Wireless Access

Afternoon,

I am curious if the following is possible... I want to reduce my network from having 3 SSID (Open, Radius, Certificate) to just 1. Below is my current setup.

SSID: Onboarding (Open)

Purpose: Users can connect to Onboarding and they are re-directed to our Onboarding solution which provides them with a certificate based connection.

SSID: Domain (Domain based Auth with Clearpass/Windows Radius)

Purpose: Company own machines are connected to the wireless via domain based authenication.

SSID: Student (Certificated based Auth, CloudPath)

Purpose: Devices which have done through the onboarding procedure.

I would love to reduce these down to just 1 SSID which does eerything... does anyone know if that is possible? 

You can probably reduce it to two.  An SSID can be shared by devices that have the same encryption.  You can have and (1) Open SSID and a (2) WPA2-AES SSID with PEAP and EAP-TLS.  For the 2nd SSID, you can configure ClearPass to use multiple authentication types and then sort it out with rules:

That is in general.  The specifics of what you are trying to do will require some logic in terms of Roles in ClearPass and Enforcement Policies/Profiles.

I have a similar situation, wanting to reduce the number of SSIDs on campus.  Currently, we have a wpa2-aes SSID.  Could I add wpa2-psk-aes encryption to that SSID for student registered devices (xbox, playstation, tv, etc...), then sort out authentication with Clearpass rules/services as mentioned above?  I'm exploring this right now, but if it is too complicated to sort out the authentication I'll simply bring up another SSID.

Thanks,

Jeremy

No.

You can only configure one encryption type per SSID.

Back in the day you could mix ciphers like this:

wpa2-psk-tkip

wpa2-psk-aes

But you cannot mix encryption types like this:

wpa2-aes

wpa2-psk-aes

Bah :)

Thank you