Hello, I have some questions about student devices in dorm rooms and how some other people handle these types of situations.
We currently have 2 SSID's. The primary 802.1x ssid authenticating to clearpass/Active Directory, and an open guest network for guests and devices that dont support 802.1x like xbox's, roku's, playstations stuff like that. We have dhcp fingerprinting rules in place that detect if they are game consoles or home entertainment devices and automatically take then and assign them to the student network while the regular guests stay in the guest network. This works really well from a technical standpoint but its kind of not intuitive and since students dont like to read our instructions for which devices go on which network we get lots of work orders for this. Additionially since its an open network its not very secure. I would prefer to move these devices over to a secure network and leave the guest network for actual guests.
It sounds like EAP-PWD is a better more secure version of WPA-PSK but i cant see to find much in the way of documentation for it. I cant even seem to find much on the way of client support for the standard. Do typical consumer devices like the ones mentions support this? Does anyone ahve a guide on how to actually configure this with Aruba Controllers and Clearpass? I see basic notes for it but not how to actually make it work.
Additionally, what do other users for this? I would be interested to know what other org's do in this scenario. I would prefer to avoid having them register their devices in clearpass and that seems to be kind of a pain and not a great user experience. Ideally i thing my dream is a SSID that is locked down and the only way to get connected to it is via dhcp fingerprinting. Other devices such as phones would connect to the 802.1x network and then real guests would go register on the captive portal.
Thanks in advance, i am very curious to see what others have ended up doing for their students.