1
8
9
16
17
18
15
24
19
25
26
27
20
22
23
21
3
4
5 6 7
11
10
12 13 14
14
2
Wi-Fi Authentication DemystifiedTutorial
Across Down2. EAPoverLAN6. Conveysdatabetweenpoints8. Pipediameter9. Numberof802.11anon-
overlappingchannels11.Receive/sendradiosignal13.ExtensibleAuthentication
Protocol15.Endofthelinkthatresponds
17. Amountofdatasentinagiventime
18.Managesaddressingandprotocolinformation
21 109Hz22.OnlyWi-FiPowerPlay24.SupersedesWEPfor802.1126.Contiguousfrequencies27.Oppositeoftransmitter
1. Highestperformingaccessdevice
3. Packetrequestinginformation4. Xirruslanguage5. Circuitrytointerpretand
execute 7. Pathforsignals10.Fragmentofdata12.Specificationimplementing
TKIPandAES
14.EndoflinkinitiatingEAPauthentication
15.Typeofmediumin802.1116.Numberof802.11b/gnon-
overlappingchannels19.One-millioncyclespersecond20.Rateatwhicharepeating
eventoccurs23.Standardforport-based
accesscontrol25.Instituteofengineers
2 ©2008Xirrus,Inc.AllRightsReserved.
Wi-Fi Authentication Demystified
ContentsIntroduction.............................................................................3
TheHistoryofAuthentication.....................................................4
AuthenticationFramework.........................................................5
WirelessInfrastructure..............................................................7
RoamingandAuthentication......................................................9
Recommendations..................................................................10
LeadingArchitecture...............................................................11
AboutXirrus...........................................................................11
©2008Xirrus,Inc.AllRightsReserved. 3
IntroductionAuthenticationisacriticalpartofanynetworksecuritypolicy.Authenticationvalidatestheidentityofauser
or device,which is an important point asmostpeopleonly lookat authenticationasauthenticating the
client.Whenusingamutualauthenticationscheme,notonlyistheclientauthenticated,butsoisthenetwork
itself.Thisprocessallowsthefirstdevicetoauthenticatethesecondandtheseconddevicetoauthenticate
thefirst. Initialwirelessauthenticationusedawirelessencryptionmethod,knownasWEPtoprovidethe
authentication.Theideabeingthatifbothsideshadacommonencryptionkeyitwouldserveasawayto
provideproperauthentication.However,WEPwascrackedandasaresultitwasnolongerconsideredtobe
sufficientasanauthenticationorencryptionmethod.
TheoverallgoalofWi-Fiauthenticationistoensurethatanauthorizeddevicedoesnotconnecttounauthorized
accessdevices, suchasa rogueAP.RogueAPsare unauthorizeddevices that havebeendetected in a
network.Roguescanbeeitherbenign,suchasneighboringAPsornewlyaddeddevicesorathreatwhen
addedtothenetworkformaliciousreasons.TheserogueAPscancreatenumerousissuesforthenetwork,
forexample:
Anattackcalledman-in-the-middlecanoccurinwhichtherogueinsertthemselvesbetweenauthorized1.
devicesandcollectinformationandcredentialsfromtheuserandthenetwork.
Anattackcalledreplay-attackinwhichavaliddatatransmissionismaliciouslyorfraudulentlyrepeated2.
or delayedby theattacker. Theseattackscanbedesigned tosteal informationoreffect thenormal
operation,suchasadenialofserviceattack.
Typical Wi-Fi Infrastructure
In a typical Wi-Fi infrastructure, stations associate to an Access Point. The Access Point is the Authenticator and interfaces with the Authentication Server to validate the stationsidentity and then allow access to the network.
Router AuthenticationServer
EthernetSwitch
Authenticator Authenticator
Wireless Stations(Supplicant)
Wi-Fi Authentication Demystified Tutorial
4 ©2008Xirrus,Inc.AllRightsReserved.
