• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 548
  • Last Modified:

Wireless 2106 Controler


I have a Cisco 2601 set up with a basic wireless network. However at the moment it is running WPA-WPA2 security for users to log in.

What I want is for users to use 802.1x security, so they have to enter a user name and password, and then each client negoatates its own shared key with the controler for that session.

I have seen this done via a web page where you open up a web browser and are taken to a web apge where you have to enter your details before you can use the wireless network.

I am sure you can set this up on the controler its self, however I am not sure how to do this, Never played with this type of authentication before.

If any one knows what I am going on about, would you be able to point me in the correct direction of how to do this.

I just want each session to have its own shared key, and for log on to be via a user name and password. (dosent have to be a web page log on, if there are other ways I would be intrested)

Thank you

Aaron Street
Aaron Street
  • 4
  • 2
1 Solution
Probably you're talking about a Captive Portal...
Not sure if it can be done in that cisco model, lets see if others have any idea.
Not sure on that model Cisco, on the ones we have (1300 series) we would need a central appliance for that. You could set up free-radius on a Linux server, but the configuration is far from simple*
(I know that it is possible, but I have not managed to successfully create it. I am also not a Linux guy, so that may be the problem)
Aaron StreetInfrastructure ManagerAuthor Commented:
yer see I really dont know my wireless stuff. and like you hamare I am not a linux person.

there are loads of setings on the controler. and I can see the seting up a central radius server.

but there are also options for settign up local users for use with authentication to the SSID's but I havent got a clue how to do it.

At the moment I am just using a basic Per shared key on the SSID, but this means if I want to cahnge it it kicks every one off, and every one is using this same key for the connection.

What I am looking for is a way for every one to have the same log on authentication. but then have each connection use its own PSK for the session.

so it would be more secure, and changing the password could be doone with out people dropping the connection.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

A suggestion can be to use ZeroShell:


Extensive docs on how to setup RADIUS and Captive Portal through a nice and very easy web interface...
Definitely give it a try
Aaron StreetInfrastructure ManagerAuthor Commented:
Cheers guys, but does no one know if the 2106 has any of this built in. I will deffently be looking at that zeroshell stuff, looks very intresting
Aaron StreetInfrastructure ManagerAuthor Commented:
Ok so I got zero shell up and running :) nice litlte system and runs great on an old MAgnia SG20 box I have laying around!

next how do I  / Can I set this up.

This is for an open access network, for members of the public to connect to.

what my idea is that layer 2 wpa/802.1x security is transparrent to the user, no log on just the data gets encrypted securley. or with a simple username and password set on the radius server so that each conenction is secure,
at the moment every one uses the same PSK... waht I want is for there to be a single log on, but each connection has its own PSK given from radius server.

my question is, can i get the radius server to authenticate 802.1x, with out the need to install a certificate on the client PC/ laptops? as simpley as possible for the users.

this is a stand alone network for internet, and the zeroshell server is the only server on the network and will have to do all the work.

the trouble i see with captive portal is it dose not encrypt the layer two traffic? I will be looking at this next but I would like to get a good undersanding of the layer 2 part of wireless first. Also the captive poral bit looks a bit simpler :)

Any ideas ? or should I open a new questions on Radius servers?

Cheers for all the help guys
Aaron StreetInfrastructure ManagerAuthor Commented:
Zero shell is coolll!!!!!!!!!!! cheers, so much more than just sorted my wireless issue!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now