Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

WPA2(PSK) vs WPA2(802.1X)


Can some one help me regarding those 2 authentication mode?

What is the difference?

I need a ssid for smal scanner in my logistic center, what should i use, and why?

ALos, where can i find the detail of this configuration in my WLC5508?

Tx for all your answers.


VIP Purple

WPA2(PSK) vs WPA2(802.1X)

HI ;

By default, WPA1 uses Temporal Key Integrity Protocol (TKIP) and       message integrity check (MIC) for data protection. WPA2 uses the stronger       Advanced Encryption Standard encryption.

This is the 5508 WLC configuration guide:


Dont forget to rate helpful posts

Hall of Fame Super Silver

Re: WPA2(PSK) vs WPA2(802.1X)

WPA2(PSK) uses a preshared key
WPA2(802.1x) requires a radius server and a certificate at least in the radius side.

802.1x is more secure since you can authenticate back to active directory for example. There are a few types of 802.1x or shall we say EAP authentication methods.

Here are some of the most used

PEAP-uses AD user domain credentials and requires certificate on the radius side

Machine Authentication-uses computer credentials and also requires certificate on the radius side

EAP-TLS-uses a certificate on the client or device end along with a certificate on the radius server side.

PSK once the preshared key gets compromised, is hard to change on the client/device end. 802.1x since it ties to AD via credentials or certificate, makes it more flexible to add or remove users.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***
VIP Purple

Re: WPA2(PSK) vs WPA2(802.1X)

If it is manageble number of devices then use WPA2/AES with PSK as it is less complex.

Here is an simple configuration example shown for WPA2/AES-PSK WLAN on your controller using CLI (you need to SSH to controller & then execute this). I have used WLAN ID as 5 & name as "Scanner" with dynamic interface name of your controller as "vlan5". PSK used as "Cisco123" as example. You need to define dynamic interface first & that vlan should be permitted across your WLC-SWITCH trunk link.

config wlan create 5 Scanner Scanner

config wlan interface 5 vlan5

config wlan security wpa akm 802.1x disable 5

config wlan security wpa akm psk enable 5   

config wlan security wpa akm psk set-key ascii Cisco123 5

config wlan enable 5

You can refer this config guide for more details about WLAN configuration



**** Pls rate all useful responses ****

CreatePlease to create content