For what it is worth, we are a fairly new Aruba customer and we chose these options:
1. An 802.1X wireless SSID for "smart" devices that can handle it. Pushed an Active Directory policy to school-owned Windows machines to set up the connection automatically. Have online instructions for students to use for BYOD devices (but students don't really read these days, so the helpdesk sees action from this).
2. An open SSID for "dumb" devices that can't do 802.1X such as DVD players, TVs, etc. Students are sent to ClearPass Guest to register their devices by MAC address and choose any AirPlay sharing settings - this does NOT consume a guest license, only a standard ClearPass license. School-owned devices are registered by IT as a known endpoint in main ClearPass.
3. An open Guest SSID that uses the controller's portal and authenticates against a specific Active Directory container of guest IDs that we already had created in a previous life and given out to different departments. We already tie almost everything to Active Directory, so for now we continue to change the passwords for these guest IDs regularly and send instructions to each department to hand them out as they see fit.
4. We have a Cisco switch infrastructure and are in the process of changing the wired ports in student areas to authenticate against ClearPass via 802.1X with fall back to MAB (Mac Auth Bypass). This works OK, but is one more thing that students have to figure out. We are considering making it so that if they fail authentication, they are in a controlled VLAN that hijacks DNS and takes them to detailed instructions. This is possible in the Cisco config to specify a VLAN when authentication fails.
I'd be curious to know how this stacks up against what other schools are doing. I'd also be curious to hear what you do about blocking routers in dorms. We had hoped to be able to use ClearPass policies to look at the device type that ClearPass detects, but because student devices are registered in ClearPass Guest, it doesn't look like we have that type of data available to use in a policy. So, nothing prevents a student from registering the MAC address of a router and moving right along, and nothing prevents them from registering a Windows machine this way, as well, even though we'd prefer it to be on the 802.1X network instead.