Forthesereasonsandmorenotlisted,ithelpstohidetheusers’identityfrombeingexposedfromasnifferor
othertypeofeavesdropperonthenetwork.Thereareadditionalbenefitstoauthentication,suchasencryption
keymanagement,whichautomaticallyexpiresuserpasswordsandforcesthemtochangecredentials,like
usernameandpasswordonaregularbasis.Authenticationiscriticalforprotectingcorporateandpersonal
information, scaling andmanaging large groups of users atmultiple locations normally requires the use
ofdynamicauthenticationprocess. Inaddition to justauthorizingaccess to thenetwork it alsoprovides
accountingandauditing informationofeveryconnectionoccurring in thenetwork.Allof this isextremely
importantinprovingcompliancewithregulationssuchasHIPPAandPCI.ManyformsofAuthenticationalso
allowforextendedcontroloverend-useraccess,suchastime-of-dayorrestrictedguest-accesspolicies.
The History of AuthenticationMostpeoplearefamiliarwithRADIUS,whichstandsforRemoteAuthenticationDial-InUserServiceandhas
beenaroundsincethedaysofdial-upnetworkaccess.TheRADIUSserversitsonthewirednetworkand
completes theprocessofauthentication.TheRADIUSservicehas threecomponents:Theauthentication
server,suchasMicrosoft’sIAS.TheRADIUSclient,inthewirelessworldthisistheAPortheWLANSwitchand
theSupplicant.ThesupplicantistheWi-Ficlienttobeauthenticated.Thesupplicantforwardsauthentication
informationtotheRADIUSclient,whichinturnsforwardsthisinformationtotheRADIUSserver.Theserverwill
authorizeordenyaccesstothenetwork.InadditiontheRADIUSservermayreturnconfigurationinformation
totheAP,suchasplacingtheWi-FiuserinaspecificVLAN.
RADIUS
Value Description0 Access-Request2 Access-Accept3 Access-Reject4 Accounting-Request5 Accounting-Response11 Access-Challenge12 Status-Server (experimental)13 Status-Client (experimental)255 Reserved
Value(1 or
more Bytes)
Length(1 Byte)
Type(1 Byte)Values=1 to 63
. . .
Attribute Field
Attribute 1 Attribute ...NCode(1 Byte)
Identifier(1 Byte)
Authenticator Field contains challenge text and MD5 hashed responses(passwords)
Length(2 Bytes)
Authenticator(16 Bytes)
RADIUS (RFC 2138) defines the backend authentication process between the Authenticator and Authentication Server. RADIUS Attributes carry specific authentication, authorization, information and configuration detail for the Access request and response types.
Example Attributes include: – User Name (Type Field = 1)– Password (Type Field = 2)
Items such as which VLAN the user is to be assigned to or what wireless user group policies to use can be defined by the use of Vendor Specific Attributes (VSAs) (Type Field = 26).
ARADIUSservercanalsoaccessthingslikeanactivedirectoryserviceorotherdirectoryserviceontheback
endof thenetworktoenforcepolicies.ThisallowsRADIUStobe implementedwithouthavingtorecreate
accountinformationthatmayalreadyexistinanotherdirectory.
©2008Xirrus,Inc.AllRightsReserved. 5
In1999,the802.11standardwasadoptedwhichcontainedacoupleofmethodsforbasicauthentication.One
wascalled“openauthentication”whichwasnotreallyauthenticationatall.Openauthenticationbasically
allowsWi-Fiassociationtoall802.11compliantdevices.AsecondmethodwasWEPandstoodforWired
EquivalentPrivacy.Thisformofauthentication,knownas“sharedkeyWEPauthentication”allowedashared
WEPkeytobeusedforauthenticatinguserstoaccessthenetwork.InMay2001,anIEEETaskGroupknown
as802.11ibeganworkonnewenhancedsecuritystandardsfor802.11.ByAugust2001,WEPwascracked
creatingalargesecuritybreachandadverselyimpactingtheadoptionofWi-Fiintheenterprise.Atthispoint
WEPbecameknownasWeakEncryptionProtocol.
NeedingimprovedsecurityandnotbeingabletowaitforthedevelopingIEEEstandard,theWi-FiAlliance
announcedinOctober2002anewsecuritystandardcalledWPA,whichstandsforWi-FiProtectedAccess.
Itwasasecurityenhancementbasedontheworkbeingdonebythe IEEE802.11iTaskGroup.WPAwas
quicklyputinplacetocorrecttheproblemswithWEP.Thiswasaccomplishedviatheimplementationofan
authenticationframeworkandstrongerencryptionmodes,andthe802.11iaddendumwasfinallyratified.
Authentication FrameworkTherewerethreebasicbuildingblocksthatledupto802.11i.First,therewasEAP,whichstandsforExtensible
Authentication Protocol. EAP is a framework for authentication, allowing for a number of authentication
methodstobeused.
EAP/EAPOL Frame Format
Value Description 1 Identity 2 Notification 3 NAK 4 MD5 Challenge
5 One Time Password6 Generic Token Card13 TLS
Value Description 1 Request 2 Response 3 Success 4 Failure
Value Description 0 EAP Packet 1 EAPOL Start 2 EAPOL Logoff 3 EAPOL Key 4 EAPOL Alert
EAPOL Packet
EAP Packet
ProtocolVersion(1 Byte)
1
PacketType
(1 Byte)Packet Body
Code(1 Byte)
ID(1 Byte) DataType
(1 Byte)
Destination MAC(6 Bytes)
Source MAC(6 Bytes)
BodyLength
(2 Bytes)# of Bytes
Length(2 Bytes)# of Bytes
EAPOL (EAP Over LAN) is used by 802.1X to encapsulate the EAP protocol. The EAP protocol defines a number of methods for authentication.
EthertypeCode
(2 Bytes)0x888e
6 ©2008Xirrus,Inc.AllRightsReserved.
Oneofthosemethodsis802.1x,aportlevelauthenticationmethodoriginallydesignedforwirednetworks.
802.1x,EAP,andadditionalencryptionmodesTKIPandAESwereallcomponentsofthe802.11istandard.
802.11i Security
Phase 1
Phase 2
Phase 3
Phase 4
Station
Security Discovery/Negotiation
802.1X Authentication
Key Management RADIUS Key Distribution
Data Confidentiality and Integrity
802.11i is the official security standard for 802.11 Wireless LANs as ratified by the IEEE in 2004. Its operation consists of 4 primary phases to establish secure communications. Phase 2 and portion of Phase 3 are addressed in this poster; Phase 4 and a portion of Phase 3 are addressed in the companion Wi-Fi Encryption poster.
Authenticator AuthenticationServer
Additionally, mutual authentication and key exchange processes were added to the standard. All these
additions allowed the authentication process to scale and also provided for dynamic key creation and
updating,providingfasterclientauthenticationandroaming.
©2008Xirrus,Inc.AllRightsReserved. 7
802.11i Packet Exchange
EAPOL Key 4
EAPOL Key 2
EAPOL Key 3
EAP-Success
EAPOL Key 1
RADIUS Access Accept
RADIUS Access Challenge
RADIUS Access Request
RADIUS Access Request
EAP-Request (Challenge)
EAP-Response (Credentials)
EAP-Response (Identity)
EAP-Request (Identity)
EAPOL-Start (Start Process)
Association Response
Association Request
Authentication Response
Authentication Request
Probe Response
Probe Request
Supplicant Authenticator AuthenticationServer
Port Unauthorized
1. The authentication process starts with a virtual port in the Array set to “unauthorized” such that only authentication protocols are forwarded.
7. 802.11i adds 4-way handshake to generate and verify encryption keys for the supplicant station (see Wi-Fi Encryption Poster).
8. Upon successful authentication and key exchange, the Access Point allows traffic to be forwarded from the station to the network.
6. If the station has the correct credentials, a RADIUS Access Accept packet is returned, which also includes a Master Key used by WPA to generate unique per user encryption keys (see Wi-Fi Encryption Poster).
802.11i Packet Exchange describes the wireless authentication process, and begins with a supplicant (the wireless station) associating to the access point and initiating an 802.1X exchange.
5. An EAP packet with the encryptedchallenge text is sent back to the Server.
4. An EAP packet with challenge text is sent from the Authentication Server.
3. The users identity is passed to the Authenticator and then forwarded to the Authentication Server.
2. The station starts the authentication process with an EAPOL Start message.
Port Authorized
Port Unauthorized
EAP-Logoff
Wireless InfrastructureNow let’s talkabouthowauthenticationworks ina
Wi-Finetworktoday.Atahigh level, theWi-Ficlient
associatestoanAP,alsoknownastheauthenticator.
The station then sends an authentication request
to the authenticator. The authenticator is designed
so that prior to proper authentication all standard
packetsarediscarded.WhileinthisstatetheAPwill
onlyforwardEAPpackets.Thesepacketsareallowed
totransversetothewiredsideinordertoreachthe
authenticationserver.Next,theclientsandserveruse
theEAPpacketstocompleteafour-wayhandshake.
The result of which is the authenticator and client
define session keys, and finally, the authenticator
movesitsportintoanauthorizedmodeandnormal
accesstothenetworkensues.
As mentioned before, the 802.1x framework uses
EAP to exchange information; however there are
several typesofEAPmethodsused today.Sevenof
these types are approved for interoperability by the
Wi-Fi Alliance. The first is EAP-TLS,which requires a
server-site certificate and a client-site certificate for
credentials.ThesecondmostpopulartypeisEAP-TTLS
wherebyausermusthaveaserver-sitecertificate,and
usesjustausernameandpassword.Typicallyathird-
partysupplicantisneededforthismethod.
Wireless Authentication Framework
Wi-Fi Authentication (802.11i) is built on top of 802.1X and EAP.
EAP (RFC 3748)Extensible
AuthenticationProtocol
IEEE 802.1X Wired port-based
authenticationuses EAP and EAPOL
as the underlyingauthentication protocol
IEEE 802.11i wireless authentication
extends 802.1X to a wireless network and
generates a Master Key.The Master Key is used by
the Access Point and station to derive per session keys
8 ©2008Xirrus,Inc.AllRightsReserved.
Thenext type,andprobablymostcommonlydeployed isEAP-PEAP,whichstands forProtectedEAP. In this
method,theserver-sitecertificateisrequired,theclient-sitecertificateisoptional,andastandardusername
andpassword isused.AdvantageofPEAP is it can leverageusernameandpasswordsalreadydefined in
Windows Active Directory. Another type commonly seen is EAP-PEAP-GTC, which stands for Generic Token
Card.Itisaphysicaltokenthatisusedintheauthenticationprocess.Likewise,EAP-SIMusesaSIMcard,a
SubscriberIdentityModule,foraGSMmobilehandset.ThelasttwotypesareCiscoauthoredandproprietary
protocols. One is LEAP (Lightweight Extensible Authentication Protocols), which was widely used early on,
but isnot recommendedanymoreduetoadictionaryattackthatcanbeeasilyharnessedagainst it.LEAP
didnot requirecertificatesonbothsidesof the linkasonlyapasswordwasneeded.TofixLEAP, fast-EAP
was deployed. It is still password based and also does not require certificates on either side of the link.
EAP Types
Server Side Client Side User Credentials User Database Security EAP Type Description Certificate Certificate Used Access Issues
EAP-PEAP Protected EAP Required Optional Windows XP, 2000, CE, Windows Domains, (widely used) Username/Passwords and Active Directory other 3rd party Supplicants EAP-TLS EAP with Transport Layer Security Required Required Certificate Windows Domains, User Identity Active Directory, Exposed Novel NDS OTP EAP-TTLS EAP with Tunneled Transport Required None Password Windows Domains, Layer Security Active Directory EAP-PEAP-GTC Protected EAP with Generic Required None Windows, Novell NDS, Token Card One Time Password Token EAP-SIM EAP – Subscriber Identity Module Required None Subscriber Identity Module (SIM). Uses SIM card found in (SIM Card) GSM mobile phone handsets LEAP Lightweight EAP. Not recommended None None Password Windows Domains, Dictionary Attack due to dictionary attacks Active Directory User Identity Exposed Fast EAP Cisco EAP based on PEAP None None Password Windows Domains, Active Directory
RADIUSalsohas theability tousewhatarecalledVSA,orvendorspecificattributes.Byusing theVSA’s
informationcanbepassedfromtheRADIUSservertotheauthenticator,orAP.Thisinformationcanbeused
forassigningausedgrouporVLANassignmentsopoliciescanbeappliedtotheenduserconnectingtothe
network.
Anothertypeofauthenticationavailableisweb-basedauthentication,typicallyusedtoallowtemporaryusers
orgueststogainrestrictedaccesstothenetwork.Thisprocessisusedinmanyplaces,butcommonlyseen
inhotels.Whenauseropenstheirwebbrowser,theyareredirectedtoawebpagewheretheycanentera
usernameandpassword.AuthenticationisthengrantednormallyfromRADIUSserverandthesessioncan
continueortheirconnectionmayberedirectedbacktoanotherwebpage.Webpagescanbehosteddirectly
intheXirrusWi-FiArraywhereitcanbeimplementedonaperSSID-basis.
