Wireless Access

Reply
Occasional Contributor I

One SSID for multiple authentication types

Afternoon,

 

I am curious if the following is possible... I want to reduce my network from having 3 SSID (Open, Radius, Certificate) to just 1. Below is my current setup.

 

SSID: Onboarding (Open)

Purpose: Users can connect to Onboarding and they are re-directed to our Onboarding solution which provides them with a certificate based connection.

 

SSID: Domain (Domain based Auth with Clearpass/Windows Radius)

Purpose: Company own machines are connected to the wireless via domain based authenication.

 

SSID: Student (Certificated based Auth, CloudPath)

Purpose: Devices which have done through the onboarding procedure.

 

I would love to reduce these down to just 1 SSID which does eerything... does anyone know if that is possible? 

Guru Elite

Re: One SSID for multiple authentication types

You can probably reduce it to two.  An SSID can be shared by devices that have the same encryption.  You can have and (1) Open SSID and a (2) WPA2-AES SSID with PEAP and EAP-TLS.  For the 2nd SSID, you can configure ClearPass to use multiple authentication types and then sort it out with rules:

types.png

That is in general.  The specifics of what you are trying to do will require some logic in terms of Roles in ClearPass and Enforcement Policies/Profiles.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: One SSID for multiple authentication types

I have a similar situation, wanting to reduce the number of SSIDs on campus.  Currently, we have a wpa2-aes SSID.  Could I add wpa2-psk-aes encryption to that SSID for student registered devices (xbox, playstation, tv, etc...), then sort out authentication with Clearpass rules/services as mentioned above?  I'm exploring this right now, but if it is too complicated to sort out the authentication I'll simply bring up another SSID.

 

Thanks,

Jeremy

Highlighted
Guru Elite

Re: One SSID for multiple authentication types

No.

You can only configure one encryption type per SSID.

Back in the day you could mix ciphers like this:

wpa2-psk-tkip

wpa2-psk-aes

 

But you cannot mix encryption types like this:

wpa2-aes

wpa2-psk-aes


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: One SSID for multiple authentication types

Bah :)

Thank you

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: