User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
Table 60: WLAN Service Configuration Settings (continued)
Field Description
AuthType Define the authorization type. Valid values are:
• Open —Anyone is authorized to use the network. This
authorization type has no encryption. The Default Auth role
is the only supported policy role.
• OWE — Opportunistic Wireless Encryption (OWE) oers
security to open networks, ensuring that trac between an
AP and a client is encrypted. Other clients can sni and
record trac, but cannot decrypt it.
• WEP — Static Wired Equivalent Privacy (WEP) oers keys
for a selected network, that match the WEP mechanism
used on the rest of the network. Each AP can participate in
up to 50 networks. Specify one WEP key per network. This
option is oered to support legacy APs. See Privacy
Settings for WEP on page 228.
• WPA2 with PSK — Network access is allowed to any client
that knows the pre-shared key (PSK). All data between the
client and the AP is AES encrypted using the shared secret.
Privacy is based on the IEEE standard, and privacy settings
are editable. If MAC-based authentication (MBA) is enabled,
you can assign dierent roles to dierent devices with a
PSK because MBA distinguishes between dierent devices.
If MBA is not enabled, then devices with a PSK use the
Default Auth role only. See Privacy Settings for WPA2 with
PSK on page 226.
• WPA2 Enterprise w/ RADIUS — Supports 802.1X
authentication with a RADIUS server, using AES encryption.
This method can be used with client certificate-based
authentication (EAP-TLS). All 802.1X protocols are
supported.
Two-stage authentication is supported oering a
combination of MAC-Based (MBA) authentication and
WPA2-Enterprise (802.1x/EAP). The wireless client is first
authenticated using MBA and then, in stage 2, the client
authenticates with WPA2-Enterprise (802.1x/EAP).
Note: Captive Portal is not supported when using WPA2
Enterprise w/ RADIUS. An exception is Centralized Web
Authentication (CWA). CWA captive portal supports WPA2
Enterprise w/ RADIUS.
See Privacy Settings for WPA2 Enterprise with RADIUS on
page 227.
• WPA3 - Personal with SAE — 128-bit encryption.WPA3 uses
a pre-shared key (PSK) and Simultaneous Authentication of
Equals (SAE). WPA3 oers an augmented handshake and
protection against future password compromises. See
Privacy Settings for WPA3 with SAE on page 225.
• WPA3-Compatibility — Option for mixed deployments of
802.11ax APs and older AP models. If the network is
configured with WPA3-Compatibility (SAE or WPA2 PSK
authentication), 802.11ax APs running ExtremeWireless
WLAN Service Settings
Configure
222 Extreme Campus Controller User Guide for version 5.46.03