Wireless Access

Contributor II

Encrypted Secure Guest Access

Hi, I think I already know the answer, but I've been asked to investigate encrypting our guest network.


Currently we have a single guest SSID that's open and goes to a ClearPass captive portal login.


As I understand it, the only way to have an encrypted guest network is to either use PSK (which isn't really more secure if everyone knows the PSK), or use some sort of complicated CoA trickery after authenticating with CPPM.


Am I correct? Is there another method that works? I have enough issues with people unable to figure out how a captive portal works, it scares me to make it more complicated.




Guru Elite

Re: Encrypted Secure Guest Access

No, you cannot. SSID per encryption type. There's really no complicated CoA type stuff required. Captive portal workflows can work with any authentication method.


If you have ClearPass, PEAP-Public is an option that basically behaves like PSK, but allows you to leverage the security of 802.1X.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Encrypted Secure Guest Access

Thanks Tim!


All I've been able to find is this article: LINK

from the CPPM documentation. Is there any guidance on setting that up on the controllers? Is this even a commonly used solution?




Search Airheads
Showing results for 
Search instead for 
Did you mean: