Cisco WLC WPA2 PSK Authentication

In this lesson, you will learn how to configure a basic wireless network that uses WPA2 Pre-Shared Key (PSK) authentication. I’ll use the topology and configuration we created in the Cisco WLC basic configuration lesson. Below is the physical topology:

Sw1 Wlc1 Two Aps Lab Physical Topology

This network has two VLANs:

  • VLAN 10: Management VLAN
  • VLAN 20: Wireless network for users

And we use the following IP addresses:

Device(s) VLAN IP Address
WLC1 10 192.168.10.100
SW1 10 192.168.10.254
AP1 and AP2 10 DHCP clients
WLC1 20 192.168.20.100
SW1 20 192.168.20.254

SW1 is the DHCP server and default gateway for both VLANs.

Configuration

I’ll use the GUI to configure the WLC and a Windows 10 wireless client to test our new wireless network.



WLC

First, head over to the WLC login screen:

Cisco Wlc Login Screen

And enter your credentials:

Cisco Wlc Credentials

Click on the Advanced button on the top right:

Cisco Wlc Advanced Mode Button

Interface

The first thing to configure is a new dynamic interface. This logical interface is how the WLC connects to the wired network.

Go to Controller > Interfaces and click on New:

Cisco Wlc Create New Interface

Above, you see, we already have a management and virtual interface. The management interface is how we access the GUI or CLI (through SSH) of the WLC. The virtual interface is used for DHCP relay, web authentication, VPN termination, and some other services.

Let’s give the new interface a name and set a VLAN number:

Cisco Wlc Interface Name Vlan Id

I’ll go for VLAN 20. Click on Apply, and the WLC presents the following screen:

Cisco Wlc Interface Information

We have to enter some additional information for our new dynamic interface. The port number is the physical interface that connects the WLC to the wired network; in my case, it’s port number 1.

Each interface requires an IP address, subnet mask, and default gateway. We also configure the DHCP server we want to use for this VLAN. SW1 is our DHCP server and default gateway.

Click on Apply, and we have a new dynamic interface.

WLAN

Now it’s time to create the wireless network. Click on WLANs, Select Create New and click on Go:

Cisco Wlc Create New Wlan

In the screenshot above, you see we have the “lab” wireless network. This is the default network that was created by the wizard when I configured the WLC for the first time. By default, it uses 802.1X authentication. You can ignore or delete it. We don’t use it.

When you select Create New, and click on Go, you’ll see this screen:

Cisco Wlc Wlans New

The profile name is internal. You can pick whatever you like. The SSID is advertised in beacons, so this is the name of the wireless network that your users see. I’ll keep it simple and go for “VLAN20”. Click on Apply, and you see this screen:

Cisco Wlc Edit Ssid General

Under the General tab, there are two important items:

  • Status: Click on the checkbox to enable the WLAN.
  • Interface: Select the dynamic interface we created for this VLAN.

Continue with the Security tab and select the Layer 2 sub-tab:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 800 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
526 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags:


Forum Replies

  1. Hey Everyone,
    i would like to know when a mobile device connect to a wireless . The Wlan is configured with Mac filtering and PSK. Everything is working well. My question is when a mobile device connect to the WLAN , what is the first step is doing the WLC controller? We put the psk , to access the Wlan but when is he asking the MAC? Is it already in the frame ?
    Thanks
    Mina

  2. Hello Mina

    It is possible to configure both MAC filtering and PSK at the same time. The MAC filtering will take place first. Once the device passes the MAC filtering, it will then go on to be authenticated using PSK.

    I hope this has been helpful!

    Laz

  3. Thank you Mr.Laz. Now i understand. I do have another question amd i am trying to understand how it works. The subject is Certificate-Based Authentication.
    I will try to explain and tell me if i am wrong. I looked in Internet to find an explanation but i don’t understand it so well.
    So there is Certificate Authority and 2 devices. If i want to talk with a server, the PC will present his certificate who was signed By the CA. The server has also a certificate signed by the same CA. So when i want to talk with the server and i present my certificate then the ser

    ... Continue reading in our forum

  4. Hello Mina

    Before answering your question, I suggest you go through the following two lessons that will most likely clarify some of your questions about certificates:

    https://networklessons.com/cisco/ccna-200-301/introduction-to-wireless-security

    https://networklessons.com/cisco/ccna-200-301/wireless-authentication-methods

    For this particular question:

    It really depends upon the method of authentication tha

    ... Continue reading in our forum

Ask a question or join the discussion by visiting our Community Forum