This task is part of the network policy configuration workflow. Use this task to configure the SSID AUTHENTICATION options for Personal SSID authentication.
- On the 2 Wireless page for the policy, select Personal SSID Authentication.
This option requires all users to authenticate by entering the same pre-shared key.
- Choose one of the following Key Management options:
- Select WPA3 (SAE) to negotiate using WPA3 with clients. If all the wireless clients support WPA3, it is a better choice than WPA2.
- Select WPA2-(WPA2 Personal)-PSK to use WPA2 for key management.
- Select WPA-PSK to use WPA for key management. WPA does not support PMK caching or pre-authentication, but if the clients were released before IEEE 802.11i was ratified and they support WPA (not WPA2), this option allows the Extreme Networks devices to support them.
- Choose one of the following Method options:
- HNP/H2E (default): Enable both Hunting and Pecking (HNP) and Hash to Element (H2E).
- H2E: Set the H2E method as the privacy method for the WLAN on all radios (2.4 GHz, 5 GHz and 6 GHz). This option applies only to 6E capable devices (AP4000, AP5010, AP5020, AP5050, AP3000, and 11ax portfolio).
Note
Ensure that networks defined with the option
H2E are assigned to configuration Profiles of supported devices (AP4000, AP5010, AP5020, AP5050, AP3000, and 11ax portfolio).
- HNP: Set the HNP method as the privacy method for the WLAN on all radios (2.4 GHz, 5 GHz and 6 GHz).
- Select the Enable
AKM-24 (Wi-Fi 7
Only) checkbox to ensure compatibility and compliance
with 802.11be.
Note
Applies only to AP4020
, AP4060, and AP5020 devices.
- Select an Encryption Method.
Encryption methods for WPA3 and WPA2
include:
- CCMP
(AES): Counter Mode-Cipher Block Chaining Message
Authentication Code Protocol (CCMP) uses AES (Advanced Encryption
Standard) encryption. CCMP provides message integrity by combining
counter mode with CBC (cipher block chaining) to produce a MAC
(message authentication code).
- CCMP (AES)/GCMP256: Supports both encryption
protocols. Allows the network to dynamically select the strongest
encryption method supported by the client. This ensures maximum
compatibility while offering strong security. Ideal for mixed
environments with both legacy and modern devices.
- GCMP256: Galois/Counter Mode Protocol with
256-bit keys is an advanced encryption algorithm that uses 256-bit
AES-GCMP encryption. GCMP256 offers stronger encryption and better
performance in high-security wireless networks, particularly in
WPA3-Enterprise (192-bit mode). GCMP256 provides message integrity
by using a GMAC (Galois Message Authentication Code).
The Encryption Method for WPA-PSK is TKIP. Temporal Key Integrity Protocol (TKIP), uses RC4 as its cipher and provides a rekeying mechanism. TKIP ensures that every data packet is sent with a unique encryption key, which is a combination of an Interim Key/Temporal Key and a Packet Sequence Counter. TKIP provides more secure encryption than Wired Equivalent Privacy (WEP), and works on older or legacy WEP hardware with minor upgrades.
Note
ExtremeCloud IQ supports TKIP only for AP3000, AP3000X, AP4000, AP5010, AP5050D, AP5050U models.
-
Select an SAE Group.
-
Toggle Transition Mode if Applicable on.
Note
When enabled with 6 GHz: PMF is optional for 2.4 GHz
and 5 GHz, but mandatory for 6 GHz. Requires IQ Engine version 10.8r4 or
higher.
For more information, see Transition Mode Overview.
- For Key Value, enter the pre-shared key and Confirm it.
The Key Typeis ASCII Key.
- Optional: To show the Key Value, select Show Password.
- Select SAVE.
