wi-fi-termsWith the growing popularity of Wi-Fi and its increasing prominence in corporate networks, it is important to understand the various terms, acronyms, and standards that are rapidly becoming a part of the lingo. To that end, we’ve put together this glossary of common terms that are used.

20 MHz Channel

The default bandwidth used by 2.4GHz wireless networks. When a Wi-Fi access point and all associated clients can support a 40 MHz channel, higher throughput is possible by combining channels. Whenever another access point that does not support 40 MHz channels is present, or if a legacy client is present, then all devices must use 20 MHz channels.

40 MHz Channel

Newer access points and clients can use 40 MHz channels in the 2.4 GHz range to obtain higher throughputs. As long as all devices within the network can support this then the network can use 40 MHz channels, but if any legacy device is present, the entire network must fall back to using a 20 MHz channel.


The IEEE committee and the set of standards maintained by the IEEE for wireless networking.


The IEEE standard for wireless networking in the 5 GHz range. 802.11a networks can support up to 54 Mbps throughput and operate in the UNII bands.


The IEEE standard for wireless networking in the 5 GHz range. 802.11ac networks can support up to 1 Gbps throughput using multiple channels, 500 Mbps using a single channel, and operate in the UNII bands. It will use 80 and 160 MHz channels and MIMO to achieve higher throughput rates.


The IEEE standard for wireless networking in the 2.4 GHz range. 802.11b networks support up to 11 Mbps throughput and operate in the ISM band.


The IEEE standard for wireless networking that addresses the Media Access Control (MAC) layer to comply with rules in each country.


The IEEE standard for wireless networking Quality of Service (QoS) on 802.11 a, b, and g networks.


The IEEE standard for wireless networking in the 2.4 GHz range. 802.11g networks support up to 54 Mbps throughput and operate in the ISM band.


The IEEE standard for wireless networking that sets the requirements for Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) so that Wi-Fi devices can coexist in the same UNII frequency ranges as other 5 GHz devices.


The IEEE standard for wireless networking security, using AES encryption, authentication using 802.1x, and data integrity.


The IEEE standard for wireless networking to meet the legal requirements within Japan. These include power, frequency, and operational characteristics of wireless networks.


The IEEE standard for wireless networking that can use both the 2.4 GHz and 5 GHz ranges, with MIMO. 802.11n compatible access points and clients can support throughput rates of up to 600 Mbps, and clients are backwards compatible with older access points that can only do 802.11 a, b, or g.


An IEEE standard for port-based authentication to the network. It can be used in Ethernet switches to restrict access to the wired network as well as in wireless access points to restrict access to the Wi-Fi network. 802.1x can use username/password or certificates to authenticate to the network. It is typically used in combination with wireless encryption schemes to provide confidentiality and integrity.

Access Point

A device that acts as the bridge between wireless clients and the wired network. Often abbreviated as AP.

Ad Hoc Mode

A peer to peer mode of networking using Wi-Fi networking but no access point. Ad Hoc networks can include more than two devices.


The Advanced Encryption Standard is a symmetric block encryption protocol used in WPA2 and other protocols to encrypt data with a high degree of protection and a low CPU overhead.


Combining multiple channels (even across bands) to obtain higher overall throughput. See also channel bonding.


Abbreviation for Access Point.


The process a client goes through to begin exchanging data with an Access Point. A client will listen for beacons from an AP for the SSID that it wants to use, and then will exchange hello packets with the AP with the strongest signal and/or supported data rates. Association can be open, or can require a pre-shared key. Once associated, the client may be required to successfully authenticate before the AP will pass data between the client and the rest of the network.


A client may be required to authenticate to the wireless network before it can pass data between itself and other hosts. Authentication can be open, but can also require a certificate, username/password, or pre-shared key.


A beacon is transmitted by an AP ten times per second, and advertises the existence of the AP on a particular channel or channels. It includes information needed by clients to associate and may include the ESSID, the supported channels and data rates, and whether it is open or requires authentication.


A standard for short range wireless connectivity between devices, used with mice, keyboards, mobile phones, printers, speakers, and more. Bluetooth uses frequencies in the same ISM band as 802.11b and g Wi-Fi networks.


A network device that interconnects two dissimilar network types. An AP can act as a bridge between the wired and wireless networks, but can also serve as a wireless connection between two wired segments. See Workgroup Bridge.


BSSID stands for Basic Service Set Identifier and is the MAC address of the AP.

Captive Portal

In wireless networking, a captive portal is a process running on an AP that can intercept and redirect clients who have associated to a web page where they must agree to terms of service, provide a password, or even purchase access. These are common in hotels, airports, guest networks, and other locations that offer Internet access but want to charge a fee, restrict it to authorized users, or require the user to accept their AUP. See hotspot.


A channel is the network path for wireless transmissions. Each Wi-Fi standard has numerous channels, each of which is a central frequency. There are 11 channels in 802.11b and g networks in the United States and Canada; 14 in most other countries. There are 9 channels in 802.11a networks in the United States, with various counts for other regions of the world. Some countries including the US can have additional channels in the 5 GHz range if they employ DFS. Channels have a bandwidth-the greater the bandwidth, the greater the potential throughput. See 20 MHz and 40 MHz channels.

