Walk through the complete process of creating a WPA2 Enterprise WLAN on the WLC.
After configuring RADIUS (Remote Authentication Dial-In User Service) and VLAN (Virtual Local Area Network) interface: create a new WLAN (Wireless Local Area Network) with a unique SSID (Service Set Identifier) and ID → map it to the VLAN interface → set security to WPA2 (Wi-Fi Protected Access 2) + AES (Advanced Encryption Standard) + 802.1X → select the RADIUS server under AAA (Authentication, Authorization, and Accounting) Servers → enable and verify.
Complete WPA2 Enterprise WLAN setup (after RADIUS and VLAN are ready):
Step 1 — Create the WLAN:
- Navigate to WLANs → Create New → Go
- Enter Profile Name and SSID (e.g., "Corporate-WLAN")
- Choose a unique WLAN ID (e.g., 5)
- Click Apply
Step 2 — General tab:
- Set Status to Enabled
- Set Interface/Interface Group to the VLAN interface you created (e.g., "vlan5")
Step 3 — Security tab (Layer 2):
- Set Layer 2 Security to WPA+WPA2
- Check WPA2 Policy with AES encryption
- Set Auth Key Mgmt to 802.1X (not PSK (Pre-Shared Key))
Step 4 — Security tab (AAA Servers):
- Under Authentication Servers, select the RADIUS server configured earlier from the dropdown
- Click Apply
Step 5 — Verify:
- Check that the new WLAN appears in the WLANs list as Enabled
- Test with a client device — it should prompt for username/password (not a PSK)
- The RADIUS server validates the credentials and grants or denies access
Tip: If users can see the SSID but authentication fails, check: RADIUS shared secret matches, RADIUS server is reachable from the WLC (Wireless LAN Controller) (ping test), and the user account exists on the RADIUS server.