©2008Xirrus,Inc.AllRightsReserved. 9
Web-based Authentication
Captive Portal Original URL
Authenticator AuthenticationServer
1. A user associates to an open Wi-Fi network2. User’s web session is captured and redirected to a
landing page in the Access Point3. The user is prompted for a username and password4. The Access Point uses these credentials to
authenticate the user with the Authentication Server5. Access is granted and the user’s original URL
is reloaded
Web-Based Authentication eliminates need to configure client software but requires manual entry of username/password. It is not used toconfigure an encrypted wireless link.
Roaming and AuthenticationClientsusing802.11icanpre-authenticatewithmultipleaccesspointsatthesametimeprovidingforfaster
roamingmethodsacrossthenetwork.ThesecurityassociationgeneratessomethingcalledthePairwiseMaster
Key(orPMK)whichistheresultofthefour-wayhandshakediscussedbefore.ThePMKcanbecachedbythe
clientandnetworkAPanticipating the fact that theclientwill roamfromoneAP toanother.Whenaclient
attemptstoroamtoanotherAP,theycanrequestthePMKIDtheywereusingbeforeorthattheyhaveintheir
cache.Asaresultofthiscachedkeythefull802.1xexchangeisnotrequired,thussavingconsiderableamounts
oftime.ThisfeatureisfullysupportedbyXirrusWi-FiArraysandiscrucialforthingslikevoiceroamingtime
needstobeasshortaspossible.
802.11i Fast Roaming
Stations can pre-authenticatewith new Access Pointprior to roaming
AuthenticationServer
EthernetSwitch
Supplicant
Authenticator
Access Points can share Pairwise Master Keys (PMK) in advance of stations roaming to themStations can use existing PMK when roaming to a new Access Point that has pre-shared it with prior Access PointIf Access Point has PMK, only the 4-way handshake needs to take place, otherwise full 802.11X exchange takes place
Pre-Authenticate
thenRoam
PMK Caching
10 ©2008Xirrus,Inc.AllRightsReserved.
RecommendationsOurrecommendationforauthenticationisasfollows:
Use802.11iandWPA-2forthestrongestsecuritythat’savailabletoday,aswellasPEAPwithMS-chap��
foreasiestadministrationwherenoclientsitecertificatesareneeded.Itusesthebuilt-inWindowsuser
nameandpasswordthattheuserisalreadyassignedforthedomain.
Useanauthenticationserver toenforceaccesspolicies like time-of-dayaccess. Italsonotifieswhat��
resourcesVLANusershaveaccesstoonthewirednetwork.Web-basedauthenticationisagreatwayto
alloweasyaccessontotheWi-Finetwork.
Lastly,replicationandavailabilityofyourauthenticationserverisimportant.RADIUSserversneedtobe��
capableofhandlingthepeakloadingintermsofthenumberofusersthatauthenticatetoitatthesame
time.AlsothelocationofyourRADIUSservershouldnotbelocatednearaslowwanlinkoraremotesite
whereitmighttaketimeandlatencybeforetheauthenticationprocesscompletes.
©2008Xirrus,Inc.AllRightsReserved. 11
Leading ArchitectureXirrusplannedfor thesuccessofWi-Fibydevelop-
ing an award-winning Wi-Fi architecture powerful
enoughtohandlehigh-bandwidthapplicationstoday
and modular enough to be upgraded for future
enhancements.
WiththeWi-FiArray,Xirrusdeliverstheonly‘Power
Play’ architecture in Wi-Fi networking with the
most bandwidth and coverage per cable drop in
the industry. Xirrus Wi-Fi Arrays deliver up to 8x
the bandwidth of a single access point and are
compact, easy-to-install, ceiling-mounted devices.
No other current-generation Wi-Fi technology can
deliverthebandwidthorthroughputofXirrusArrays
becausetheyarelimitedto2radiosproducingonly
108Mbpsofsharedbandwidth.
