About SSID Usage in Standard Wireless Networks

SSID Authentication

SSID Authentication offers the following types of access security methods:

• Enterprise WPA/WPA2/WPA3 requires users to authenticate by entering a user name and password, validated against a RADIUS server. Only WPA3 is supported for 6 GHz devices. See Configure Enterprise SSID Authentication.
• Personal WPA/WPA2/WPA3 requires users to enter a shared PPSK to authenticate. Only Personal WPA3 is supported for 6 GHz devices. See Configure Personal SSID Authentication.
• Private Pre-Shared Key requires users to authenticate by entering a PPSK unique to each user (not available for 6 GHz). See Configure Private Pre-Shared Key SSID Authentication.
• OPEN (not available for 6 GHz) or Enhanced Open does not require users to use any form of authentication, but can direct them to a captive web portal before they are allowed to access other network resources. Enhanced Open is available only for 6 GHz devices.

MAC Authentication

In Extreme Networks, MAC authentication works by checking a client MAC address against a RADIUS server. The RADIUS server, or an external database with which the RADIUS server communicates, must have an entry with the client MAC address as both user name and password. If the client MAC address matches the entry, it is authenticated, and the AP allows it to access the network as determined by the user profile.

MAC authentication can provide an additional or sole means of authentication. If an SSID employs MAC authentication with another type of access control—PPSK or a captive web portal—MAC authentication occurs first. If it is successful, the AP continues with the rest of the authentication procedure. Otherwise, the authentication process stops, the AP denies network access to the client, and the AP disassociates the client. If you enable MAC authentication and use an open SSID, then MAC authentication becomes the sole means of access control. See Configure MAC Authentication.