I would like to create a single SSID for all my wireless requirements, and protect that with a pre-shared key so that other wireless users in the building can't, say, make use of the Guest internet.
At the moment I have the following SSIDs:
1) "Guest" - this is providing a captive portal via Extreme Control via MAC authentication
2) "Internal" - this is doing 802.1x authentication via Extreme Control
3) "MobileIron" - this is doing MAC authentication via Extreme Control
Any corporate device I think I can push the SSID and pre-shared key out via Windows policy. Guest and MobileIron users can simply enter the pre-shared key when they connect.
So handling this through Extreme Control I believe I can do, but not sure what to do about the authentication and redirection methods for combining the SSID's on the wireless controller.
For example: Guest and MobileIron use MAC Auth and Internal uses 802.1x in the 'Auth & Act' section of the WLAN config, see image below first for internal 802.1x
and the following for Guest and Mobileiron:
So is the answer that I simply create the a single SSID, set the mode to 802.1x but also tick the box for 'Enable MAC-Based authentication' - but I don't believe that's going to work for all situations?
Would web redirection at the controller still work for Guest users to Extreme Control captive portal - or does SSID always need to be separate?
The reason I want to combine Guest with a single SSID is that on the wired network if anyone connects to the network that fails authentication it is automatically dropped to the Guest network where they are redirected to a captive portal page and then only get internet access, and want to do the same for wireless as dynamically as it does for wired.
With wired I can set the authentication methods to first use 802.1x then MAC, but not sure I can do that same for wireless - which I think is the sum of the problem?
If you have any experience let me know, many thanks in advance.