Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

6.10. WLAN WPA2 PSK Configuration

💡 First Principle: A secure SSID means nothing if you configure it wrong. Selecting WPA2 sounds good, but choosing TKIP instead of AES undermines the security. Think of it like putting a deadbolt on your door but leaving the window open—the appearance of security without the substance.

What happens when WPA2 PSK is misconfigured: Imagine you create a "Corporate" SSID with WPA2, but select TKIP encryption (for "compatibility"). TKIP has known vulnerabilities—attackers can inject packets and potentially recover the key. Your "secure" network is now breakable. Or you forget to map the WLAN to the correct VLAN, and corporate laptops end up in the guest segment with no access to internal resources and exposure to untrusted guests.

Consider this exam scenario: You'll see GUI screenshots asking "which setting is wrong?" Knowing that AES is required (not TKIP), that PSK requires a pre-shared key field, and that VLANs must be mapped correctly lets you spot the error immediately.

WLAN Creation Workflow:

  1. Create the WLAN: Navigate to WLANs → Create New

    • Assign a Profile Name (internal identifier)
    • Set the SSID (what users see when scanning)
    • Select a WLAN ID (1-512)

  2. Configure Security: Security tab

    • Layer 2 Security: WPA+WPA2
    • WPA2 Policy: Enabled
    • WPA2 Encryption: AES (not TKIP!)
    • Auth Key Mgmt: PSK
    • Pre-Shared Key: Enter the password (minimum 8 characters, ideally 20+)

  3. Map to VLAN: General tab → Interface/Interface Group

    • Associates wireless traffic with a specific VLAN
    • Guest WLAN → Guest VLAN, Corporate WLAN → Employee VLAN

  4. Enable the WLAN: Status → Enabled

    • Until enabled, the SSID won't broadcast
Common Configuration Mistakes:
  • Forgetting to enable the WLAN after creation
  • Using TKIP instead of AES (weaker encryption)
  • Not mapping to the correct interface/VLAN
  • Setting a weak or obvious PSK

What happens with wrong VLAN mapping: Users connect successfully but can't reach expected resources. They get IP addresses from the wrong DHCP scope. Always verify the interface mapping matches your VLAN design.