Configure a Standard Wireless Network (SSID)

About this task

A network policy can include one or more wireless networks, commonly referred to as SSIDs. A wireless network SSID is an alphanumeric string that identifies a set of authentication and encryption services that wireless clients and access point devices use when communicating with each other. This topic describes how to configure a standard-access wireless network.

Procedure

  1. Select the plus sign below the Wireless Networks heading.
  2. Select All other Networks (standard) from the drop-down.
  3. Enter a name for the wireless network SSID.
    ExtremeCloud IQ and IQ Engine use this name to group all the settings related to this wireless network, such as required and optional data rates, DoS policies, MAC filters, and the broadcast SSID.
  4. Enter a broadcast name for this wireless network, or accept the one automatically derived from the SSID name.
    Clients discover this broadcast name from beacons and probe responses.
  5. Select SSID radio broadcast bands:
    • WiFi0 Radio (2.4 GHz or 5 GHz): Broadcast the SSID based on the configuration of the WiFi0 radio.
    • WiFi1 Radio (5 GHz only): Broadcast the SSID on the WiFi1 radio operating in the 5 GHz band. Most Extreme Networks devices have two radios: radio 1 is bound to WiFi 0 and radio 2 is bound to WiFi1. Radio 1 generally operates in the 2.4 GHz band but can also operate in the 5 GHz band on some models. Radio 2 operates in the 5 GHz band.
      Note

      Note

      Mapping an SSID to both radio types is a good approach if the devices need to work with some wireless clients that only support 802.11n/b/g, and others that only support 802.11ac/n/a/ac/x. In this case, both WiFi0 and WiFi1 must be in access mode or dual mode. If hive members need to support wireless backhaul communications with each other and you want both interfaces to provide client access, then one of the wireless interfaces must be able to provide both access and backhaul links.
    • WiFi2 Radio (6 GHz only): This option currently supports only Enterprise WPA3, Personal WPA3, and Open Enhanced. When you select this check box, a message reminds you that you will only be able to access the items available for 6 GHz.
  6. Select an SSID Authentication method and complete the fields.
    • Select Enterprise WPA/WPA2/WPA3 to require users to authenticate by entering a user name and password, and validating against a RADIUS server. Only WPA3 is supported for 6 GHz devices. See Configure Enterprise SSID Authentication.
    • Select Personal WPA/WPA2/WPA3 to require users to enter a shared PPSK to authenticate. Only Personal WPA3 is supported for 6 GHz devices. See Configure Personal SSID Authentication.
    • Select Private Pre-Shared Key to require users to authenticate by entering a PPSK unique to each user (not available for 6 GHz). See Configure Private Pre-Shared Key SSID Authentication.
    • Select WEP to require users to use EAP/802.1X for user authentication and two keys for encryption; one for multicast traffic and another for unicast traffic (not available for 6 GHz) See Configure WEP SSID Authentication.
    • Select Open (not available for 6 GHz) or Enhanced Open so users do not use any form of authentication, but can be directed to a captive web portal before they are allowed to access other network resources. Enhanced Open is available only for 6 GHz devices. If you select open authentication and need to create a captive web portal, complete Steps 7 - 11 below. Otherwise, proceed to Step 12.
  7. Select On to enable a captive web portal for this wireless network.
    This option requires users to register before they are assigned user profile settings for network access beyond their associated device. (Not available for 6 GHz.)
  8. Select an existing captive web portal, or select Add to create a new one.
  9. Enter a name for the captive web portal.
  10. Customize and preview your login page, authentication method, and optional success and failure pages as described in Customize and Preview Device-based Captive Web Portal Settings.
  11. Import, upload, and remove login page files, and optional success and failure page HTML files in an admin-defined directory as described in Import Captive Web Portal HTML Files.
  12. If you intend to use MAC Authentication, see Configure MAC Authentication.
  13. If you intend to authenticate via RADIUS servers, either select an existing Default RADIUS Server Group from the current list or select the plus sign to add a new group.
    See Configure RADIUS Server Settings to add a wireless network (SSID)-specific RADIUS object. See Configure External RADIUS Server Settings to add an external RADIUS common object.
  14. If you intend to authenticate via user groups (Enterprise only), turn on Authentication with ExtremeCloud IQ Authentication Service.
  15. Either select an existing User group from the current list or select the plus sign to add a new group.
    See Add a User Group.
  16. Either use the existing Default User Profile from the current display or select the plus sign to add a new profile.
    See Add a User Profile.
  17. To customize the SSID Availability Schedule, select the Restrict the availability of this SSID to selected schedules check box to enable SSID schedules.
  18. Select Customize.
    To create a new schedule, see Configure Availability Schedule Settings.
  19. To customize Advanced Access Security Controls, see Customize Advanced Access Security Settings.
  20. To customize Optional Settings, see Customize Wireless Network Optional Settings.
    (Not available for 6 GHz).
  21. Turn Client Monitor On (default) to enable a device to detect client issues, and report client connection activities and problems to ExtremeCloud IQ.
  22. Select Save.

What to do next

Continue configuring your network policy.