CCNA Wireless Official Exam Certification Guide part 37 is a best of breed Cisco® exam study guide that focuses specifically on the objectives for the CCNA® Wireless IUWNE exam. Senior instructor Brandon Carroll shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. | 332 CCNA Wireless Official Exam Certification Guide range of the rogue AP connects to the AP. The AP allows connectivity to the Internet but is not actually on your corporate wired network. Using tools that are easily available on the Internet another client connected to the same rogue AP attacks the misassociated client and steals valuable corporate data. This scenario employs multiple attack methods. It uses a method known as management frame spoofing as well as an active attack against a misassociated client. So how can this be prevented The answer begins with a function called Management Frame Protection. Management Frame Protection One method of Management Frame Protection MFP is Infrastructure MFP. With this method each management frame includes a cryptographic hash called a Message Integrity Check MIC . The MIC is added to each frame before the Frame Check Sequence FCS . When this is enabled each WLAN has a unique key sent to each radio on the AP. Then the AP sends management frames and the network knows that this AP is in protection mode. If the frame were altered or if someone spoofs the SSID of the WLAN and doesn t have the unique key it invalidates the message. This causes other APs that hear the invalid frames to report them to the controller. The other method of MFP is called ClientMFP. If the client is running Cisco Compatible Extensions CCX 5 or better it can talk to the AP and find out what the MIC is. Then it can verify management frames it hears in addition to the APs that provide this function. The major benefit of this mode is the extension of detection. In Figure 17-1 the APs are in the middle of the network and clients are on the outside. The clients can detect the AP called BAD_AP that is generating invalid frames even though BAD_AP is out of the range of the APs that are in protection mode. With MFP version 1 all local mode APs are protectors. They digitally sign all frames they send. Any other AP or the same local mode AP for that matter .