Message Image

Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

Skip main navigation (Press Enter).

Wireless Access

last person joined: 19 hours ago

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.

Back to discussions

Expand all | Collapse all

Encrypted Secure Guest Access

This thread has been viewed 1 times

1. Encrypted Secure Guest Access

0 Kudos
benlambert1
Posted Nov 30, 2017 01:09 PM

Reply Reply Privately
Hi, I think I already know the answer, but I've been asked to investigate encrypting our guest network.

Currently we have a single guest SSID that's open and goes to a ClearPass captive portal login.

As I understand it, the only way to have an encrypted guest network is to either use PSK (which isn't really more secure if everyone knows the PSK), or use some sort of complicated CoA trickery after authenticating with CPPM.

Am I correct? Is there another method that works? I have enough issues with people unable to figure out how a captive portal works, it scares me to make it more complicated.

Thanks,
--Ben
2. RE: Encrypted Secure Guest Access

0 Kudos
EMPLOYEE

cappalli
Posted Nov 30, 2017 01:38 PM

Reply Reply Privately
No, you cannot. SSID per encryption type. There's really no complicated CoA type stuff required. Captive portal workflows can work with any authentication method.

If you have ClearPass, PEAP-Public is an option that basically behaves like PSK, but allows you to leverage the security of 802.1X.
3. RE: Encrypted Secure Guest Access

0 Kudos
benlambert1
Posted Nov 30, 2017 03:07 PM

Reply Reply Privately
Thanks Tim!

All I've been able to find is this article: LINK
from the CPPM documentation. Is there any guidance on setting that up on the controllers? Is this even a commonly used solution?

Thanks,
--Ben

Powered by Higher Logic