Create a Standard Wireless Network configuration.
A PPSK is a unique pre-shared key assigned to a user rather than to an SSID. With
this approach, you can assign different PPSKs and user profiles to different users
on the same SSID. If a user is no longer permitted to use the WLAN or a wireless
client becomes lost, stolen, or compromised, you can revoke just that user's PPSK
without having to reconfigure the PPSKs on all the other clients. Use these steps to
configure Private Pre-Shared Key SSID authentication options.
Note
ExtremeCloud IQ Connect does not
support Private Pre-Shared Keys.
-
Choose one of the following Key Management
options:
- WPA3 (SAE) to negotiate using WPA3 with clients.
If all the wireless clients support WPA3, it is a better choice than
WPA2.
- WPA2-(WPA2 Personal)-PSK to use WPA2 for key
management. WPA2 supports PMK caching and pre-authentication, whereas
WPA does not.
- WPA-(WPA or Auto)-PSK) to use WPA for key
management. WPA does not support PMK caching or pre-authentication, but
if the clients were released before IEEE 802.11i was ratified and
support WPA (not WPA2), this option allows the Extreme Networks device
to support them.
- Auto-(WPA or WPA2)-PSK to negotiate the use of
WPA2 or WPA with clients based on the version they support.
-
For Encryption Method
(WPA or WPA2 only): Choose CCMP (AES).
CCMP (AES)
(Counter Mode-Cipher Block Chaining Message Authentication Code Protocol) is a
security protocol that uses AES (Advanced Encryption Standard) encryption. CCMP
provides message integrity by combining counter mode with CBC (cipher block
chaining) to produce a MAC.
Note
When the wireless network (SSID) is configured for WPA3 (SAE), the
encryption method is always set to 128-bit encryption.
-
Enter the maximum number of
simultaneous clients allowed for each PPSK user, from 1 through 15, or 0 for an
unlimited number.
Note
Setting the maximum number
of clients per PPSK in the user group to a custom (non-zero) value overrides
this setting in the SSID.
-
If necessary, select
MAC binding.
When you enable this option, an
Extreme Networks AP functions as a PPSK server and automatically binds MAC
addresses to PPSKs. When the first client authenticates with a PPSK, the PPSK
server creates an internal MAC address-to-PPSK binding list for it. If a second
client authenticates with the same PPSK, the server automatically binds its MAC
address to the PPSK and adds it to the list—if allowed by the configuration. You
can configure a PPSK server to bind up to five MAC addresses to one PPSK so
users can submit the same PPSK for all their smart phones, tablets, PCs, and
other clients.
-
Choose an Extreme
Networks AP from the list to define it as a PPSK server.
A PPSK server stores
PPSK users, binds multiple client MAC addresses to a PPSK, and
automatically updates and tracks PPSK-to-MAC address bindings. It must
be an AP that is at the network policy's site. Extreme Networks APs
(PPSK authenticators) at the same site contact this server when checking
and requesting a user-submitted PPSK binding to the user's client MAC
address.
Note
Only
APs that you previously configured with static network settings
appear in the PPSK server list.
-
To configure Private Client Group Options, see Configure a Private Client Group.
-
Select PPSK Classification
Options to use this network policy with associated Local User
Groups.
Continue configuring the standard wireless network.