This article provides the steps to configure SSID with Pre-Shared Key and Web Portal Authentication on the WLC.
The following steps are used on CLI mode and SmartPass.
-
Create a service-profile and SSID.
# set service-profile PSK-PORTAL ssid-name PSK-PORTAL
# set service-profile PSK-PORTAL ssid-type crypto
# set service-profile PSK-PORTAL auth-fallthru web-portal
# set service-profile PSK-PORTAL web-portal-form web/wba_form.html
# set service-profile PSK-PORTAL web-portal-acl PSK-PORTAL
# set service-profile PSK-PORTAL wpa-ie auth-dot1x disable
# set service-profile PSK-PORTAL rsn-ie auth-dot1x disable
# set service-profile PSK-PORTAL rsn-ie cipher-ccmp enable
# set service-profile PSK-PORTAL rsn-ie auth-psk enable
# set service-profile PSK-PORTAL psk-encrypted 135643430e08027b2e712e67317016551555580e0c0d0b575a5b1b41000d040b5705035d5e55545c025415515002585e5823184b504c5241475c0d527f7a752b37
# set service-profile PSK-PORTAL attr vlan-name default
# set service-profile PSK-PORTAL rsn-ie enable
# set radio-profile default service-profile PSK-PORTAL
-
Create an ACL.
#set security acl name PSK-PORTAL permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
#set security acl name PSK-PORTAL permit ip 0.0.0.0 255.255.255.255 10.9.221.232 0.0.0.0
#set security acl name PSK-PORTAL deny 0.0.0.0 255.255.255.255 capture
#commit security acl PSK-PORTAL
-
Map the ACL and set authentication rule.
# set radius server PSK-PORTAL address 10.9.221.231 auth-port 1811 encrypted-key 1312121e0803092f0b757a6061
# set radius dac PSK-PORTAL address 10.9.221.232 replay-protect disable encrypted-key 0013160a075406032f701e1d5d
# set authentication web ssid PSK-PORTAL ** local
# set authorization dynamic ssid PSK-PORTAL PSK-PORTAL
-
Check the connectivity between the WLC and the SmartPass.
# radping server PSK-PORTAL request authentication user PSK-PORTAL password <password>
-
Using the WEBGUI Interface of the SmartPass Server create a user. Go to Users > Create User > add USER, USER TYPE, PASSWORD, CONFIRM PASSWORD > Save

Go to User > User Management to confirm the user properly saved.

-
Go to Setup > RADIUS Client Settings > Click ADD > IP Address, Shared Secret Key, Vendor: Trapeze > Save.

To confirm the changes, go to Setup > RADIUS Client Settings. The RADIUS client should be present.

-
Go to Setup > Web Portal Management > Click ADD Web Portal Configuration > Create SSID (Example name PSK-PORTAL) > Next > Next > Finish.

NOTE: If you are using Authentication Type > Local then select it and proceed without making any further changes > Finish.

To confirm, go to Setup > Web Portal Management > the SSID.

-
Go to Setup > RADIUS Servers Management > Click ADD to create the RADIUS server and RADIUS server group.
NOTE: First, add RADIUS Server > IP Address > Shared Secret key > check for AUTHENTICATION PORT. If required, also check for AUTHORIZATION PORT > add RADIUS Server Group > Finish.

To verify the changes, go to Setup > Radius Servers Management.

Check User Connectivity:
Use the following command at the end to check the user connectivity.
#show sessions