Can be configured to use any of the RADIUS / NPS configurations. If you Tell it to use PEAP with MSCHAPv2 it does. But if you Authorize by Certificate it will also authenticate you to that network. The control goes via your NPS Service.
First we start with the Guest Network.
Go to your Master Controller IP Address, log in and Create a New SSID
Provide the VLAN for the Guest VLAN. Note, it's only going work after you configure the Cisco Switch VLAN 500.
Select WPA2 Personal and provide it with a password.
The network can be unrestricted, if you configure the GUEST VLAN 500 on your Firewall and making sure it cannot access the Internal Domain Servers and Clients, except for HTTP / HTTPS / DNS
Click Finish. You've created your WiFi Guest Network. It's not operational yet, unless you've specified a VLAN that is allready active on the switches and internet is arranged via NAT and Static Routes.
WPA2 Enterprise is a Different thing. Please note, that the network you're about to configure, cannot be used untill this complete blog has been followed through.
WPA2 Enterprise Aruba Setup
Create a new SSID for Employees
Assign the VLANS to be used with the Network.
In this case we're going to configure the following VLANS on the Cisco Switch (as must be done on the Zyxel PoE Switch) for the following ones:
Whereas 200-204 will be the client VLAN.
It can be seperated with 200-204, 250, 300-304 till a certain maximum of characters.
Configure the NPV_SRV1 by clicking Edit beneath the WPA-2 Enterprise (not you can specify two servers there).
If you're not sure how to configure this, trust on my configuration.
The Network is to be meant Unrestricted. As said, you can configure this on your Firewall, but also on your Switches.
I'm not going in depth on configuring the Firewall - or Switch Firewall, so you have to find a way for that yourself.
Click Finish and your network is created, but not operational Yet. Please note.