Security

Reply
Frequent Contributor I

OnBoard Single SSID vs Two SSID Provisioning

I am trying to come up with the pro/cons of using a single SSID for provisioning/provisioned devices vs using two SSIDs (open network for provisioning and 802.1X network for provisioned devices).  

 

As I see it, with the single SSID, you have the issue of manually configuring non-domain Windows laptops for 802.1X prior to OnBoarding.  Other devices (Macs, iOS, Android) are easier to handle.  

 

Using two SSIDs solves that problem but I am wondering if it will introduce any others?  Will OnBoarded devices automatically switch over to the provisioned network after OnBoarding?   Is there anything else I need to take into account?

 

Guru Elite

Re: OnBoard Single SSID vs Two SSID Provisioning

Xdrewpjx,

On boarding from a second SSID like from a link on a guest network makes things much easier for your users that do not know how to connect to a 802.1x in the first place. That is an excellent strategy.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: OnBoard Single SSID vs Two SSID Provisioning

And yes - the onboarding process adds the second ssid to the device and switches them over as the last stage.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor I

Re: OnBoard Single SSID vs Two SSID Provisioning

Thanks!  I figured as much.  I just wanted to make sure there were no other caveats associated with this design.  

Super Contributor II

Re: OnBoard Single SSID vs Two SSID Provisioning

We did the two SSID method.

 

We built a Captive Portal that has a bunch of menu options for our users to select.

Connect to the SSID and what not.

 

You can also provide them with an XML file and a small batch script that will automatically configure their Windows laptops for 802.1x authentication.

 

Wrap it all in an SFX archive and have the archive ask for admin priv. and you are all set!

 

Two SSID method seems to work well though in our limited experience

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: