Wireless Access

Here is the scenario.

Two SSIDs being broadcast at a location.

One is 802.11x Corporate SSID (let us call it A) the other is Guest SSID (let us call it B).

SSID A is defined by GPO/policy, every device will have it.

Users are able to add the Guest SSID (B) on their own.

Since both these SSIDs are being broadcast and visible to the clients at the same signal strength, will the clients not run into issues and could flap between the two SSIDs ?

I am recommending, if you add the Guest SSID B, remove it after use or better still we should have policy/GPO on Windows, Chromebook and MacBooks that do not allow a users to add the Guest SSID.

I know there are options on devices to set priority, auto connect, prefer network etc. but these appear to have unpredictable outcomes.

Do my above recommendation make sense ?

Add the GUEST SSID with a WPA2-PSK, so that users cannot successfully connect to it for company-owned devices.

 

Typically a device will not flap between two SSIDs if both are added, but you don't want to have to troubleshoot corporate devices that have accidentally connected to the guest SSID.

Device prioritize network connections, so you would just need to make sure Corp SSID is a higher priority then Guest. 

 

I would do something like mentioned before if you want to prevent them from connecting all together.

We handle this on Windows machines by blacklisting the guest SSID via Group Policy. This works great and completely stops users from connecting corporate machines to guest network.

I have not found a good solution for Macs. We’ve tried adding the open guest ssid with an invalid PSK but somehow machines are still ending up connected to the guest network, which ends up causing support tickets about connectivity issues.