User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
◦ Required. Requires all devices use PMF format. This could result in older devices not connecting.
PMF is enabled by default.
• Input Method. Enter the PSK in String or HEX:
◦ String value — Supports a PSK of 1-63 characters
◦ HEX value — Supports a PSK of exactly 64 characters and must contain HEX digits only.
• WPA2Key. The password to access this wireless network.
Related Topics
WLAN Service Settings on page 221
Privacy Settings for WPA2 Enterprise with RADIUS
WPA2 Enterprise w/ RADIUS — Supports 802.1X authentication with a RADIUS server, using AES
encryption. This is the highest level of network security, particularly when used in conjunction with
client certificate-based authentication (EAP-TLS). All 802.1X protocols are supported.
Two-stage authentication is supported oering a combination of MAC-Based (MBA) authentication and
WPA2-Enterprise (802.1x/EAP). The wireless client is first authenticated using MBA and then, in stage 2,
the client authenticates with WPA2-Enterprise (802.1x/EAP).The wireless client is first authenticated
using MBA and then, in stage 2, the client authenticates with WPA2-Enterprise (802.1x/EAP). Wireless
devices must pass both MBA and WPA2-Enterprise before they are allowed access to the network. After
passing 2-staged authentication, the wireless client is fully authenticated and assigned a policy role as
provisioned by the administrator. If either part of the two-staged authentication process fails, the client
is disconnected from the network, and the client must attempt MBA authentication again.
Note
Captive Portal is not supported when using WPA2 Enterprise w/ RADIUS. An exception is
Centralized Web Authentication (CWA). CWA captive portal supports WPA2 Enterprise w/
RADIUS.
Configure the following privacy settings:
• TKIP-CCMP — Select this option to use Temporal Key Integrity Protocol (TKIP) and Counter Mode
with Cipher Block Chaining Message Authentication Code Protocol (CCMP). Best Practice: TKIP
encryption is considered to be a less secure means of communication. An industry best practice is to
use a more secure option for network privacy.
• Protected Management Frames — Management Frames are the signaling packets used in the 802.11
wireless standard to allow a device to negotiate with an AP. PMF adds an integrity check to control
packets being sent between the client and the access point. Valid values are:
◦ Enabled. Supports PMF format but does not require it.
◦ Disabled. Does not address PMF format. Clients connect regardless of format.
◦ Required. Requires all devices use PMF format. This could result in older devices not connecting.
PMF is enabled by default.
Configure
WLAN Service Settings
Extreme Campus Controller User Guide for version 5.46.03 227