Configure Personal SSID Authentication

First, create a standard wireless network policy. For more information, see Configure the SSID for a Standard Wireless Network.

This task is part of the network policy configuration workflow. Use this task to configure the SSID AUTHENTICATION options for Personal SSID authentication.

  1. On the 2 Wireless page for the policy, select Personal SSID Authentication.

    This option requires all users to authenticate by entering the same pre-shared key.

  2. Choose one of the following Key Management options:
    • Select WPA3 (SAE) to negotiate using WPA3 with clients. If all the wireless clients support WPA3, it is a better choice than WPA2.
    • Select WPA2-(WPA2 Personal)-PSK to use WPA2 for key management.
    • Select WPA-PSK to use WPA for key management. WPA does not support PMK caching or pre-authentication, but if the clients were released before IEEE 802.11i was ratified and they support WPA (not WPA2), this option allows the Extreme Networks devices to support them.
    Note

    Note

    For more information, see Transition Mode Overview.
  3. Choose one of the following Method options:
    • HNP/H2E (default): Enable both Hunting and Pecking (HNP) and Hash to Element (H2E).
    • H2E: Set the H2E method as the privacy method for the WLAN on all radios (2.4 GHz, 5 GHz and 6 GHz). This option applies only to 6E capable devices (AP4000, AP5010, AP5020, AP5050, AP3000, and 11ax portfolio).
      Note

      Note

      Ensure that networks defined with the option H2E are assigned to configuration Profiles of supported devices (AP4000, AP5010, AP5020, AP5050, AP3000, and 11ax portfolio).
    • HNP: Set the HNP method as the privacy method for the WLAN on all radios (2.4 GHz, 5 GHz and 6 GHz).
  4. Select an Encryption Method.

    The Encryption Method for WPA3 and WPA2 is CCMP (AES). Counter Mode-Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses AES (Advanced Encryption Standard) encryption. CCMP provides message integrity by combining counter mode with CBC (cipher block chaining) to produce a MAC (message authentication code).

    Note

    Note

    When the SSID is configured for WPA3 (SAE), the encryption method is always set to 128-bit encryption.

    The Encryption Method for WPA-PSK is TKIP. Temporal Key Integrity Protocol (TKIP), uses RC4 as its cipher and provides a rekeying mechanism. TKIP ensures that every data packet is sent with a unique encryption key, which is a combination of an Interim Key/Temporal Key and a Packet Sequence Counter. TKIP provides more secure encryption than Wired Equivalent Privacy (WEP), and works on older or legacy WEP hardware with minor upgrades.

    Note

    Note

    ExtremeCloud‌ IQ supports TKIP only for AP3000, AP3000X, AP4000, AP5010, AP5050D, AP5050U models.
  5. For Key Value, enter the pre-shared key and Confirm it.

    The Key Typeis ASCII Key.

  6. Optional: To show the Key Value, select Show Password.
  7. Select SAVE.
9038986-00 Rev AA