WPAv2 PSK and WPAv2-Enterprise Authentication

WPAv2 PSK and WPAv2-Enterprise with RADIUS authentication provides privacy based on the IEEE standard. The privacy settings are editable for both methods.

WPAv2 PSK

Access is allowed to any client that knows the pre-shared key. All data exchanged between the client and the AP will be AES encrypted from keys using the common, shared secret.

If MAC-based authentication (MBA) is also enabled, you can assign different roles to different devices with PSK because MBA can distinguish between different devices. If MBA is not enabled, then devices with PSK use the Default Unauth role only.

WPAv2-Enterprise with RADIUS

This method supports 802.1x authentication with a RADIUS server, using AES encryption. This is the highest degree of security for networking, particularly when used in conjunction with client certificate-based authentication (EAP-TLS). All 802.1x protocols are supported.

Although a RADIUS server is not required to use ExtremeCloud, you can configure site localized (reachable) RADIUS settings for 802.1x services. Users in the branch will authenticate with local authentication servers. Access control, roles and policy are enforced by the AP based on the RADIUS responses.

RADIUS servers can be configured to provide authentication or MAC-based authentication.