Xirrus Wi-Fi Array
Redundant Gigabit Ethernet Uplinks
Multiple Wi-Fi Radios Produce864Mbps of Bandwidth
High Gain Directional Antennas Increase Range
SectoredAntenna
SectoredAntenna
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadioWi-Fi
Radio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
Wi-FiRadio
SectoredAntenna
SectoredAntenna
SectoredAntenna
SectoredAntenna
SectoredAntenna
SectoredAntenna
SectoredAntenna
SectoredAntenna
SectoredAntenna
Wi-Fi Controller
50% Sector Overlap
EthernetSwitch
SectoredAntenna
No other current-generation Wi-Fi technology can deliver the bandwidth or throughput of Xirrus Wi-Fi Arrays.
Byintegratingthesekeycomponents:theWi-Ficontroller,GigabitEthernetSwitch,Gigabituplinks,multiple
accesspoints,sectoredantennasystem,Wi-FistatefulfirewallandWi-Fithreatsensorintoasingledevice,
XirrusArraysareabletoprovideacentrally-managedplatformthatdeliversunparalleledrange,clientcapacity
andperformance,alongwithbetterRFmanagementandroamingforvoice,videoanddataapplications—all
inasingledevicethatisfullyupgradeableto802.11n.
About XirrusXirrus,Inc.isaprivatelyheldfirmheadquarteredinWestlakeVillage,California.Foundedbythesameteam
that created Xircom (acquired by Intel in 2001), Xirrus has developed the next generation in enterprise
wirelessLANarchitecturescenteredaroundtheaward-winningArray.
Backedby leadingventurecapital firmsU.S.VenturePartnersandAugustCapital,Xirrusbringsaproven
managementteamandpatentedapproachtodeliveringtheperformance,scalabilityandsecurityneededto
deployatruewirelessextensionofthewiredEthernetnetworkcapableofdeliveringTriplePlay(voice,video,
data)enablement.
Xirrus,Inc.
2101CorporateCenterDriveThousandOaks,CA91320,USA1.800.947.7871TollFreeintheUSA+1.805.262.1600Sales+1.805.262.1601Fax
Copyright©2008,Xirrus,Inc.AllRightsReserved.XirrusandtheXirruslogoaretrademarksofXirrus,Inc.Allothertrademarksbelongtotheirrespectiveowners.Protectedbypatent#USD526,973S.Otherpatentspending.
S
H
A
R
E
D
M
E
D
I
U
M
T
U
W
WP
A
8
E
P
8
0
2
1
X
C
O
N
T
R
O
L
L
E
R
2
T
I
F
1
A
R
R
A
Y
C
R
G
1
R
-
A
T
A
H
I
E
E
E
T
N
H
M
H
Z
C
S
H
T
H
R
E
E
S
E
X
I
R
R
I
A
N
O
P
I
G
E
U
E
V
N
E
E
G
X
C
E
A
A
A
U
T
H
E
N
T
I
C
A
T
O
R
E
L
N
P
P
R
R
A
T
U
F
R
E
Q
U
E
N
C
Y
P
R
O
B
E
R
E
Q
U
E
S
T
U
M
O
A
N
S
L
N
N
D
P
A
C
K
E
T
W I D T
C
H
A
N
N
E
L
1
8
9
16
17
18
15
24
19
25
26
27
20
22
23
21
3
4
5 6 7
11
10
12 13 14
14
2
Wi-Fi Authentication Demystified Crossword Puzzle—Answer Key
Across Down2. EAPoverLAN6. Conveysdatabetweenpoints8. Pipediameter9. Numberof802.11anon-overlapping
channels11.Receive/sendradiosignal13.ExtensibleAuthenticationProtocol15.Endofthelinkthatresponds17. Amountofdatasentinagiventime18.Managesaddressingandprotocol
information21 109Hz22.OnlyWi-FiPowerPlay24.SupersedesWEPfor802.1126.Contiguousfrequencies27.Oppositeoftransmitter
1. Highestperformingaccessdevice3. Packetrequestinginformation4. Xirruslanguage5. Circuitrytointerpretandexecute 7. Pathforsignals10.Fragmentofdata12.SpecificationimplementingTKIP
andAES14.EndoflinkinitiatingEAP
authentication15.Typeofmediumin802.1116.Numberof802.11b/g
non-overlappingchannels19.One-millioncyclespersecond20.Rateatwhicharepeatingevent
occurs23.Standardforport-basedaccess
control25.Instituteofengineers
Top Related