08-15-2011 11:33 PM - edited 07-03-2021 08:34 PM
hi,
can we enable network key based on per user basis?
I have wlc 4404 ans AP 1242.
when i enable encryption, it asks for network key and this key is common for all users.
is there any way of creating a one time key when user try to connect to wireless network and is unique to that user only?
kindly suggest.
Solved! Go to Solution.
08-16-2011 11:42 PM
Hi Vishal,
You can configure a login account to manage the WLC as a "Lobby Ambassador". So, the helpdesk, or entrance to the mall could have someone stationed with the ability to configure a username and password for each user that would like access.
This would be the layer 3 web-based authentication. You can find further information on these features in the following configuration guide chapter for "Managing user accounts":
http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_user_accts.html
-Pat
08-15-2011 11:42 PM
if ur talking about WEP, then no we cannot, if WPA 1/2 PSK we cannot, if we are going for GUEST USER on the WLC, LOCAL NET USER here we can have unique usename and passowrd for a client..
Lemme know if this naswered ur question and Please dont forget to rate the usefull posts!!
Regards
Surendra
08-15-2011 11:45 PM
what are guest user and local net user?
08-16-2011 09:11 PM
it will help me if any one tell me what is guest and local net users.
08-16-2011 09:59 PM
Hi Vishal,
So lets outline the various authentication methods we have available:
For Layer 2 authentication, which will have encryption, we have:
- WEP/WPA pre-shared key -- this key would be used by all clients
- WEP/WPA enterprise -- this involves a RADIUS server for 802.1x authentication and each client would have a username and password.
For Layer 3 authentication, which will not have encryption, but just security to access the wireless:
- Web authentication -- this is where guest/local user accounts would come into play on the WLC. Clients would connect and open a browser, where they would be asked for username/password. You can configure these accounts on the WLC and you could have unique accounts.
It depends on what your design goals for security are -- if you do not want to use pre-shared key, you could configure a RADIUS server to authenticate users and still have encryption. Otherwise, you could create guest users on the WLC.
-Patrick Croak
Wireless TAC
08-16-2011 10:34 PM
ok!!! consider following scenario -
there is a sopping mall where peope come with their wifi enabled laptops.
how can we implement security at that time? can we give unque username and password to each and every user that enters into mall?
08-16-2011 11:42 PM
Hi Vishal,
You can configure a login account to manage the WLC as a "Lobby Ambassador". So, the helpdesk, or entrance to the mall could have someone stationed with the ability to configure a username and password for each user that would like access.
This would be the layer 3 web-based authentication. You can find further information on these features in the following configuration guide chapter for "Managing user accounts":
http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_user_accts.html
-Pat
08-17-2011 01:50 AM
thank you pat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide