@Hephzibah11 wrote:
We have recently implemented Clearpass and one of the things we are doing is enabling users to use headless/IoT devices on the network. We have a specific wireless network designed for those devices that is segregated by VLAN. Was wondering what others were doing as far as either using a PSK or leaving the network open? We are also trying to come up with a name that makes sense for this type of use case and was wondering what others are using?
We are a fairly small private university.
Thanks all.
Hi Hephzibah11,
This will be our first semester offering students the ability to register their "streaming/headless" devices onto our network. What we saw some universties doing - as well as discussions around Airheads - is building SSIDs around encryption type (1-802.1x, 1-Open, 1-PSK, etc) to help free up airtime as each SSID consumes more airtime - and making use of roles for access-management. The Single SSID we've seen other universities call (University-Start), (StartHere), something to lead the users to connect to that SSID first.
Although I've seen several variations. One university had a variation where the initial-role when connecting to the "Start" SSID was internet access - but you could request a guest account to have access to internal resources.
We consolidated our 2 open networks (guest and setup) into a single SSID with (University-Start-Here) that serves three purposes. If a user connects, they are presented with three options (register a guest account, setup a windows/mac computer, or register a streaming device):
- If you self-register and web auth (with mac caching) as a guest account on the SSID - Clearpass returns a guest role with basic access to e-mail, web (http/https), vpn, etc.
- If you register a streaming/headless device (mac auth) as a streaming device on the SSID - Clearpass returns a device role with internet access and some internal access (for casting, printing, etc)
- Some form of configuration/onboard utility for getting laptops onto the secure 801.1x SSID.