Wireless Architectures

Question 1

T/F: Some fields of the 802.11 frame header might not be present, depending on the message

Answer 1

T

Question 2

What is the Frame Control field in the 802.11 header for?

Answer 2

Providing message information such as message type and subtype

Question 3

What is the Duration/ID field in the 802.11 header for?

Answer 3

Depending on the message, can indicate:
- Time channel will be dedicated for transmission of the frame
- Identifier for the association between AP and device

Question 4

What are the Address fields in the 802.11 header for?

Answer 4

• Destination Address (DA): final recipient of frame
• Source Address (SA): original sender of frame
• Receiver Address (RA): immediate recipient of the frame
• Transmitter Address (TA): immediate sender of the frame

Question 5

What is the Sequence Control field in the 802.11 header for?

Answer 5

Used to reassemble fragments and eliminate duplicate frames

Question 6

What is the QoS Control field in the 802.11 header for?

Answer 6

QoS

Question 7

What is the HT Control field in the 802.11 header for?

Answer 7

Enable High Throughput (HT) operations

Question 8

The field after the encapsulated packet in an 802.11 frame is:

Answer 8

FCS, same as the ethernet frame

Question 9

The Frame Check Sequence field in the 802.11 header is for:

Answer 9

Same as Ethernet frames, used for error checking

Question 10

What are the three 802.11 connection states?

Answer 10

• Not authenticated, not associated
• Authenticated, not associated
• Authenticated, associated

Client must be authenticated and associated with the AP to send traffic through it

Question 11

What are the two ways a station can scan for a BSS?

Answer 11

• Active Scanning: station sends probe requests and listens for probe response from AP
• Passive Scanning: station listens for beacon messages from AP

Question 12

T/F: Beacon messages are sent periodically by APs to advertise the BSS

Answer 12

T

Question 13

T/F: Beacon messages are sent in response to probe requests sent by stations

Answer 13

F

Beacon messages are sent periodically

Question 14

What are the three 802.11 message types?

Answer 14

• Management
• Control
• Data

Question 15

What is the 802.11 management message type used for?

Answer 15

Managing the BSS, including facilitating client discovery / connections

• Beacon messages
• Probe request, probe response
• Authentication
• Association request, association response

Question 16

What is the 802.11 control message type used for?

Answer 16

Controlling access to the medium (RF). Assist with delivery of management and data frames

• RTS (Request to send)
• CTS (Clear to send)
• ACK

Question 17

What is the 802.11 data message type used for?

Answer 17

Sending actual data packets

Question 18

In active scanning, a client sends ____ messages, and the AP response with _____ messaged

Answer 18

Probe request, probe response

Question 19

After the discovery process is complete, the station sends ______ messages to the AP, and the AP replies with _____ messages

Answer 19

Authentication request, authentication response

Question 20

After the authentication process is complete, the station sends _____ messages to the AP, and the AP replies with _____ messages

Answer 20

Association request, association response

Question 21

Explain the difference between active scanning and passive scanning

Answer 21

Active scanning: The station sends a probe request message to the AP to initiate the connection process

Passive scanning: The station listens for beacon messages from the AP before initiating the connection process

Question 22

What are the three main wireless AP deployment methods

Answer 22

• Autonomous
• Lightweight
• Cloud-based

Question 23

What is an Autonomous AP?

Answer 23

Self contained system that doesn’t rely on a wireless LAN controller. Must be manually configured per AP

Question 24

T/F: Autonomous APs aren’t viable in larger networks

Answer 24

T

Question 25

What is a Lightweight AP?

Answer 25

An AP that’s responsible for real time operations (Tx/Rx traffic, encrypt/decrypt, beacons/probes, etc), but other functions are carried out by a WLC. APs are also centrally managed by a WLC

AKA split-MAC architecture

Question 26

How is an attacker prevented from using an unauthorized lightweight AP to join the WLAN?

Answer 26

X.509 standard certificates are used. The WLC and the APs authenticate each other using the certificates installed on each device.

Question 27

What protocol is used to communicate between the WLC and the lightweight APs?

Answer 27

CAPWAP

Control And Provisioning of Wireless Access Points

Question 28

What protocol and port does the CAPWAP control tunnel use?

Answer 28

UDP 5246

Question 29

What protocol and port does the CAPWAP data tunnel use?

Answer 29

UDP 5247

Question 30

T/F: All traffic from wireless clients is sent through the CAPWAP data tunnel to the WLC, it doesn’t go directly to the wired network

Answer 30

T

Question 31

Explain how data travels from a client on the WLAN to a client on the LAN in the CAPWAP protocol

Answer 31

Data packets go through the CAPWAP data tunnel to the WLC, then from the WLC to the wired network

Question 32

What is the CAPWAP control tunnel used for?

Answer 32

Configuring APs, controlling and managing wireless operations.