Channel Bonding

In 802.11b and g networks, multiple channels can be combined to obtain greater throughput when all access points and clients can support it. See also aggregation.

Closed Network

A closed network requires users to have authentication information before they can get onto the network.

Collision Avoidance

Collision avoidance (CA) is the method wireless devices typically employ to ensure data transmissions do not interfere with others. CA schemes can use a Clear to Send/Ready to Send (CTS/RTS) scheme where they signal readiness to transmit data, but must wait to be acknowledged by a central controller (AP) before transmitting actual data. Contrast this with Ethernet and its collision detection (CD) scheme where hosts transmit and then listen to see if others are also transmitting, and then sending a jamming signal to indicate a collision, and falling back a random period of time before trying again.

Concurrent Operation

Also called Dual Band, APs that can use both 2.4 and 5 GHz bands are capable of concurrent operation. These can offer 802.11n capabilities to compatible clients while also servicing legacy clients using 802.11 b, g, and a.

Direct Sequence Spread Spectrum (DSSS)

DSSS is the modulation technique used by 802.11b networks to transmit data. It is resistant to interference, and permits sharing of a channel amongst multiple purposes, however it requires more bandwidth to transmit than the actual data being transmitted.


Using multiple antennae to reduce interference and improve both transmission and reception of signals.


See Concurrent Operation.


The Extensible Authentication Protocol (EAP) can be used to provide authentication to the wireless network when employing WPA-Enterprise and WPA2-Enterprise.


EAP-FAST is Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling. It is one possible EAP scheme used in wireless networks for authentication. It is being promoted by Cisco as a replacement for LEAP.


EAP-TLS is Extensible Authentication Protocol-Transport Layer Security. It is one possible EAP scheme used in wireless networks for authentication, and uses client certificates. It is widely deployed across most major Wi-Fi vendors.


EAP-TTLS/MS-CHAPv2 is Extensible Authentication Protocol-Tunneled TLS using MSCHAPv2. It is one possible EAP scheme used in wireless networks for authentication, and uses a username/password (typically authenticated by Active Directory) to provide authentication.


The Extended Service Set Identifier is the “name” of the wireless network, and is used by all APs that provide access to the same infrastructure in an ESS. It can be advertised by APs in their beacons, or suppressed so that clients must ‘know’ the ESSID before associating with an AP. See ESS.


An extended service set (ESS) refers to a network with two or more APs working cooperatively. They share access to the same VLAN, use the same SSID, and can support fast handoff between clients that move from the coverage range of one AP to another.

Frequency Hopping Spread Spectrum (FHSS)

FHSS is the modulation technique used by Bluetooth and other technologies that use the same frequency ranges as 802.11 networks. Transmissions hop across multiple frequencies several times per second, and can work well at short ranges even in the presence of multiple competing systems trying to use the same frequency ranges.


An AP set up specifically to provide Internet access to users. Hotspots are popular in coffee shops, restaurants, and other publicly accessible locations, and usually do not require any authentication or offer any encryption. They provide the convenience of free Internet access to attract customers.

ISM Band

The Industrial, Scientific, and Medical frequency bands are unlicensed bands used by a variety of devices for wireless connectivity. In the 2.4 GHz ISM band, 802.11b and g network devices, Bluetooth devices, NFC devices, baby monitors, and microwave ovens all compete for bandwidth.

Lightweight Extensible Authentication Protocol

LEAP was developed by Cisco to provide authentication to networks using WEP for encryption. It is vulnerable to dictionary attacks and has been replaced by EAP-FAST.

MAC Address Filtering

An approach to restricting access to a wireless network by only permitting clients to connect if their MAC address is on a list. MAC address filtering is not scalable, and since most wireless NICs can be configured to use any MAC, easily defeated by anyone within range that can pick up transmissions from an authorized client and simply use their MAC address.


Multiple Input/Multiple Output signaling that uses several transceivers and antennae to improve throughput and range of the wireless network. Both APs and clients can use MIMO, though it is most often a feature of APs.

Network Name



Near Field Communication is a technology used most often with mobile devices to exchange data based on proximity, or even physical contact. NFC technology is being built into mobile phones for data transfer, touch to pay technologies, and smartcard reading. NFC is also being incorporated into some APs to make setting up a client easier. See WPS.


Orthogonal frequency-division multiplexing is used by 802.11a, g, n, and ac standards using multiple carrier frequencies. It is especially useful at obtaining higher throughput and overcoming interference in discrete frequencies.

Open Network

An open wireless network permits association and authentication without requiring a passphrase, certificate, or credentials. Open networks are often called hotspots and provide free Internet access to anyone within range. Many coffee shops and restaurants will deploy these to attract customers. They may still incorporate a captive portal. See hotspots.


A password or combination of words used to provide authentication to a wireless network WEP uses fixed 40 or 104 bit passphrases, while WPA and WPA2 can use arbitrary length passphrases.

