The authentication method that is referenced in the 802.11-2016 and 802.11-2020 specifications and

is recommended for robust WLAN client security is 802.1X/EAP. 802.1X/EAP stands for IEEE 802.1X

Port-Based Network Access Control with Extensible Authentication Protocol and is a framework that

provides strong authentication and dynamic encryption key generation for WLAN clients. 802.1X/EAP

involves three parties: the supplicant (the client), the authenticator (the AP or the controller), and

the authentication server (usually a RADIUS server). The supplicant sends its credentials (such as

username and password, certificate, or token) to the authenticator, which forwards them to the

authentication server. The authentication server verifies the credentials and sends a response to the

authenticator, which grants or denies access to the supplicant. The authentication server also

generates a master key that is used to derive encryption keys for the data frames between the

supplicant and the authenticator. 802.1X/EAP supports various EAP methods that offer different

levels of security and flexibility, such as EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, and EAP-SIM. SSL,

IPSec, and WEP are not authentication methods, but rather encryption or security protocols that are

not specific to WLANs or referenced in the 802.11 specifications. Reference: [CWNP Certified

Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 299; [CWNA: Certified

Wireless Network Administrator Official Study Guide: Exam CWNA-109], page 289.