Configure Enterprise SSID Authentication

Before you begin

Create a standard wireless network policy. For more information, see About SSIDs.

About this task

Use these steps to configure Enterprise SSID authentication options.

Procedure

  1. Select Enterprise-802.1X.
    This requires users to authenticate themselves by entering a user name and password, which are checked against a RADIUS authentication server.
  2. Select the required Key Management and Encryption Method options from their respective drop-down menus or leave them at the default values.
    Key Management options:
    • WPA3-802.1X uses 192-bit encryption, and simultaneous authentication of equals (SAE) instead of PSK exchanges. If all wireless clients support WPA3, it is a better choice than WPA2.
    • WPA2-802.1X supports PMK caching and preauthentication (WPA does not). If the wireless clients support WPA2, it is the better choice over WPA, and is the default.
    • WPA-802.1X does not support PMK caching or preauthentication. However, if you know that all the clients that are going to use this SSID were released before IEEE 802.11i was ratified in 2004 and only support WPA (not WPA2), this option allows the Extreme Networks devices to support them.
    • Choose Auto-(WPA or WPA2) 802.1X to negotiate the use of WPA2 or WPA with clients based on which version they support.
    For Encryption Method Option:
    CCMP (AES) (Counter Mode-Cipher Block Chaining Message Authentication Code Protocol) uses AES (Advanced Encryption Standard) encryption. CCMP provides message integrity by combining counter mode with CBC (cipher block chaining) to produce a MAC (message authentication code).