[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Wireless 2106 Controler

Posted on 2009-07-10
Medium Priority
Last Modified: 2013-12-09

I have a Cisco 2601 set up with a basic wireless network. However at the moment it is running WPA-WPA2 security for users to log in.

What I want is for users to use 802.1x security, so they have to enter a user name and password, and then each client negoatates its own shared key with the controler for that session.

I have seen this done via a web page where you open up a web browser and are taken to a web apge where you have to enter your details before you can use the wireless network.

I am sure you can set this up on the controler its self, however I am not sure how to do this, Never played with this type of authentication before.

If any one knows what I am going on about, would you be able to point me in the correct direction of how to do this.

I just want each session to have its own shared key, and for log on to be via a user name and password. (dosent have to be a web page log on, if there are other ways I would be intrested)

Thank you

Question by:Aaron Street
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Expert Comment

ID: 24822379
Probably you're talking about a Captive Portal...
Not sure if it can be done in that cisco model, lets see if others have any idea.

Expert Comment

ID: 24822662
Not sure on that model Cisco, on the ones we have (1300 series) we would need a central appliance for that. You could set up free-radius on a Linux server, but the configuration is far from simple*
(I know that it is possible, but I have not managed to successfully create it. I am also not a Linux guy, so that may be the problem)
LVL 16

Author Comment

by:Aaron Street
ID: 24823014
yer see I really dont know my wireless stuff. and like you hamare I am not a linux person.

there are loads of setings on the controler. and I can see the seting up a central radius server.

but there are also options for settign up local users for use with authentication to the SSID's but I havent got a clue how to do it.

At the moment I am just using a basic Per shared key on the SSID, but this means if I want to cahnge it it kicks every one off, and every one is using this same key for the connection.

What I am looking for is a way for every one to have the same log on authentication. but then have each connection use its own PSK for the session.

so it would be more secure, and changing the password could be doone with out people dropping the connection.
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


Accepted Solution

martino87r earned 2000 total points
ID: 24823851
A suggestion can be to use ZeroShell:


Extensive docs on how to setup RADIUS and Captive Portal through a nice and very easy web interface...
Definitely give it a try
LVL 16

Author Comment

by:Aaron Street
ID: 24841108
Cheers guys, but does no one know if the 2106 has any of this built in. I will deffently be looking at that zeroshell stuff, looks very intresting
LVL 16

Author Comment

by:Aaron Street
ID: 24876850
Ok so I got zero shell up and running :) nice litlte system and runs great on an old MAgnia SG20 box I have laying around!

next how do I  / Can I set this up.

This is for an open access network, for members of the public to connect to.

what my idea is that layer 2 wpa/802.1x security is transparrent to the user, no log on just the data gets encrypted securley. or with a simple username and password set on the radius server so that each conenction is secure,
at the moment every one uses the same PSK... waht I want is for there to be a single log on, but each connection has its own PSK given from radius server.

my question is, can i get the radius server to authenticate 802.1x, with out the need to install a certificate on the client PC/ laptops? as simpley as possible for the users.

this is a stand alone network for internet, and the zeroshell server is the only server on the network and will have to do all the work.

the trouble i see with captive portal is it dose not encrypt the layer two traffic? I will be looking at this next but I would like to get a good undersanding of the layer 2 part of wireless first. Also the captive poral bit looks a bit simpler :)

Any ideas ? or should I open a new questions on Radius servers?

Cheers for all the help guys
LVL 16

Author Closing Comment

by:Aaron Street
ID: 31601988
Zero shell is coolll!!!!!!!!!!! cheers, so much more than just sorted my wireless issue!

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question