ONBOARD USING DUAL SSID
Overview:
This topic is about Device onboard using two SSID. In this scenario I’ll use two SSID. At first user device will connect to one SSID, which is open network, after that user will redirect to CPPM’s captive portal page. When user complete the captive portal authentication, onboard will start to working. It will configure the user device and after completion user will automatically switch to 2nd SSID.
SSID used here
- BYOD-A [Open network ]
- BYOD-B [Secured with WPA2-AES]
Flowchart:
- Log in to the CPPM and go to Home » Onboard + Workspace » Onboard/MDM Configuration » Network Settings
Put the name of the 2nd ssid & select ‘automatically join network’
- Now go to next tab and configure as per your requirement.
- Follow this path Home » Onboard + Workspace » Deployment and Provisioning » Provisioning Settings
Careful about page name, because this name will be your captive portal log in page.
In here it is device provisioning, so the redirection page is
- Go to Home » Onboard + Workspace » Deployment and Provisioning » Configuration Profiles and choose you Provisioning profile.
- Open Configuration » Enforcement » Profiles » Here I’ll configure one enforcement profile.
- Now go to Configuration » Enforcement » Policies » to configure an enforcement policy & configure two authentication method, PAP & EAP-TLS.
- Switch to Configuration » Identity » Local Users and assign the same role as assign in policy.
- Open Configuration » Services » and configure a service
- Here I added two SSID in service , so that the 2nd service is not required.
- Check the configuration of rest of the service
- Here I’m using only two authentication method because 1st time due to captive portal user will use PAP, & in meantime when using quickconnect app it’ll complete another authentication using PAP, after that it will use EAP-TLS to complete onboarding.
- Now log in to controller to configure WLAN profile.
OUTPUT
At first I’ll connect to BYOD-A [open network]. You can see here my credential is correct so it gives me the quickconnect download link.
Here it’s showing me warning that, you may attempt to connect to the secure network BYOD-B, that’s what I want.
NOTE: This tutorial may have some flaws.
There are probably alternative or better ways of achieving this.
THANK YOU