Question 33

T/F: Even if a client is sending traffic to a client associated with the same lightweight AP, the traffic must first pass through the WLC first

Answer 33

T

All traffic must go to the WLC first via the CAPWAP data tunnel

Question 34

T/F: If a client is sending traffic to a client associated with the same AP, the traffic can go directly to the client to conserve wired network bandwidth

Answer 34

F

All traffic must go to the WLC first via the CAPWAP data tunnel

Question 35

T/F: Traffic in the CAPWAP control tunnel is encrypted by default

Answer 35

T

Question 36

T/F: Traffic in the CAPWAP data tunnel is encrypted by default

Answer 36

F

Traffic in the data tunnel isn’t encrypted by default, but can be configured to be encrypted with DTLS (Datagram Transport Layer Security)

Question 37

T/F: Since all traffic from wireless clients is tunneled to the WLC with CAPWAP, lightweight APs connect to switch access ports, not trunk ports

Answer 37

T

Question 38

T/F: Lightweight APs connect to switch trunk ports, since the traffic is tunneled to the WLC with CAPWAP

Answer 38

F

Lightweight APs send all traffic to the WLC with CAPWAP tunnels, so switch access ports are used

Question 39

T/F: In a split-MAC wireless architecture, a trunk is needed to connect the WLC to the wired network

Answer 39

T

Traffic is separated into VLANs by the WLC in a split-MAC architecture, not the APs

Question 40

T/F: In a split-MAC wireless architecture, a trunk is needed to connect both the WLC and the APs to the wired network

Answer 40

F

In a split-MAC architecture, the APs are connected via access ports, and the WLC is connected via a trunk port

Question 41

What are some benefits to using split-MAC architecture?

Answer 41

• Scalability
• Dynamic channel assignment
• Transmit power optimization
• Self-healing wireless coverage
• Seamless roaming
• Centralized security and QoS management

Question 42

What are the lightweight AP operational modes? (8)

Answer 42

• Local
• FlexConnect
• Sniffer
• Monitor
• Rogue Detector
• Spectrum Expert Connect
• Bridge/Mesh
• Flex Plus Bridge

Question 43

Explain the lightweight AP local operational mode

Answer 43

Default mode, AP offers one or more BSSs for clients to associate with

Question 44

Explain the lightweight AP FlexConnect operational mode

Answer 44

Similar to local mode, but allows the AP to locally switch traffic between wired and wireless networks if the AP loses its CAPWAP tunnel to the WLC

Question 45

Explain the lightweight AP sniffer operational mode

Answer 45

AP doesn’t offer a BSS for clients. Captures 802.11 frames and sends them to a device running software like Wireshark, etc.

Question 46

Explain the lightweight AP monitor operational mode

Answer 46

AP doesn’t offer a BSS for clients. Receives 802.11 frames and looks for rogue devices. If a client is found to be a rogue device, the AP can send de-authentication messages to disassociate the rogue device from the AP

Question 47

Explain the lightweight AP rogue detector operational mode

Answer 47

AP doesn’t use radio. Listens to wired network traffic only, but receives list of suspected rogue clients from the WLC. Listens to ARP messages on the wired network and compares to information from WLC to detect rogue devices.

Question 48

Explain the lightweight AP SE connect operational mode

Answer 48

AP doesn’t offer a BSS. Dedicated to RF spectrum analysis on all channels.

Question 49

Explain the lightweight AP bridge/mesh operational mode

Answer 49

AP can be a dedicated bridge between sites, or be used to create a mesh between APs

Question 50

Explain the lightweight AP Flex Plus Bridge operational mode

Answer 50

Adds FlexConnect functionality to the Bridge/Mesh mode. Allows APs to locally forward traffic even if connectivity to the WLC is lost

Question 51

What is a cloud-based AP?

Answer 51

Architecture in between autonomous AP and split-MAC architecture: Autonomous APs that are centrally managed in the cloud.

Only management traffic is sent to the cloud, data traffic stays on-prem

Question 52

T/F: With cloud-based APs, management traffic stays on-prem, but data traffic is sent to the cloud

Answer 52

F

The opposite is true

Question 53

T/F: With cloud-based APs, only management traffic is sent to the cloud, data traffic stays on-prem

Answer 53

T

Question 54

Cisco’s cloud based AP solution is:

Answer 54

Cisco Meraki

Question 55

What are the four main WLC deployment models in a split-MAC architecture?

Answer 55

• Unified WLC
• Cloud-based WLC
• Embedded WLC
• Cisco Mobility Express WLC

Question 56

Explain a unified WLC deployment

Answer 56

WLC is a hardware appliance in a central location of the network. Supports about 6000 APs, good for large enterprise

Question 57

Explain a cloud-based WLC deployment

Answer 57

The WLC is a VM running on a server, usually in a private cloud in a data center. not the same as the cloud-based AP architecture, i.e. Meraki. Supports about 3000 APs

Question 58

Explain an embedded WLC deployment

Answer 58

The WLC is integrated within a switch. Supports around 200 APs per switch WLC.

Question 59

Explain a mobility express WLC deployment

Answer 59

The WLC is integrated within an AP. Supports about 100 APs, good for a small branch office

Question 60

What kind of message is an 802.11 probe request?

a) Data
b) Control
c) Management
d) Beacon

Answer 60

c) Management

Question 61

Which of the following AP types are centrally managed? (Pick many)

a) Autonomous
b) WGB
c) Lightweight
d) Cloud-based

Answer 61

c) Lightweight
d) Cloud-based

Question 62

Which of the following AP types uses the CAPWAP protocol?

a) Autonomous
b) WGB
c) Lightweight
d) Cloud-based

Answer 62

c) Lightweight

Question 63

Which of the following lightweight AP modes offer a BSS for clients? (pick many)

a) Local
b) Sniffer
c) FlexConnect
d) Rogue Detector

Answer 63

a) Local
c) FlexConnect

Question 64

Which of the following WLC deployments supports the greatest number of APs?

a) Embedded
b) Cloud-based
c) Mobility Express
d) Unified

Answer 64

d) Unified

Question 65

Order the following 802.11 MAC frame header fields in the correct order
- ADD1
- ADD2
- ADD3
- ADD4
- DATA
- DUR
- FC
- FCS
- SEQ

Answer 65

FC
DUR
ADD1
ADD2
ADD3
SEQ
ADD4
DATA
FCS