WPA2 PSK Personal

iores · ‎07-29-2023

Hi,

does the authentication from the subject go via WLC or remains local with AP?

MHM Cisco World · ‎07-29-2023

AP Local or central control?

iores · ‎07-29-2023

Local switching.

Rasika Nayanajith · ‎07-29-2023

You configure Pre-shared Key for a WLAN on WLC and then WLC push that to AP (as part of WLAN configs). So "client auth" does not require to go to WLC when it go through association process (AP handles 4 way handshake )

HTH
Rasika
*** Pls rate all useful responses ***

iores · ‎08-01-2023

Is there any scenario where 4 way handshake goes through controller in local switching mode?

Rasika Nayanajith · ‎08-02-2023

4 Way Handshake always takes place between AP & Client. To initiate the 4 way handshake, AP needs to have a master key (PMK), normally calculated by WLC & pass that information to APs.

Since it is PSK (that won't change) it is a static key which AP get as part of its initial configuration sending by WLC. Every time a client connects that same PMK used for 4-way handshake & not require to reach out to WLC for it.

In 802.1X scenario, there is no static password/key configured. Every time a client connects they have to calculate a master key (mutually derive supplicant & RADIUS server). Then RADIUS server pass that master key (MSK) to WLC which it calculates PMK & sending it to AP (where client attach). So AP can go through 4-way handshake.

HTH
Rasika
*** Pls rate all useful responses ***