LOGBOOK

HELP

Quiz Entry - updated: 2026.07.01

Walk through the complete process of creating a WPA2 Enterprise WLAN on the WLC.

After configuring RADIUS (Remote Authentication Dial-In User Service) and VLAN (Virtual Local Area Network) interface: create a new WLAN (Wireless Local Area Network) with a unique SSID (Service Set Identifier) and ID → map it to the VLAN interface → set security to WPA2 (Wi-Fi Protected Access 2) + AES (Advanced Encryption Standard) + 802.1X → select the RADIUS server under AAA (Authentication, Authorization, and Accounting) Servers → enable and verify.

Complete WPA2 Enterprise WLAN setup (after RADIUS and VLAN are ready):

Step 1 — Create the WLAN:

  • Navigate to WLANsCreate NewGo
  • Enter Profile Name and SSID (e.g., "Corporate-WLAN")
  • Choose a unique WLAN ID (e.g., 5)
  • Click Apply

Step 2 — General tab:

  • Set Status to Enabled
  • Set Interface/Interface Group to the VLAN interface you created (e.g., "vlan5")

Step 3 — Security tab (Layer 2):

  • Set Layer 2 Security to WPA+WPA2
  • Check WPA2 Policy with AES encryption
  • Set Auth Key Mgmt to 802.1X (not PSK (Pre-Shared Key))

Step 4 — Security tab (AAA Servers):

  • Under Authentication Servers, select the RADIUS server configured earlier from the dropdown
  • Click Apply

Step 5 — Verify:

  • Check that the new WLAN appears in the WLANs list as Enabled
  • Test with a client device — it should prompt for username/password (not a PSK)
  • The RADIUS server validates the credentials and grants or denies access

Tip: If users can see the SSID but authentication fails, check: RADIUS shared secret matches, RADIUS server is reachable from the WLC (Wireless LAN Controller) (ping test), and the user account exists on the RADIUS server.

From Quiz: NETW2 / WLAN Configuration | Updated: Jul 01, 2026