is the name of the wireless network. It can be contained in the beacons
sent out by APs, or it can be hidden so that clients who wish to associate must first know the name of the
network. Early security guidance was to hide the SSID of your network, but modern networking tools can
detect the SSID by simply watching for legitimate client association, as SSIDs are transmitted in cleartext.

TKIP

The Temporal Key Integrity Protocol was developed as a replacement for WEP but is no longer considered
secure and has been removed from 802.11 standards. See WPA.

TLS
Transport Layer Security is a protocol designed to encrypt and authenticate all kinds of network traffic at
the transport layer, and is the successor to SSL. It uses certificates to exchange public keys, which are
then used to encrypt session keys.

UNII Band
The Unlicensed National Information Infrastructure radio bands include frequencies in the 5 GHz range
used by 802.11a, n, and ac standards.

WAP
WAP can refer to the Wireless Application Protocol, or can be used to mean Wireless Access Point.

War Chalking
War chalking is a hobbyist pursuit using sidewalk chalk to mark areas of wireless network access. War
chalking uses a series of pictograms or icons to represent open and closed networks, and includes the
SSID and sometimes the information needed to access the network.

War Driving

Another hobbyist pursuit, war drivers will use their cars, wireless equipment, and mapping software to map
out the wireless coverage of an area. Some groups have collaborated to map out entire cities. The resulting
map may be shared amongst group members or published to the Internet and will identify, as closely as
possible, the location of APs, their SSIDs, and whether the networks are open or closed.

WEP
Wired Equivalent Privacy is the original encryption scheme implemented in wireless networks. Using RC4
and either a 40bit or 104 bit pre-shared key, WEP provides about the same level of privacy as using a hub
does on a wired network. Easily broken, WEP is typically only deployed in home networks.

WiMax
The WAN or community deployment of wireless networking, WiMax was initially started by Intel and is now
designated by the IEEE as 802.16. WiMax offers ranges measured in miles and bandwidth of up to 1 Gbps.
WiMax deployments are limited at present, but can include last mile services, regional mesh networks, and
municipal access for entire cities.

Workgroup Bridge
A pair of APs that provide connectivity between two different wireless segments are a workgroup bridge.
Entire offices can be connected wirelessly using workgroup bridges, or small office on another floor of a
building, or across the street from the main office, may be connected using workgroup bridges rather than
by running cables. These are extremely popular in downtown areas where offices are spread out across
multiple buildings that are still close together, and where the cost of running fibre or copper cables is
excessive.

WPA
Wi-Fi Protected Access is a security protocol for wireless networks that was designed to replace WEP. It
uses TKIP to encrypt data and is much more resistant to attacks that WEP is, but still has cryptographic
vulnerabilities that make it undesirable for use. WPA was an IEEE 802.11i draft. WPA Personal typically
uses an initial PSK to establish authentication, but the protocol has been extended to use EAP methods
where available.

WPA2
Wi-Fi Protected Access v2 is currently the strongest encryption protocol available to wireless networks, and
is the current 802.11i standard. It uses AES encryption for data and is considered cryptographically strong.
WPA2 Personal uses a PSK to establish initial authentication, but WPA2 Enterprise can use various EAP
methods to ensure a strong authentication without the need for a PSK.

WPS

Wi-Fi Protected Setup makes it easier for users to add Wi-Fi clients to WPA and WPA2 protected wireless
networks. It was intended to help non-technical home users deploy WPA security, but is vulnerable to a
brute-force attack and should not be used. WPS can use a PSK, encryption settings transferred using a
USB key, a PIN, NFC, or with a simple push button approach