Introduction to Wireless Networks

The only options you have to hack WPA or WPA 2 are to use a dictionary file (which is basically a big list with all words from the dictionary) or brute-force (which tries every possible combination one by one). If you use a Preshared key with enough characters and enough complexity you should be reasonable safe.

this is not true anymore.

EDIT:
I think this material should be read and rewrite in more than 1 place. Another example:

So are WPA and WPA 2 safe from hackers? Yes and no. Nobody so far managed to find a weakness in the protocols so it’s safe but it depends on the key you are using.

WPA2 was already cracked.

The only options you have to hack WPA or WPA 2 are to use a dictionary file (which is basically a big list with all words from the dictionary) or brute-force (which tries every possible combination one by one). If you use a Preshared key with enough characters and enough complexity you should be reasonable safe.

this is also inaccurate.

brute force is a permutation attack (every generated option)

dictonary is based on common world known by users.

Again those are not the ONLY options.

~~Gracjan Borowiak

Hello Guys,

I have one case on which client is dropping intermittently from wifi. What checks we can do on this from WLC side ?

Hello Raj

This problem could be due to several factors. The best approach would be to perform some debugging on the WLC for a particular client during its disconnects. This will give you the reason behind the drops and will help you to move on to additional troubleshooting steps. A couple of debug commands that would be helpful include:

debug client <mac-address>

Here you can add the MAC address of the particular client you are examining. An example of some output you may see is found below:

(Cisco Controller) >debug client 00:0a:95:9d:68:16

*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Received Disassociate from mobile on AP 00:0b:85:59:2a:20
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Deleting client on AP 00:0b:85:59:2a:20(0)
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 State machine transition from Disassociated to Idle
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Skipping L2 roam because state is not L2Associated
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Not Using WMM Compliance code qosCap 00.
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Ignoring mobile, downlink packet

In this example, you can see that the client with MAC address 00:0a:95:9d:68:16 sent a Disassociate message to the AP it was connected to (00:0b:85:59:2a:20). This triggered a transition from the Disassociated state to the Idle state.

Similarly, you can debug the AAA operations to examine if the client is failing during the authentication process, using the following command:

debug aaa all enable

An example of output you may see includes:

(Cisco Controller) >debug aaa all enable

*aaaQueueReader: Jun 24 14:25:43.108: 00:0a:95:9d:68:16 Trying to authenticate with Radius server
*aaaQueueReader: Jun 24 14:25:43.110: 00:0a:95:9d:68:16 Sending RADIUS packet to server with ID 164
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 Received RADIUS packet from server with ID 164
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 Received RADIUS response code 3 (Access-Reject) for mobile 00:0a:95:9d:68:16
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 RADIUS server has returned Access-Reject for user host/MyLaptop.domain.com
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 AAA Authentication Failure for UserName:host/MyLaptop.domain.com User Type: WLAN USER

In this example, the client with MAC address 00:0a:95:9d:68:16 tries to authenticate with the Radius server. The WLC sends a RADIUS packet to the server. However, the server responds with a Access-Reject response. This typically indicates that the credentials provided by the client (username/password or certificate, depending on the authentication method) were not correct.

For more debug commands that may be helpful, take a look at this Cisco command reference:

I hope this has been helpful!

Laz

Hello, I would be grateful if you could explain how these works for inflight wifi please.

Hello Kailash

The Wi-Fi service that is delivered on airplanes is provided by one or more Wi-Fi access points within the airplane itself, to connect the client devices. This network is then connected to a satellite communication system that connects the Wi-Fi network to the Internet. Typically, the data rates provided are relatively low per client (on the order of several hundred Kbps or even 1 or 2 Mbps. With such speeds, users typically use instant messaging, email, web browsing, and various mobile apps. Higher bandwidth applications including videoconferencing and on-demand streaming services won’t function well at such low bandwidths.

These limitations are because many users must share a single satellite connection which is typically limited in bandwidth and relatively expensive at the same time. However, speeds are increasing and costs are going down with the advent of newer services.

I hope this has been helpful!

Laz

Users in france office are facing random wifi issues. Here tried upgrading drivers . and we also collected RCA traces on user mac address. We didnt find anything. And after some network change this happened. What exactly we need to check here?

Hello Sonti

It sounds like you’ve done some initial troubleshooting already, which is great. On the other hand having limited information, we can only help you at a very high level, with general guidelines that you can use to focus in on the problem.

Here are a few steps you can follow and some questions to ask:

1. You said the issue started after some network changes. What changed?
2. Is the problem isolated to clients connected to one access point or to all access points? (if you have more than one).
3. Is the problem isolated to specific types of devices and OSes or to all devices? (mobile devices Android/iOS, Windows/Mac laptops).
4. Network connectivity issues: Do you actually see disconnects of the Wi-Fi devices from the wireless network or are the connectivity problems located somewhere within the wired network itself?
5. Are only the Wi-Fi devices having problems or do you see similar issues with wired devices?
6. Check the DHCP Server and ensure that the DHCP server is functioning correctly and has enough IP addresses to assign to all devices. If the DHCP pool is exhausted, new devices trying to connect would face issues.

After looking at all of these, you should at least know how to describe the problem more specifically. Once you know this, you can then go on to the next steps of focusing in on the problem. Let us know how you get along!

I hope this has been helpful!

Laz

The wireless standards grid is outdated, needs an update for 802.11ac and 802.11ax , explanation of differences between WiFi5 and WiFi6

Hello Eugene

Indeed you are correct. There is also 802.11be which is the upcoming WiFi7 standard. I will let Rene know your suggestion so he can consider updating the table.

Thanks again!

Laz