Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add Server group Configuration->Security->Authentication-> Severs->Server Group: Add 802.1x Authentication Configuration->All Profiles->Wireless LAN-> 802.1x Authentication Profile: Add AAA Configuration->All Profiles-> Wireless LAN->AAA Profile: Add SSID Configuration->All Profiles-> Wireless LAN->SSID Profile: Add Virtual AP Configuration->All Profiles-> Wireless LAN->Virtual AP profile: Add VLAN Configuration->Network->VLANs: Add AP Group Configuration-> AP Configuration: New AP system profile Configuration->All Profiles->AP-> AP System Profile: Add Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group Configuration->AP Configuration: : Edit Define Authentication Server Configuration->Security->Authentication-> Severs: : Add WPA Configuration Example WebUI

Firewall policies ip access-list session "EmployeeAccess" any any any permit queue low User role user role Employee access-list session EmployeeAccess Server group aaa server-group EmployeeRADIUS auth-server RADIUS x Authentication aaa authentication dot1x EmployeeDot1x termination eap-type eap-peap AAA aaa profile Employee_AAA dot1x-default-role logon authentication-dot1x EmployeeDot1x SSID wlan ssid-profile Employee_SSID essid “corp” opmode wpa2-aes Virtual AP wlan virtual-ap Employee_VAP aaa-profile Employee_AAA ssid-profile Employee_SSID vlan 200 forward-mode tunnel VLAN vlan 200 AP Group ap-group Sunnyvale_APs AP system profile ap system-profile Sunnyvale_APs lms-ip bkup-lms-ip Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group ap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile Define Authentication Server aaa authentication-server RADIUS01... WPA Configuration Example CLI

Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add Server group Configuration->Security->Authentication-> Severs->Server Group: Add Captive Portal Authentication Configuration->All Profiles->Wireless LAN-> Captive Portal Authentication Profile: Add +Server Group == AAA Configuration->All Profiles-> Wireless LAN->AAA Profile: Add SSID Configuration->All Profiles-> Wireless LAN->SSID Profile: Add Virtual AP Configuration->All Profiles-> Wireless LAN->Virtual AP profile: Add VLAN Configuration->Network->VLANs: Add AP Group Configuration-> AP Configuration: New AP system profile Configuration->All Profiles->AP-> AP System Profile: Add Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group Configuration->AP Configuration: : Edit Define Authentication Server Configuration->Security->Authentication-> Severs: : Add Captive Portal Configuration Example WebUI Assign Captive Portal Profile Configuration->Security->Access Control-> User Roles: : Edit

Firewall policies ip access-list session ”GuestAccess" any any any permit queue low User role User-role guest access-list session GuestAccess Server group aaa server-group GuestAuthServers auth-server GuestAuthServer Captive Portal Authentication aaa authentication captive-portal GuestCP server-group “internal” AAA aaa profile Guest_AAA initial-role logon SSID wlan ssid-profile Guest_SSID essid “guest” opmode opensystem Virtual AP wlan virtual-ap Guest_VAP aaa-profile Guest_AAA ssid-profile Guest_SSID vlan 900 forward-mode tunnel VLAN vlan 900 AP Group ap-group Sunnyvale_APs AP system profile ap system-profile Sunnyvale_APs lms-ip bkup-lms-ip Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group ap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile Define Authentication Server aaa authentication-server GuestAuthServer... Captive Portal Configuration Example CLI Assign Captive Portal Profile User-role guest captive-portal GuestCP

Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add SSID Configuration->All Profiles-> Wireless LAN->SSID Profile: Add Virtual AP Configuration->All Profiles-> Wireless LAN->Virtual AP profile: Add VLAN Configuration->Network->VLANs: Add AP Group Configuration-> AP Configuration: New AP system profile Configuration->All Profiles->AP-> AP System Profile: Add Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group Configuration->AP Configuration: : Edit WEP Configuration Example WebUI

Firewall policies ip access-list session "EmployeeAccess" any any any permit queue low User role user role Employee access-list session EmployeeAccess SSID wlan ssid-profile WEP_SSID wepkey1 deadbeef99 opmode static-wep Virtual AP wlan virtual-ap WEP_VAP ssid-profile WEP_SSID vlan 210 forward-mode tunnel VLAN vlan 200 AP Group ap-group Sunnyvale_APs AP system profile ap system-profile Sunnyvale_APs lms-ip bkup-lms-ip Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group ap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile WEP Configuration Example CLI