Higher Education

We have an issue where users with iOS devices frequently find themselves attached to the open network when they should be on the WPA2 network. I suspect that this generally occurs shortly after the user changes their password and fails authentication on the WPA2 network. Our old password policy was to change passwords every 90 days so there were ample users who forgot to change all devices...

Management wants us to have the user prompted for their credentials on the WPA2 network and to not fail over to the open network. The best solution that I've found is to encourage the users to use Quickconnect to configure their device so that the profile takes precendence over the open network.

Has anyone else seen a similar issue and if so, how did you deal with it?

Our solutuiobn is basically the same as yours, but we currently use a different solution to create the profiles.

 

We direct all users to use our onboarding portsl to setup their devices for our 802.1X network.

 

If the device is not 802.1X capable, they are instructed to register the mac address for our non-802.1X network.

We had Aruba ClearPass engineering customize a QuickConnect profile for us that would:
1.) configure the open network in addition to the wpa2 network, but move it to secondary under the wpa2 network, and
2.) configure the open network with auto-join disabled

This fixed the issue you describe for iOS and OSX devices "service hopping" back to the open network after having been there before.

I've begged Aruba to bake in the above functionality into the online QuickConnect packaging tool, but they have yet to do so. Perhaps if you guess press them, too, they'll stop thinking this benefits only OSU. :)

- Ryan -