So it is possible doing somethign liek this
Use the Captive portal im using alredy for students BYOD
In that captive portal i would have:
Sign in
User name:
Password
Below that iw oudl have 2 links
First link: New student?? This like would redirect to the normal Self service captive portal they already got
Second link: New teacher?? This link would send them to the clearpass onboarding process
For the Staff SSID
I would change this EAP PEAP To eap TLS
When the teacher finish the onboaridng process it would connect him to the Staff SSID
Here i got a quetion
IF they do not want to buy onboard License for TEAchers devices AND school devices it is possible just to buy the onboard license for teachers devicews only right?
For the school owned devices guess they would need to manually put the certificate to the users i guess or its possible to use a microsoft CA(all the school devices are on the AD So i could send the certificates Via AD policy....
So in the end i dont know if i can use a CA for the teacher personal devices(that would be the Clearpass and a CA of microsoft for school devices. (in which i can send the Certificates via AD.
Both deveices Will be connecting to one SSID that would be STaff SSID.
Also i woudl need a rule that if its a teacher personal devices use vlan 11
and school devices to vlan 12 for example
Is all this possible?
Or there woudl be a better way?
I bealive that if he just have to buy the onboard license only for teachers owned devices that would be ok for the client.
Cheers
Carlos