Configuring WPA with PSK
Start on the WLANs > Edit page of the WLAN you want to configure with WPA with PSK. Select the Security tab and on the drop-down menu for Layer 2 Security, choose WPA (or WPA+WPA2 depending on your software) as shown in Figure 6-14. After you select WPA or WPA+WPA2, the bottom of the page changes to allow you to configure the parameters.
Figure 6-14. WPA with PSK Configuration
To set up WPA with PSK or WPA+WPA2, under the Parameters section you must select the WPA Policy box. For encryption, you can choose either AES or TKIP. In order to use PSK, you must select PSK from the drop-down menu of Auth Key Mgmt. The PSK Format can be either ASCII or HEX. On the last line of the Parameters section, you must enter your PSK in the long text box.
Configuring Web Authentication
Web authentication allows users to authenticate through a web browser interface. Clients who attempt to access the WLAN using HTTP are automatically redirected to a login page. The login page is customizable for both logos and text. Web authentication is usually used for guest access. The data exchanged between the client and the AP is not encrypted.
Note
The Web Authentication feature is not available on the WLC 2000 series or the Cisco ISR WLAN Controller Modules. It is available on the WLC 4000 series and the Catalyst 6500 Series Wireless Services Module (WiSM).
Note
The maximum simultaneous authentication requests using web authentication is 21. The maximum number of local web authentication users is 2500.
To set up web authentication, start on the WLANs > Edit page. Under the Security tab select the Layer 3 tab. Check the Web Policy check box. When you check this box, a series of options appears, as shown in Figure 6-15. You have a choice between Authentication or Passthrough. Choosing Authentication prompts users for a username/password combination. Choosing Passthrough does not prompt the user for a username/password; you do have the choice here to select Email Input, which prompts the user for her email address. You can also choose an ACL to be used between the client and the controller. In Figure 6-15 no ACL has been chosen; this is shown by the word None in the drop-down menu for Preauthentication ACL.
Figure 6-15. Configure Web Authentication
To customize the login page for web authentication, start from the main page of the WLC. Click the Security tab on the top of the GUI, and then click Web Auth on the left-side menu bar. Web Auth expands to show you the Web Login Page option. Click it to take you to the Web Login Page, as shown in Figure 6-16.
Figure 6-16. Web Login Page
Figure 6-17 shows you the three different web authentication types: Internal (Default), Customized (Downloaded), and External (Redirect to external server). If you choose either External or Customized, you must enter a URL in the Redirect URL after Login text box. In Figure 6-17 the Redirect URL after Login text box is hidden by the drop-down list, but it is viewable in Figure 6-16.
Figure 6-17. Web Authentication Types
