Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
531
Views
5
Helpful
1
Replies

SSID with WPA2/AES verses data encryption enabled on 3502i AP.

Dino Donnell
Level 1
Level 1

‎04-24-2017 05:38 AM - edited ‎03-10-2019 12:49 AM

My Question is:

My SSID is configured for WPA2. Right now I have data encryption turned off on the AP.

What exactly does WPA2 on the SSID encrypt and not encrypt compared to the turning on and off the data encryption on the AP its self.

I know that CAPWAP encrypt's the information from the AP to the WLC.

I just need some clearance on this.

Thank you for your time.

Dino

Labels:
0 Helpful
1 Reply 1

singhkulbir29881
Level 1
Level 1

‎04-24-2017 02:46 PM

Hi Dino,

There are two types of communication happen between wireless Client (PC) and AP.

1) Control Plane messages are used to setup a session between client and AP and contains all the important information related to session. These messages are always broadcast by the AP and client (PC). An attacker can easily hack the session and launch different type of wireless attacks such as deauthorization attack etc. So WAP2 on SSID encrypt all the control plane messages and defend us from session hacking and other attacks which are very easy to launch.

2) Data encryption is to encrypt the actual data send by the user for example a google request from user and it response from the server, when this data is travel over the wireless network.   

If this is helpful please rate it or marked it as answer if you got you answer.

Customers Also Viewed These Support Documents