WPA2(PSK) uses a preshared key
WPA2(802.1x) requires a radius server and a certificate at least in the radius side.

802.1x is more secure since you can authenticate back to active directory for example. There are a few types of 802.1x or shall we say EAP authentication methods.

Here are some of the most used

PEAP-uses AD user domain credentials and requires certificate on the radius side

Machine Authentication-uses computer credentials and also requires certificate on the radius side

EAP-TLS-uses a certificate on the client or device end along with a certificate on the radius server side.

PSK once the preshared key gets compromised, is hard to change on the client/device end. 802.1x since it ties to AD via credentials or certificate, makes it more flexible to add or remove users.

Sent from Cisco Technical Support iPhone App

If it is manageble number of devices then use WPA2/AES with PSK as it is less complex.

Here is an simple configuration example shown for WPA2/AES-PSK WLAN on your controller using CLI (you need to SSH to controller & then execute this). I have used WLAN ID as 5 & name as "Scanner" with dynamic interface name of your controller as "vlan5". PSK used as "Cisco123" as example. You need to define dynamic interface first & that vlan should be permitted across your WLC-SWITCH trunk link.

config wlan create 5 Scanner Scanner

config wlan interface 5 vlan5

config wlan security wpa akm 802.1x disable 5

config wlan security wpa akm psk enable 5   

config wlan security wpa akm psk set-key ascii Cisco123 5

config wlan enable 5

You can refer this config guide for more details about WLAN configuration

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_01000110.html

HTH

Rasika

**** Pls rate all useful responses ****