Configure Private Pre-Shared Key SSID Authentication

First, create a standard wireless network policy. For more information, see Configure the SSID for a Standard Wireless Network.

A PPSK is a unique pre-shared key assigned to a user rather than to an SSID. With this approach, you can assign different PPSKs and user profiles to different users on the same SSID. If a user is no longer permitted to use the WLAN or a wireless client becomes lost, stolen, or compromised, you can revoke just that user's PPSK without having to reconfigure the PPSKs on all the other clients.

Note

Note

ExtremeCloud IQ Connect does not support Private Pre-Shared Keys.

This task is part of the network policy configuration workflow. Use this task to configure Private Pre-Shared Key SSID authentication options.

  1. On the 2 Wireless page for the policy, under SSID Usage, select Private Pre-Shared Key.

    Private Pre-Shared Key SSID authentication uses WPA2-(WPA2 Personal)-PSK for Key Management.

    The Encryption Method for WPA2-(WPA2 Personal)-PSK is CCMP (AES). Counter Mode-Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses AES (Advanced Encryption Standard) encryption. CCMP provides message integrity by combining counter mode with CBC (cipher block chaining) to produce a MAC (message authentication code).

  2. Select Set the maximum number of clients per private PSK, and then type the maximum number of simultaneous clients allowed for each PPSK user. (Range: 1 through 15, or type 0 for an unlimited number.)
    Note

    Note

    Setting the maximum number of clients per PPSK in the user group to a custom (non-zero) value overrides this setting in the SSID.
  3. Select MAC binding, and then select an Extreme Networks AP from the menu to define it as a PPSK server.

    When you enable this option, an Extreme Networks AP functions as a PPSK server and automatically binds MAC addresses to PPSKs. When the first client authenticates with a PPSK, the PPSK server creates an internal MAC address-to-PPSK binding list for it. If a second client authenticates with the same PPSK, the server automatically binds its MAC address to the PPSK and adds it to the list—if allowed by the configuration. You can configure a PPSK server to bind up to five MAC addresses to one PPSK so users can submit the same PPSK for all their smart phones, tablets, PCs, and other clients.

    Note

    Note

    Only APs that you previously configured with static network settings appear in the PPSK server list.

    A PPSK server stores PPSK users, binds multiple client MAC addresses to a PPSK, and automatically updates and tracks PPSK-to-MAC address bindings. The AP must be at the site location defined in the network policy. Extreme Networks APs (PPSK authenticators) at the same site contact this server when checking and requesting a user-submitted PPSK binding to the client MAC address.

  4. To configure Private Client Group Options, see Configure Private Client Group Options.
  5. Select PPSK Classification Options to use this network policy with associated local user groups.
    See Add a User Group for more information.