Wireless Access

last person joined: 3 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

WPA2 Enterprise in rented rooms

This thread has been viewed 19 times
  • 1.  WPA2 Enterprise in rented rooms

    Posted Sep 09, 2021 08:46 AM
    I'm sure this has been discussed many times before but maybe there's something new and I hope to find assistance from you guys. I'm going to require WPA2-Enterprise auth this Summer, moving away from MAC authentication.

    I already have it working with our RADIUS server so that part it is done. But how do I handle devices that don't support 802.1x like TVs, ROKU, gaming devices, etc. We have a lot of these devices in our rented rooms and, without creating a separate PSK network, I'm not sure how to proceed. What's the recommended way to support these devices in 2021 while still maintaining security?

    Thanks a lot.

    robert henn

  • 2.  RE: WPA2 Enterprise in rented rooms

    Posted Sep 09, 2021 08:55 AM
    I had a WPA2-psk net and used clearpass fingerprints to restrict devices that could connect, clearpass guest page. Let you register a Mac addres and select device type

    Sent from my iPhone

  • 3.  RE: WPA2 Enterprise in rented rooms

    Posted Sep 10, 2021 05:06 AM

    Hi Robert, 

    In line with Alexs' comment, you need another system, like CP, and even then you're not really going to get away from MAC-auth, because those devices still need to have their MAC registered one way or another. We have .1x for enterprise devices, and they connect to a specific WLAN, and are rolling-out MPSK via CP for the 6000 resident rooms we have for which we presently offer no service for connecting non-.1x devices. It's MAC-Auth or bust still! At least with CP in the mix the data that is gathered about the devices is incredibly detailed and easily presented.

    nathan millward

  • 4.  RE: WPA2 Enterprise in rented rooms

    Posted Sep 11, 2021 07:41 AM
    Most of those devices cannot use enterprise-level encryption, so you are definitely left with a PSK network and optionally mac authentication on top of that.  The simplest form would be just PSK.  The most involved and most secure would involve ClearPass with a registration page that ties devices to user accounts and allows users to register their own devices.  I would contact your Aruba Sales Engineer to understand your real options.

    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.