1. Configure the external auth-server or internal-db
2. Create a server group and assign the configured auth-server to it.
3. Create a dot1x profile and configure the required dot1x parameters (EAP-Offload, Key rotation, re-auth, etc)
4. Create a AAA profile and assign the dot1x profile and dot1x server-groups created in Step 2 and 3.
5. Create an AP Group and Virtual AP
6. Assign the AAA to the Virtual AP
7. Configure the SSID profile with the SSID and required operations mode and authentication (etc.) to use with dot1x... and other parameters.
802.1x Configuration Example WPA2-AES
Step 1 - Configure a Server :
Step 3 - Configure the AAA Profile to use dot1x
Step 4 - Configure L2 dot1x Profile:
Step 5 Create an AP Group and Virtual AP:
Step 6 Assign the AAA Profile to the VAP
Step 7 Configure SSID to WPA2-AES
A better solution than PSK is to use dynamic keys. Here, dynamic keys are used to provide te greatest level of security.