NetworkingNetwork+

WLAN Configuration Concepts for CompTIA Network+ N10-009

WLAN (Wireless LAN) configuration covers the settings required to deploy and secure a wireless network. CompTIA Network+ N10-009 tests SSID configuration, security settings, channel planning, and wireless controller deployment concepts. Unlike CCNA, Network+ focuses on conceptual configuration decisions — what settings to choose and why — rather than CLI syntax.

7 min

3 sections · 7 exam key points

1 practice questions

Core WLAN Settings

SSID (Service Set Identifier): the human-readable wireless network name. SSIDs can be broadcast (visible in device Wi-Fi lists) or hidden (not advertised). Hiding the SSID provides minimal security — scanning tools easily detect hidden networks. Use a descriptive SSID that doesn't reveal organization details or security settings.

Frequency and channel: select 2.4 GHz or 5 GHz based on range vs speed requirements. Use non-overlapping channels (1, 6, 11 for 2.4 GHz). Enable 5 GHz band steering to prefer faster 5 GHz connections when clients support it. Channel width: 20 MHz for dense environments, 40/80 MHz for better throughput in isolated areas.

Security settings: always use WPA2 or WPA3. Personal (PSK) for small deployments; Enterprise (802.1X/RADIUS) for corporate. Disable WEP and WPA (TKIP). Enable Management Frame Protection (802.11w) to prevent deauthentication attacks. Disable WPS (Wi-Fi Protected Setup) — it has known brute-force vulnerabilities.

Guest and Multiple SSIDs

Guest wireless: a separate SSID for visitors with internet-only access, isolated from the corporate network. Guest SSID should be on a separate VLAN routed directly to the internet with firewall rules blocking access to internal resources. Client isolation prevents guest users from communicating with each other.

Multiple SSIDs: most enterprise APs support 8–16 SSIDs simultaneously. Each SSID maps to a VLAN: corporate SSID → Corporate VLAN, Voice SSID → Voice VLAN, IoT SSID → IoT VLAN, Guest SSID → Guest VLAN. Using multiple SSIDs for segmentation is standard enterprise practice.

Controller-Based WLAN Management

In controller-based deployments, all WLAN configuration is done on the WLC (Wireless LAN Controller) and pushed to all APs simultaneously. Configuration changes take effect across the entire wireless infrastructure immediately — no individual AP configuration needed. WLC also manages: radio resource management (automatic channel and power adjustment), client roaming, rogue AP detection, and wireless intrusion prevention.

SSID to VLAN mapping: the WLC maps each SSID to a specific VLAN. The AP's uplink switch port is configured as a trunk port carrying all VLANs. The WLC handles VLAN assignment for wireless clients — when a client connects to a SSID, the WLC places that client's traffic in the corresponding VLAN.

Key exam facts — Network+

Hidden SSID provides minimal security — scanning tools detect hidden networks
Disable WPS — known brute-force vulnerability (PIN attack)
WPA2 minimum; WPA3 preferred — never use WEP or WPA (TKIP)
Guest SSID → Guest VLAN → internet only, isolated from corporate LAN
Multiple SSIDs map to different VLANs for segmentation
WLC pushes config to all APs centrally — manages roaming, channels, rogue detection
Enable client isolation on guest networks to prevent peer communication

Common exam traps

Hiding the SSID makes a wireless network secure

Hidden SSIDs are not broadcast in beacons, but they are visible in probe requests and can be detected by wireless scanning tools in seconds. Hiding SSIDs is security through obscurity and provides no meaningful protection

WPS simplifies setup securely

WPS PIN method has a known vulnerability that allows an attacker to brute-force the PIN in approximately 4–11 hours. Always disable WPS on enterprise and home routers

Practice questions — WLAN Configuration

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A company wants to provide internet access for visitors without allowing them to access internal servers. Which approach should be used?

A.Give visitors the corporate Wi-Fi password

B.Create a separate Guest SSID mapped to a Guest VLAN with internet-only access

C.Enable WPS for easy guest onboarding

D.Use MAC filtering to restrict guest access

Explanation: A separate Guest SSID mapped to a dedicated Guest VLAN, with firewall rules allowing only internet access, is the correct approach. This isolates guests from internal resources. Sharing the corporate password grants internal network access. WPS has security vulnerabilities. MAC filtering is easily bypassed by MAC spoofing.

Frequently asked questions — WLAN Configuration

How many SSIDs can one AP broadcast simultaneously?

Most enterprise APs support 8–16 SSIDs per radio. However, each SSID adds management overhead (beacons, probe responses) that consumes airtime. Best practice: limit to 3–4 SSIDs per AP band (e.g., Corporate, Voice, IoT, Guest). More SSIDs degrade performance — each beacon is a broadcast that all clients must process.

Practice this topic

Network+practice questions

Test yourself on WLAN Configuration

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime