Frequent Contributor I

OnBoard Single SSID vs Two SSID Provisioning

I am trying to come up with the pro/cons of using a single SSID for provisioning/provisioned devices vs using two SSIDs (open network for provisioning and 802.1X network for provisioned devices).  


As I see it, with the single SSID, you have the issue of manually configuring non-domain Windows laptops for 802.1X prior to OnBoarding.  Other devices (Macs, iOS, Android) are easier to handle.  


Using two SSIDs solves that problem but I am wondering if it will introduce any others?  Will OnBoarded devices automatically switch over to the provisioned network after OnBoarding?   Is there anything else I need to take into account?


Guru Elite

Re: OnBoard Single SSID vs Two SSID Provisioning


On boarding from a second SSID like from a link on a guest network makes things much easier for your users that do not know how to connect to a 802.1x in the first place. That is an excellent strategy.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: OnBoard Single SSID vs Two SSID Provisioning

And yes - the onboarding process adds the second ssid to the device and switches them over as the last stage.

John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor I

Re: OnBoard Single SSID vs Two SSID Provisioning

Thanks!  I figured as much.  I just wanted to make sure there were no other caveats associated with this design.  


Re: OnBoard Single SSID vs Two SSID Provisioning

We did the two SSID method.


We built a Captive Portal that has a bunch of menu options for our users to select.

Connect to the SSID and what not.


You can also provide them with an XML file and a small batch script that will automatically configure their Windows laptops for 802.1x authentication.


Wrap it all in an SFX archive and have the archive ask for admin priv. and you are all set!


Two SSID method seems to work well though in our limited experience

Search Airheads
Showing results for 
Search instead for 
Did you mean: