📘 CCNA 200-301 v1.1
5.10 Configure and verify WLAN within the GUI using WPA2 PSK
Topic Overview
This topic is about configuring and verifying a Wireless Local Area Network (WLAN) using a Graphical User Interface (GUI) and securing it with WPA2-PSK (Wi-Fi Protected Access 2 – Pre-Shared Key).
You must understand:
- What WLAN means
- What WPA2-PSK is
- How to configure a WLAN through a GUI
- How to verify the WLAN configuration
🔹 What is a WLAN?
A WLAN (Wireless Local Area Network) allows devices to connect to the network without physical cables, using Wi-Fi signals.
In a Cisco environment:
- WLANs are typically configured on wireless routers, access points (APs), or Wireless LAN Controllers (WLCs).
- The WLAN connects wireless clients (laptops, phones, tablets) to the wired network (LAN).
So, the WLAN acts as a bridge between the wired and wireless parts of the network.
🔹 Key WLAN Components
- SSID (Service Set Identifier)
- The name of the wireless network.
- Clients use this name to identify and connect to the Wi-Fi.
- Example: “Office_WLAN”.
- Security Mode
- Defines how the WLAN is protected.
- Common types: Open, WPA2-PSK, WPA3, or Enterprise (802.1X).
- Authentication Type
- PSK (Pre-Shared Key): Uses a shared password for all users.
- Enterprise (RADIUS): Uses usernames and passwords from a central authentication server.
- Encryption
- Defines how data is protected as it travels through the air.
- For WPA2, the encryption method is AES (Advanced Encryption Standard).
🔹 What is WPA2-PSK?
WPA2-PSK stands for Wi-Fi Protected Access 2 – Pre-Shared Key.
It’s one of the most common and secure wireless security methods for small or medium networks.
| Feature | Description |
|---|---|
| Type | Security protocol for wireless networks |
| Authentication | Based on a shared password (Pre-Shared Key) |
| Encryption | AES (Advanced Encryption Standard) |
| Strength | Strong security; widely used in enterprise and home networks |
| Configuration | Easy to set up, no need for a RADIUS server |
So, in WPA2-PSK, both the Access Point (AP) and clients use the same password to establish a secure connection.
🔹 Configuring a WLAN Using the GUI (Step-by-Step)
These steps apply generally to Cisco Wireless Routers or Access Points that are managed through a web interface (GUI).
You can log into the GUI by typing the device’s IP address into a web browser.
Step 1: Access the GUI
- Open a web browser on a connected computer.
- Enter the IP address of the router or access point (e.g.,
192.168.1.1). - Log in with the administrator username and password.
Step 2: Navigate to Wireless Settings
- In the main menu, go to:
- Wireless → Basic Settings or
- Wireless Setup → WLAN Configuration
This section allows you to create or modify WLANs.
Step 3: Create a New WLAN (SSID)
- Click Add New or Create WLAN.
- Enter:
- SSID Name: Example:
Office_WiFi - Network Mode: Choose
802.11b/g/nor802.11ac, depending on the router. - Broadcast SSID: Enable it so clients can see the SSID.
- SSID Name: Example:
Step 4: Configure Security (WPA2-PSK)
- Go to Security Settings or Wireless Security tab.
- Choose WPA2 Personal (this is the same as WPA2-PSK).
- Under Encryption Type, select AES.
- Enter the Pre-Shared Key (password), for example:
CCNAsecure2025. - Save the configuration.
Step 5: Save and Apply Settings
- Click Apply or Save Settings.
- The router or AP might reboot briefly to apply the configuration.
Step 6: Connect a Client Device
- On a laptop or phone, open Wi-Fi settings.
- Select the SSID (e.g.,
Office_WiFi). - Enter the pre-shared key (
CCNAsecure2025). - The device connects to the WLAN securely using WPA2 encryption.
🔹 Verifying WLAN Configuration
Once the WLAN is configured, you must verify that it’s working properly.
1. Verify SSID is Active
- In the GUI, check that your WLAN SSID is enabled.
- Status should show as Active or Up.
2. Verify Security Settings
- Go to Wireless Security Settings.
- Confirm:
- Security Mode: WPA2-PSK
- Encryption: AES
- Correct password is set
3. Verify Client Connection
- Go to Connected Devices or Wireless Clients in the GUI.
- You should see your client device listed with:
- MAC Address
- IP Address
- SSID it is connected to
- Signal Strength
4. Verify Network Connectivity
- From the connected client:
- Ping the router’s IP address (e.g.,
ping 192.168.1.1) — ensures layer 3 connectivity. - Ping an external IP (e.g.,
ping 8.8.8.8) — ensures internet access.
- Ping the router’s IP address (e.g.,
🔹 Key Configuration Points for CCNA Exam
| Configuration Element | Setting | Description |
|---|---|---|
| SSID | Network name | Identifies the WLAN |
| Security Mode | WPA2 Personal | Enables WPA2-PSK security |
| Encryption | AES | Encrypts wireless traffic |
| Password (PSK) | Shared secret | Must match on all clients |
| Status | Enabled | WLAN must be active and broadcast SSID |
🔹 Verifying Commands (CLI Reference)
Even though this section focuses on GUI, the CCNA exam expects you to know CLI equivalents too (for understanding).
| Purpose | Command |
|---|---|
| Show WLANs configured | show wlan summary |
| Show detailed WLAN info | show wlan <WLAN_ID> |
| Show connected clients | show client summary |
| Verify security settings | show wlan security <WLAN_ID> |
🔹 Common Troubleshooting Tips
| Problem | Possible Cause | Fix |
|---|---|---|
| Client cannot see SSID | SSID broadcast disabled | Enable SSID broadcast |
| Client cannot connect | Wrong PSK | Check and re-enter correct password |
| Connection drops frequently | Signal interference or low strength | Change wireless channel or position |
| Slow performance | Mismatched mode (e.g., 802.11b) | Use higher standard like 802.11n or ac |
✅ Summary
To configure and verify WLAN using WPA2-PSK in GUI, remember:
- Access the GUI (router or AP web interface).
- Create or edit a WLAN (SSID).
- Set security to WPA2 Personal (PSK) and use AES encryption.
- Enter a strong password (PSK).
- Save and apply the configuration.
- Verify SSID, security settings, and client connection.
- Ensure the client can connect and access the network successfully.