Pre-shared Key

A pre-shared key (PSK) is a passphrase that is shared ahead of need. PSKs are typically used in WEP, WPA, and WPA2 protected networks, where each client that wishes to join the network has the same PSK.


Quality of Service enables networks to prioritize certain traffic types above others, so that things which are mission critical or latency sensitive gain preferred access to the network over things that are lower priority or can tolerate delay. This is especially useful in Wi-Fi networks using voice or video; the quality of both suffer when encountering latency. APs that offer QoS can provide more access to clients that need it than to those that do not. See 802.11d.


The distance between an AP and a client (or between two APs, see Workgroup Bridge) over which Wi-Fi transmissions can be successful. The greater the range, the greater the attenuation of a signal and the lower the overall throughput will be.


A wireless network device that receives signals and retransmits them, without providing direct access to the wired network. Repeaters are typically used to increase the range wireless networks can cover.


In a wireless network with multiple APs, a client that is moving from the coverage area provided by one AP to that provided by another is roaming. It must disassociate from the first AP before it can associate to the next AP.


A rogue client is one that attempts or succeeds in accessing a wireless network without authority to do so. A rogue AP is one installed onto the wired network without authority, and can be a maliciously placed device by someone attempting to penetrate the network, or by a non-malicious user who simply wanted to get wireless access to the wired network but did not involve IT or go through appropriate processes.


In the context of SOHO, a wireless router is an AP that also performs Internet connection sharing, and can run a DHCP service, a captive portal service,


The Service Set Identifier (SSID) is the name of the wireless network. It can be contained in the beacons sent out by APs, or it can be ‘hidden’ so that clients who wish to associate must first know the name of the network. Early security guidance was to hide the SSID of your network, but modern networking tools can detect the SSID by simply watching for legitimate client association, as SSIDs are transmitted in cleartext.


The Temporal Key Integrity Protocol was developed as a replacement for WEP but is no longer considered secure and has been removed from 802.11 standards. See WPA.


Transport Layer Security is a protocol designed to encrypt and authenticate all kinds of network traffic at the transport layer, and is the successor to SSL. It uses certificates to exchange public keys, which are then used to encrypt session keys.


The Unlicensed National Information Infrastructure radio bands include frequencies in the 5 GHz range used by 802.11a, n, and ac standards.


WAP can refer to the Wireless Application Protocol, or can be used to mean Wireless Access Point.

War Chalking

War chalking is a hobbyist pursuit using sidewalk chalk to “mark” areas of wireless network access. War chalking uses a series of pictograms or icons to represent open and closed networks, and includes the SSID and sometimes the information needed to access the network.

Wi-Fi post_May 14

War Driving

Another hobbyist pursuit, war drivers will use their cars, wireless equipment, and mapping software to map out the wireless coverage of an area. Some groups have collaborated to map out entire cities. The resulting map may be shared amongst group members or published to the Internet and will identify, as closely as possible, the location of APs, their SSIDs, and whether the networks are open or closed.


Wired Equivalent Privacy is the original encryption scheme implemented in wireless networks. Using RC4 and either a 40bit or 104 bit pre-shared key, WEP provides about the same level of privacy as using a hub does on a wired network. Easily broken, WEP is typically only deployed in home networks.


The WAN or community deployment of wireless networking, WiMax was initially started by Intel and is now designated by the IEEE as 802.16. WiMax offers ranges measured in miles and bandwidth of up to 1 Gbps. WiMax deployments are limited at present, but can include last mile services, regional mesh networks, and municipal access for entire cities.

Workgroup Bridge

A pair of APs that provide connectivity between two different wireless segments are a workgroup bridge. Entire offices can be connected wirelessly using workgroup bridges, or small office on another floor of a building, or across the street from the main office, may be connected using workgroup bridges rather than by running cables. These are extremely popular in downtown areas where offices are spread out across multiple buildings that are still close together, and where the cost of running fibre or copper cables is excessive.


Wi-Fi Protected Access is a security protocol for wireless networks that was designed to replace WEP. It uses TKIP to encrypt data and is much more resistant to attacks that WEP is, but still has cryptographic vulnerabilities that make it undesirable for use. WPA was an IEEE 802.11i draft. WPA Personal typically uses an initial PSK to establish authentication, but the protocol has been extended to use EAP methods where available.


Wi-Fi Protected Access v2 is currently the strongest encryption protocol available to wireless networks, and is the current 802.11i standard. It uses AES encryption for data and is considered cryptographically strong. WPA2 Personal uses a PSK to establish initial authentication, but WPA2 Enterprise can use various EAP methods to ensure a strong authentication without the need for a PSK.


Wi-Fi Protected Setup makes it easier for users to add Wi-Fi clients to WPA and WPA2 protected wireless networks. It was intended to help non-technical home users deploy WPA security, but is vulnerable to a brute-force attack and should not be used. WPS can use a PSK, encryption settings transferred using a USB key, a PIN, NFC, or with a simple push button approach.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.