Solved: network key

vishalpatil86 · ‎08-15-2011

hi,

can we enable network key based on per user basis?

I have wlc 4404 ans AP 1242.

when i enable encryption, it asks for network key and this key is common for all users.

is there any way of creating a one time key when user try to connect to wireless network and is unique to that user only?

kindly suggest.

pcroak · ‎08-16-2011

Hi Vishal,

You can configure a login account to manage the WLC as a "Lobby Ambassador". So, the helpdesk, or entrance to the mall could have someone stationed with the ability to configure a username and password for each user that would like access.

This would be the layer 3 web-based authentication. You can find further information on these features in the following configuration guide chapter for "Managing user accounts":

http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_user_accts.html

-Pat

View solution in original post

Surendra BG · ‎08-15-2011

if ur talking about WEP, then no we cannot, if WPA 1/2 PSK we cannot, if we are going for GUEST USER on the WLC, LOCAL NET USER here we can have unique usename and passowrd for a client..

Lemme know if this naswered ur question and Please dont forget to rate the usefull posts!!

Regards

Surendra

Regards
Surendra BG

vishalpatil86 · ‎08-15-2011

what are guest user and local net user?

vishalpatil86 · ‎08-16-2011

it will help me if any one tell me what is guest and local net users.

pcroak · ‎08-16-2011

Hi Vishal,

So lets outline the various authentication methods we have available:

For Layer 2 authentication, which will have encryption, we have:

- WEP/WPA pre-shared key -- this key would be used by all clients

- WEP/WPA enterprise -- this involves a RADIUS server for 802.1x authentication and each client would have a username and password.

For Layer 3 authentication, which will not have encryption, but just security to access the wireless:

- Web authentication -- this is where guest/local user accounts would come into play on the WLC. Clients would connect and open a browser, where they would be asked for username/password. You can configure these accounts on the WLC and you could have unique accounts.

It depends on what your design goals for security are -- if you do not want to use pre-shared key, you could configure a RADIUS server to authenticate users and still have encryption. Otherwise, you could create guest users on the WLC.

-Patrick Croak

Wireless TAC

vishalpatil86 · ‎08-16-2011

ok!!! consider following scenario -

there is a sopping mall where peope come with their wifi enabled laptops.

how can we implement security at that time? can we give unque username and password to each and every user that enters into mall?

pcroak · ‎08-16-2011

Hi Vishal,

You can configure a login account to manage the WLC as a "Lobby Ambassador". So, the helpdesk, or entrance to the mall could have someone stationed with the ability to configure a username and password for each user that would like access.

This would be the layer 3 web-based authentication. You can find further information on these features in the following configuration guide chapter for "Managing user accounts":

http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_user_accts.html

-Pat

vishalpatil86 · ‎08-17-2011

thank you pat