In this lesson, you will learn how to configure a basic wireless network that uses WPA2 Pre-Shared Key (PSK) authentication. I’ll use the topology and configuration we created in the Cisco WLC basic configuration lesson. Below is the physical topology:
This network has two VLANs:
- VLAN 10: Management VLAN
- VLAN 20: Wireless network for users
And we use the following IP addresses:
|AP1 and AP2||10||DHCP clients|
SW1 is the DHCP server and default gateway for both VLANs.
I’ll use the GUI to configure the WLC and a Windows 10 wireless client to test our new wireless network.
First, head over to the WLC login screen:
And enter your credentials:
Click on the Advanced button on the top right:
The first thing to configure is a new dynamic interface. This logical interface is how the WLC connects to the wired network.
Go to Controller > Interfaces and click on New:
Above, you see, we already have a management and virtual interface. The management interface is how we access the GUI or CLI (through SSH) of the WLC. The virtual interface is used for DHCP relay, web authentication, VPN termination, and some other services.
Let’s give the new interface a name and set a VLAN number:
I’ll go for VLAN 20. Click on Apply, and the WLC presents the following screen:
We have to enter some additional information for our new dynamic interface. The port number is the physical interface that connects the WLC to the wired network; in my case, it’s port number 1.
Each interface requires an IP address, subnet mask, and default gateway. We also configure the DHCP server we want to use for this VLAN. SW1 is our DHCP server and default gateway.
Click on Apply, and we have a new dynamic interface.
Now it’s time to create the wireless network. Click on WLANs, Select Create New and click on Go:
In the screenshot above, you see we have the “lab” wireless network. This is the default network that was created by the wizard when I configured the WLC for the first time. By default, it uses 802.1X authentication. You can ignore or delete it. We don’t use it.
When you select Create New, and click on Go, you’ll see this screen:
The profile name is internal. You can pick whatever you like. The SSID is advertised in beacons, so this is the name of the wireless network that your users see. I’ll keep it simple and go for “VLAN20”. Click on Apply, and you see this screen:
Under the General tab, there are two important items:
- Status: Click on the checkbox to enable the WLAN.
- Interface: Select the dynamic interface we created for this VLAN.
Continue with the Security tab and select the Layer 2 sub-tab: